Hacker News new | past | comments | ask | show | jobs | submit login

See also the OnePlus One with Cyanogenmod 11, $299 unlocked, but for now can't be purchased without an invite.

CM11 hardening: https://blog.torproject.org/blog/mission-impossible-hardenin...




The OnePlus One can be purchased without an invite[1][2], it's far more expensive, but purchasable.

[1] http://www.ishoppstore.com/en/quad-core/4707-oneplus-one-55-...

[2] http://www.gsmarena.com/oneplus_one_in_stock_at_one_retailer...


The most crucial step in that recipe is using a device without a GSM baseband. That rules out anything sold as a 'phone,' such as the OnePlus One.


I think that's possibly overkill. Provided the baseband processor is independent of the apps processor, communicates over a managed bus (usb, high speed serial, dedicated dual-port ram), instead of having direct access to main system memory, and the apps processor has the ability to power it up and down at will, you're in a pretty good state and you can still hop on a cellular voice or data network when you want to.

This scenario is true of plenty of smartphones shipping today, but of course it's not something that manufacturers advertise and it's potentially difficult to verify.

One should probably also be concerned about wifi firmware, though smartphone wifi is almost exclusively connected via sdio and not able to directly affect main memory.

The biggest concern in systems where baseband and wifi radios are not-too-deeply integrated is driver bugs where input from those subsystems is overly-trusted or not adequately validated -- of course solid drivers should never trust the hardware, even if not actively malicious, it can be horribly buggy.


Which phones have this memory architecture vs. dma?


I know no recent LTE baseband phones that have this isolation.


Galaxy Nexus did (though that's not particularly recent).

I suspect most Tegra-based devices do -- though they introduced a combo apps/model Tegra 4i last year, which likely shares resources.

Generally if it has a standalone apps processor that's provided by a different vendor than the modem it probably does.

Even with unified apps/modem designs, some newer SoCs are designed to provide isolation between the cores, but from a tinfoil hat perspective that requires you to trust the SoC vendor (and perhaps the fab), so if you're paranoid you'd probably avoid any combo designs.


Thanks for the reminder.

For those who understand why that's important, what do you think about CM11 on a Samsung Galaxy Player (no GSM), using wifi VPN to a cheap phone/hotspot which does have GSM baseband, e.g. Firefox phone? Or two Firefox phones, if Android apps aren't important?


Without GSM, you only eliminate the excuse for a baseband backdoor. How do you eliminate their motivation for adding the backdoor? What if they put it it another chip connected to the bus?


Motivation is likely stable :)

Some protection against malicious firmware/hardware can come from ARM's IOMMU with an open-source Type-1 hypervisor, but these are not mainstream yet.

Whatever the technical merits of Blackphone, their marketing is increasing awareness of mobile security. If they can prove demand for this category of solution, it will increase security audits of all mobile hardware & software stacks.


> their marketing is increasing awareness of mobile security

That I agree and I really hope that it works. But on that note, I don't like the name Blackphone. When I hear "black" I associate it with nefarious activities; and that meaning suggests that only those with criminal purposes need privacy.


Project ARA can't ship fast enough.


Yes, will be interesting to see how Android will support distribution of drivers to customers for modular hardware components.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: