Blackphone, a “secure” cellular phone was launched earlier this week. To be honest, I am a bit disappointed with this device, especially their choice to run an AOSP based ROM. Of course, the very notion of a ‘secure’ cellular phone is a misnomer. No matter how great their platform is, you’re always going to be carrying a portable tracking beacon.

What Secrets Lurk In Your Cellphone Baseband


It was only a few months ago that we heard of a DoS for Android devices that mishandled the reception of a bunch of class 0 SMS messages, and the astute readers of this blog will recall this was fixed in Android 4.4 (at least for the Nexus branded devices).

I have spent my spare time playing with cellular basebands from a variety of cellphones of all operating system persuasions and at the risk of sounding alarmist will state – perhaps prematurely – that there are certain “features” that you, the owner of the cellular device likely don’t know about that could potentially violate your privacy in ways that you potentially haven’t even considered. We’re not just talking about relatively well known issues like the misuse of malformed class zero SMS messages as a way to “ping” phones to generate network traffic and thus assist with geolocation. This goes beyond that.

Anyone with a cellular phone needs to know that even if you run an AOSP build that you self compiled (and carefully source audited) that those binary blob drivers – often from Qualcomm – and the cellular baseband in its entirety may betray your attempts at achieving the privacy that should be a basic human right.

I been somewhat surprised at E911 and the way some carriers have implemented this “feature” – which can be invoked without 911 or 112 being dialed, but the real juicy stuff is buried deep in your phone. The ability to listen to your microphone without your consent or knowledge has been documented as fact and known by the FBI, an organization that is proud of stepping on the constitutional rights of Americans, as a “roving bug”.

I would argue that there would be a void in the market for a cellular phone that is provably secure (of course software can have bugs, but at least lay everything on the table and have some of the brightest minds in our industry examine it – keeping the number of lines of code down will make this task easier) and furthermore incorporates integrated encryption – not just over UMTS or other mobile IP services – but over the standard and GSM compressed voice channel. Although quality may be average this has been a long sought after feature.

That said – nothing will ever stop your carrier from finding you using radiolocation. Unfortunately this is just something we cannot design out.


OSNews has a interesting article on the potential security vulnerability goldmine that is the modern phone baseband. I have a lot more to add to this subject including how the baseband could covertly aid the surveillance of a phone user, but I will leave this for a more thoroughly researched article that I will no doubt place upon this blog at some point in the near future (think E911 geolocation and remote enabling of autoanswer to create a “walking bug” as the FBI has been known to call them)