Mobile Device Security

"Security" here is intended to mean as in keeping the device and it's data safe from unauthorized access, coping or transmission.

Threats to security

  • Physical theft / lack of custody
  • Malware in the Hardware (that you bought)
  • Malware in the Operating System or Firmware (that you, the mobile provider or the manufacturer loaded very rarely)
  • Malware in the Software and/or inappropriate permissions
  • In the case of data synconysied with other parties  they increase scope
    • Free Services - you are the product

Physical theft / lack of custody

EncryptionDoes encryption help

Identify threats

If it's free, you are the product

 

Isolate DNS (see what is being looked for)

Block port 853 to prevent RFC7858 traffic

Leave SIM out to ensure only wireless data is possible (I accept that there is still a GSM module and that in a very minute edge case there could be data hidden in GSM traffic unauthenticated by the Mobile provider, but I have to assume this is unlikely - since it would at least require passive collusion by the mobile provider)

 

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

My experience is wholly around Android and Samsung, specificlaly the Galaxy S5.  Some aspects might be applicable to other operating systems and devices.

Galaxy S5 (2015)I have 2 Galaxy S5's, the first since 2015 running LineageOS 14 (Android 7) and the second since 2019 running LineageOS 16 (Android 9).

Galaxy S5 (2019)