Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org>
---
freedom-privacy-security-issues.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/freedom-privacy-security-issues.php
b/freedom-privacy-security-issues.php
index f62c702..35fc430 100644
--- a/freedom-privacy-security-issues.php
+++ b/freedom-privacy-security-issues.php
@@ -12,7 +12,7 @@
<h3>The current situation of freedom and
privacy/security on mobile devices</h3>
<p>A mobile device respecting the users' freedom would
have:<ul><li>Free hardware</li><li>Free firmwares</li><li>Free modem
system</li><li>Free bootrom and bootloader</li><li>Free system and
applications</li></ul>Regarding <a href="#free-hardware">free hardware</a>, it
barely exist as of today. The ways of modifying existing hardware are very
limited. Because of that, new versions of the hardware have to be produced to
carry the modifications, and this is expensive. While producing printed circuit
boards (PCBs) costs a lot of money, producing integrated circuits is out of
reach. A few devices come with schematics, or full design files for the PCB,
but that's usually as far as it gets. Hence, totally-free hardware doesn't
exist yet. While design for FPGAs do exist in free software licenses, FPGAs are
not practical enough to be used to replace ASICs in smartphones, and most of
them even proprietary software tools.</p>
<p>Firmwares running inside integrated circuits are
most of the time proprietary. While free firmwares are hard to write, some
exist for very specific hardware (e.g. <a href="//www.arduino.cc/">Arduino</a>,
<a href="//dangerousprototypes.com/docs/Bus_Pirate">Bus Pirate</a>) and
sometimes, manufacturers can liberate firmwares running in their integrated
circuits (e.g. <a
href="//github.com/qca/open-ath9k-htc-firmware">ath9k_htc</a>). However, it is
not always possible to even replace those firmwares: some are loaded to the
integrated circuit by the main CPU but some others reside in separate storage
that is loaded by that integrated circuit. In that case, we wound't be able to
tell the difference with an integrated circuit lacking any storage. With
seperate storage, the firmware cannot easily be updated to a free
replacement.</p>
- <p><a
href="images/freedom-privacy-security-issues/bad-modem-isolation.png"
data-lightbox="current-situation" data-title="Bad modem isolation"><img
src="images/freedom-privacy-security-issues/bad-modem-isolation.png" alt="Bad
modem isolation" style="width: 250px; float: left;"/></a>The modem system on
telephony-enabled mobile devices is always proprietary. While <a
href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it
only runs on some old feature phones or or the openmoko smartphones modem. It
currently requires a host computer to operate and is not certified to run on
public networks. Despite this situation, the modem remains a crucial part for
privacy/security: it is nearly always connected to the GSM network, allowing
for <a href="//www.gnu.org/philosophy/malware-mobiles.html">remote control</a>.
The modem can be more or less damaging to privacy/security depending on what
hardware it has access to and can control. That is to say, how isolated it
is from
the rest of the device.<br /><br />A device with bad modem isolation would
allow the modem to access and control key parts of the hardware, such as the
RAM, storage, GPS, camera, user I/O and microphone. This situation is terrible
for privacy/security as it provides plenty of ways to efficiently spy on the
user, triggered remotely over the mobile telephony network. Those are
accessible to the mobile telephony operator, but also to attackers setting up
fake base stations for that purpose. <a
href="images/freedom-privacy-security-issues/good-modem-isolation.png"
data-lightbox="current-situation" data-title="Good modem isolation"><img
src="images/freedom-privacy-security-issues/good-modem-isolation.png" alt="Good
modem isolation" style="width: 250px; float: right;"/></a>On the other hand,
when the modem is well-isolated from the rest of the device, it is limited to
communicating directly with the SoC and can only access the device's microphone
when allowed by the SoC. It is th
en stric
tly limited to accessing what it really needs, which considerably reduces its
opportunities to spy on the user. While it doesn't solve any of the freedom
issues, having an isolated modem is a big step forward for privacy/security.
However, it is nearly impossible to be entirely sure that the modem is actually
isolated, as any documentation about the device cannot be trusted, due to the
lack of effective hardware freedom. On the other hand, it is possible to know
that the modem is not isolated, when there is proof that it can access hardware
that could be used to spy on the user.</p>
+ <p><a
href="images/freedom-privacy-security-issues/bad-modem-isolation.png"
data-lightbox="current-situation" data-title="Bad modem isolation"><img
src="images/freedom-privacy-security-issues/bad-modem-isolation.png" alt="Bad
modem isolation" style="width: 250px; float: left;"/></a>The modem system on
telephony-enabled mobile devices is always proprietary. While <a
href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it
only runs on some old feature phones or or the openmoko smartphones modem. It
currently requires a host computer to operate and is not certified to run on
public networks. Despite this situation, the modem remains a crucial part for
privacy/security: it is nearly always connected to the GSM network, allowing
for <a href="//www.gnu.org/philosophy/malware-mobiles.html">remote control</a>.
The modem can be more or less damaging to privacy/security depending on what
hardware it has access to and can control. That is to say, how isolated it
is from
the rest of the device.<br /><br />A device with bad modem isolation cannot
prevent the modem from accessing and controling key parts of the hardware. For
instance the main CPU's RAM, its storage, the GPS, the camera, user I/O and the
microphone. This situation is terrible for privacy/security as it provides
plenty of opportunities to efficiently spy on the user, that could be triggered
remotely over the mobile telephony network. That mobile telephony network is
accessible to the mobile telephony operator, but also to attackers setting up
fake base stations for that purpose. <a
href="images/freedom-privacy-security-issues/good-modem-isolation.png"
data-lightbox="current-situation" data-title="Good modem isolation"><img
src="images/freedom-privacy-security-issues/good-modem-isolation.png" alt="Good
modem isolation" style="width: 250px; float: right;"/></a>On the other hand,
when the modem is well-isolated from the rest of the device, it is limited to
communicating directly w
ith the
SoC and can only access the device's microphone when allowed by the SoC. It is
then strictly limited to accessing what it really needs, which considerably
reduces its opportunities to spy on the user. While it doesn't solve any of the
freedom issues, having an isolated modem is a big step forward for
privacy/security. However, it is nearly impossible to be entirely sure that the
modem is actually isolated, as any documentation about the device cannot be
trusted, due to the lack of effective hardware freedom. On the other hand, it
is possible to know that the modem is not isolated, when there is proof that it
can access hardware that could be used to spy on the user.</p>
<p>Looking at the software that runs early on the SoC,
the first component is the bootrom. It is always proprietary and is stored in
read-only memory, so it cannot be changed (in that case, it almost seems to
behave like hardware). However, regarding the bootloader, the situation is
different for each platform. There are actually multiple stages of bootloaders,
some of which can be free. However, it also occurs that the bootloaders are
cryptographically signed with a private key. In that case, the bootrom will
check the signature against a public key that cannot be replaced and only run
the bootloader if the signature matches. That sort of tivoization prevents
replacing pre-installed bootloaders, even when their sources are released as
free software. There are some good platforms that don't perform such signature
checks and can run free bootloaders (e.g. Allwinner Ax, TI OMAP
General-Purpose).</p>
<p><a
href="images/freedom-privacy-security-issues/operating-system.png"
data-lightbox="current-situation" data-title="Mobile operating system"><img
src="images/freedom-privacy-security-issues/operating-system.png" alt="Mobile
operating system" style="width: 250px; float: left;"/></a>The biggest part of
the software running on a mobile device is the operating system, that runs on
the main CPU. It has access to most integrated circuits (I/O, camera,
microphone, GPS, etc) as well as the user's data and communications. It is the
most critical part for privacy/security and is also very important for free
software as it interacts with the user directly and holds knowledge about
communication with the hardware. Many mobile operating systems are mostly free
software (e.g. <a href="//www.android.com/">Android</a>, <a
href="//mozilla.org/firefox/os">Firefox OS</a>, <a
href="//ubuntu.com/phone">Ubuntu Touch</a>, <a
href="//www.tizen.org/">Tizen</a>), as they use the <a href="//www.
kernel.o
rg/">Linux kernel</a>, a free framework and ship with free base applications.
However, the user-space hardware abstraction layers are for the most part
proprietary (it varies from one device to another) and they also ship with
proprietary loaded firmwares for various integrated circuits. Every piece of
proprietary software running on the system is a risk for privacy/security as
they can offer <a href="//www.gnu.org/philosophy/malware-mobiles.html">remote
access back-doors</a> and compromise the rest of the system.<br />None of these
mostly-free systems have a clear policy to reject proprietary software and not
advocate its use, except for Replicant.</p>
<p>While the operating system is a very important piece
of software, it doesn't ship with applications that cover the wide spectrum of
activities that a mobile device is expected to provide. Thankfully, plenty of
free software applications exist for each kind of (mostly-)free operating
system, sometimes gathered in free software application stores (such as <a
href="//www.f-droid.org/">F-Droid</a> for Android systems).</p>
--
2.7.2
_______________________________________________
Replicant mailing list
Replicant@lists.osuosl.org
http://lists.osuosl.org/mailman/listinfo/replicant
