How much more secure are older low tech phones than the more modern ones
January 4, 2014 2:38 PM Subscribe
Are older phones or phones designed for poorer countries any less susceptible to spying than the latest Apple, Google or Android models? I've read about CEO's looking for the very old brick phones because since they don't have the sophisticated technology of the modern phones, they're harder to monitor or track. I understand the phones w/o apps are clearly more secure regarding third parties because they aren't sending personal data to companies. But what the government and everything else; voice, location via cell towers, SMS; the very basics.
The very very old school cellular phones didn't even have encryption so you could go up on a hill with an antenna and listen in on a conversation like it was radio.
posted by St. Peepsburg at 2:48 PM on January 4, 2014 [3 favorites]
posted by St. Peepsburg at 2:48 PM on January 4, 2014 [3 favorites]
The older phones are actually less secure, as St. Peepsburg says, but some things the brick phones have going for them are less precise location data (you could track an older phone to the closest cell tower), no camera or always on mic, or software to get messed with, and the fact that the bricks get signal in places that other phones will not. That was one of the brick's selling points to travelling salespeople. You can be in the middle of nowhere and the brick will likely get a signal.
posted by efalk at 3:04 PM on January 4, 2014
posted by efalk at 3:04 PM on January 4, 2014
I am sure someone will come along and tell me why this may be wrong, but I would think that if you wanted additional layers of security on a cell phone you'd pay cash for a basic burner and a top off card from Walgreens or similar. Don't use a computer to activate it.
Extra layers of security would be having someone outside your area code purchasing it and activating it then mailing it to you. New phone each month with a new number would be another layer.
I would think any phone, especially cell, would be vulnerable so the trick would be to minimize vectors to identifying what phone is yours. Purchase information, phone number, area of activation and use, length of ownership, are all vulnerabilities (most likely I am missing more than a few). Minimize those and you likely have more security from 3rd party eavesdropping.
posted by edgeways at 3:05 PM on January 4, 2014
Extra layers of security would be having someone outside your area code purchasing it and activating it then mailing it to you. New phone each month with a new number would be another layer.
I would think any phone, especially cell, would be vulnerable so the trick would be to minimize vectors to identifying what phone is yours. Purchase information, phone number, area of activation and use, length of ownership, are all vulnerabilities (most likely I am missing more than a few). Minimize those and you likely have more security from 3rd party eavesdropping.
posted by edgeways at 3:05 PM on January 4, 2014
I strongly doubt that older phones would be more secure, especially with specific attacks that would be used against high value targets.
Let's not romanticize the old phones - most had:
- pitifully low software quality standards, which makes the existence of security vulnerabilities much more likely, since they were written by hardware devs
- very low chance of being audited for security issues, and zero chance of having updates available to close those security issues
- lots of backdoors available to carriers for convenience features - sync backup, sms backup, phone / person locator, etc are custom features that are wholly controlled by the carriers and could be hijacked - and these often cannot be removed
- easily "rooted" and reinstalled with custom firmware that could contain loggers
You should assume that SMS, voice and location are already tracked by the carriers and is already a govt. request away.
posted by meowzilla at 3:06 PM on January 4, 2014
Let's not romanticize the old phones - most had:
- pitifully low software quality standards, which makes the existence of security vulnerabilities much more likely, since they were written by hardware devs
- very low chance of being audited for security issues, and zero chance of having updates available to close those security issues
- lots of backdoors available to carriers for convenience features - sync backup, sms backup, phone / person locator, etc are custom features that are wholly controlled by the carriers and could be hijacked - and these often cannot be removed
- easily "rooted" and reinstalled with custom firmware that could contain loggers
You should assume that SMS, voice and location are already tracked by the carriers and is already a govt. request away.
posted by meowzilla at 3:06 PM on January 4, 2014
The powers that be have had a a commensurately longer time to subvert older phones. So even if they were more secure, which they probably aren't; given the time they are surely hacked.
Plus government level entities have tower or network access anyway, where the phone is irrelevant.
posted by TheAdamist at 3:07 PM on January 4, 2014
Plus government level entities have tower or network access anyway, where the phone is irrelevant.
posted by TheAdamist at 3:07 PM on January 4, 2014
Bag/brick phones tend to be analogue. Good luck finding analogue coverage these days.
posted by scruss at 3:17 PM on January 4, 2014
posted by scruss at 3:17 PM on January 4, 2014
And older phones also had their own app stores, which is another way for outside parties to run external code on the phones. The security of these app stores is probably lower than Apple's / Google's, and the sandbox these apps run in is also probably less secure too. Many of these apps are built with technology with widely known flaws, like Java from five years ago.
posted by meowzilla at 3:26 PM on January 4, 2014
posted by meowzilla at 3:26 PM on January 4, 2014
To correctly answer your question we would have to agree on a threat model before we start to argue details. To give a short incomplete example:
Briefly, we can start with who do you imagine your adversaries are (all assuming a US company)?
- International signal intelligence (e.g NSA, GCHQ, FRA)
- International signal intelligence of nation state adversaries (e.g chinese intelligense)
- Local signal intelligence
- Competing multinational corporations
- Organized crime
- Internet activists
- etc.
What resources do you think they have?
- Possibility to monitor inter-country phone lines
- Possibility to monitor internet traffic
- Possibility to modify traffic to or from the phones
- Physical access to the phones
- etc.
What are the goals of your adversaries:
- Monitor your activity
- Observer business deals with competitors
- Listen to your phone calls
- Use your phone as a surveillance tool
- Access local information stored on the device
- etc.
Where will the devices be used:
I feel that old or new mobile phones wont make any difference in a company unless you start to answer these kind of questions and design your IT policy in respect to the threat model you think are appropriate for your company.
If this was a question of personal (not corporate) security, local security such as pass-codes, backups and physical security
posted by rpn at 4:44 PM on January 4, 2014
Briefly, we can start with who do you imagine your adversaries are (all assuming a US company)?
- International signal intelligence (e.g NSA, GCHQ, FRA)
- International signal intelligence of nation state adversaries (e.g chinese intelligense)
- Local signal intelligence
- Competing multinational corporations
- Organized crime
- Internet activists
- etc.
What resources do you think they have?
- Possibility to monitor inter-country phone lines
- Possibility to monitor internet traffic
- Possibility to modify traffic to or from the phones
- Physical access to the phones
- etc.
What are the goals of your adversaries:
- Monitor your activity
- Observer business deals with competitors
- Listen to your phone calls
- Use your phone as a surveillance tool
- Access local information stored on the device
- etc.
Where will the devices be used:
I feel that old or new mobile phones wont make any difference in a company unless you start to answer these kind of questions and design your IT policy in respect to the threat model you think are appropriate for your company.
If this was a question of personal (not corporate) security, local security such as pass-codes, backups and physical security
posted by rpn at 4:44 PM on January 4, 2014
In short, they're not, and for one really big reason: A5/1 encryption. Newer phones can speak A5/1, but will usually default to stronger more-modern ciphers. Encryption used by older phones is now well within the capabilities of a well-funded hobbyist to break.
posted by TheNewWazoo at 4:58 PM on January 4, 2014
posted by TheNewWazoo at 4:58 PM on January 4, 2014
I'm talking about the actual wireless communication above, btw.
There is no appreciable difference between an older phone and a newer one in terms of access to the carrier, and doing things like cell tower triangulation. E911 phase 2 A-GPS support has been built into every phone since 2005 (and many before), so we're talking about 9+ year old phones. Basically, the carrier is beholden to the authorities (and will immediately kowtow to them), and cannot be considered to be a trusted communication channel.
posted by TheNewWazoo at 5:03 PM on January 4, 2014
There is no appreciable difference between an older phone and a newer one in terms of access to the carrier, and doing things like cell tower triangulation. E911 phase 2 A-GPS support has been built into every phone since 2005 (and many before), so we're talking about 9+ year old phones. Basically, the carrier is beholden to the authorities (and will immediately kowtow to them), and cannot be considered to be a trusted communication channel.
posted by TheNewWazoo at 5:03 PM on January 4, 2014
The corded "brick" phones you got from the phone company were 20 times stronger than they needed to be and last forever. I have one in my apartment in case the electricity goes off.
The NSA listens to every phone call, even those made with a corded phone. If you believe them, they record "only" metadata - where you call from, whom you call and how long you talk. For calls made to numbers outside the U.S., and to foreign-to-foreign calls, they also record the conversations. The prime ministers of Germany and Brazil are among those tapped.
Also, countries such as Canada, Britain and even New Zealand record call contents all over the world and give them to the NSA.
To most of us, it means little. My brother called me last night and we talked about his kids, the cold weather and his wife's arthritic car. The NSA wants to filter out these calls, not record them.
I keep my cell phone turned off unless I'm making a call, more to save the battery than to prevent myself from being tracked. My car has GPS, which I'm glad for, since it can guide an ambulance to my exact position if I crash.
posted by KRS at 7:40 AM on January 5, 2014
The NSA listens to every phone call, even those made with a corded phone. If you believe them, they record "only" metadata - where you call from, whom you call and how long you talk. For calls made to numbers outside the U.S., and to foreign-to-foreign calls, they also record the conversations. The prime ministers of Germany and Brazil are among those tapped.
Also, countries such as Canada, Britain and even New Zealand record call contents all over the world and give them to the NSA.
To most of us, it means little. My brother called me last night and we talked about his kids, the cold weather and his wife's arthritic car. The NSA wants to filter out these calls, not record them.
I keep my cell phone turned off unless I'm making a call, more to save the battery than to prevent myself from being tracked. My car has GPS, which I'm glad for, since it can guide an ambulance to my exact position if I crash.
posted by KRS at 7:40 AM on January 5, 2014
This thread is closed to new comments.
posted by CollectiveMind at 2:39 PM on January 4, 2014