Reason for openmoko - bugsafe?

Peter Trapp openmoko at genial.ms
Sun Jul 15 21:06:44 CEST 2007


Hi all,

I've read the article in German. They are written about a stuff like this:


Fabien schrieb:
> Just to (hopefully) clarify: I've read, probably from some very 
> unreliable internet source, about a scheme where police make the 
> carrier uploads an "improved" firmware over the air, which turns the 
> phone into a microphone, even when not calling; it changes the 
> shutdown function into a "pretend to shutdown yet go on spying"; the 
> only fix would then be to remove batteries.
>
As source "heise" cites an article from the very common political 
magazin "Spiegel"...

Beside of updating the phone with an "improved firmware" they talking 
about using different signals (my 2cent: not mentioned in more detail) 
to switch on the hands-free set to be able to record/listen to    the 
environment noise of the phone -- as long as the phone is switched on.

The second possibility mentioned in the news is that the phone will be 
switched to a "switched off" mode by turning off the screen and the 
speaker. In fact the mobile is still connected to the provider. 
Therefore the police has to work together with the provider (my 2cent: 
as mentioned above from Fabien via the firmware).

And last but not least, the third method to change the phone to be able 
as a bug is to hack the mobile via BT, WLAN or IR and dropping a 
trojaner into it.


my 2cents (only short):
I think these parts has to be discussed more separatly.

At least the third point (hacking the phone) can be handled and improved 
here. (using firewall, monitor, ...)

And also the 2nd one is more difficult using a freed phone (as also 
stated from Fabien see below).

For the first one. I'm not sure about the "signals" they're using. More 
technical detail are necessary (at least for me :) ).

> If you're talking about this, let's say that this kind of scheme is 
> much harder to implement on an open-source phone, especially if you 
> can run an arbitrary set of monitoring applications on it. It's not 
> theoretically impossible, but probably completely impractical, even 
> for a rogue state agency.
>


Sorry for my bad english. Hope that helps to clarify the Topic...

cheers
-homyx








More information about the community mailing list