I didn’t find a thread for discussing Technical Aspects of IT and related Infrastructure related to security So here one it.
We recently had an action in WA where the police knew what we were planning and told our Police Liaison so when they first made contact. We were not particularly secretive about our intentions so there is nothing to show that the police did not simply gain this information through good old detective work and putting two and two together, but it does prompt us to review our security processes. So here is an Interesting article about the technical possibility of phones to be used for spying. Bare in mind that this sort of recording breaks every privacy agreement I’ve ever read, so I don’t believe phone companies are doing it across the board on a regular basis. This article just explains what is technically possible especially with a warrant.
A device with bad modem isolation cannot prevent the modem from accessing and controlling key parts of the hardware. For instance the main CPU’s RAM, its storage, the GPS, the camera, user I/O and the microphone. This situation is terrible for privacy/security as it provides plenty of opportunities to efficiently spy on the user, that could be triggered remotely over the mobile telephony network. That mobile telephony network is accessible to the mobile telephony operator, but also to attackers setting up fake base stations for that purpose.
On the other hand, when the modem is well-isolated from the rest of the device, it is limited to communicating directly with the SoC and can only access the device’s microphone when allowed by the SoC. It is then strictly limited to accessing what it really needs, which considerably reduces its opportunities to spy on the user. While it doesn’t solve any of the freedom issues, having an isolated modem is a big step forward for privacy/security. However, it is nearly impossible to be entirely sure that the modem is actually isolated, as any documentation about the device cannot be trusted, due to the lack of effective hardware freedom. On the other hand, it is possible to know that the modem is not isolated, when there is proof that it can access hardware that could be used to spy on the user.