Linux Phones

Comparison with Other Phones

Linux phones such as the Librem 5 are a major degradation from Android/iOS. They lack any proper security model and are ridiculously insecure. The points from the Linux article apply to Linux phones fully and there is not yet a single Linux phone with a sane security model. They do not have security features such as full system MAC policies, verified boot, hardened kernels, strong app sandboxing etc. that modern Android phones do.

Distros like PureOS are not secure at all. They're mostly a reskinned Debian. They enable AppArmor but most processes still run unconfined so it's mostly useless. They change a few security-relevant settings but these are also mostly useless as they don't even apply the exec-shield patch so that sysctl doesn't exist, disabling kexec is to prevent root from booting a malicious kernel but root can do so many other things to modify the kernel such as loading a kernel module, hiding kernel symbols from /proc ignores the fact that they're clearly visible in and finally, disabling source routing is already a Debian default. PureOS also uses linux-libre which prevents you from loading any firmware updates and the Librem 5 prevents you from even flashing new firmware manually which leaves you with insecure firmware with known vulnerabilities.

The hardware lacks many modern security features like proper verified boot, hardware backed keystore (some PGP smartcard is not the same) and more.

Although, one way to fix the issues in software would be to install a more sane OS like Android or its derivatives such as GrapheneOS if support for the hardware was added. Keep in mind though that it would still lack important hardware and firmware security features like verified boot so it still isn't close to a normal Android device.

These devices are also not open hardware/firmware unlike what they try to claim. The majority of the hardware/firmware is still proprietary.

Hardware Kill Switches

Hardware kill switches are nothing but marketing frills.

The microphone kill switch is useless since audio can still be gotten via the sensors (such as the gyroscope). While the Librem 5 does have a "lockdown mode" that disables the sensors, it also requires flipping all of the other switches, including the network ones which effectively turns your device into a brick just to prevent audio recording.

The network kill switch is useless since the attacker will just wait until you turn them back on again to exfiltrate data. If you need to disable network access, you can use airplane mode.

The camera kill switch can be useful as a small usability improvement but it is really no better than some tape.

Modem Isolation

Modem isolation isn't anything special. Qualcomm SoCs have isolated the modem via an IOMMU for years. The way the Librem 5 isolates the modem is via the Linux kernel USB stack which is not a strong barrier as shown in the Linux article.

There is also a lot of misinformation about how the modem being on a separate chip means it's isolated. This is completely untrue. Just look at how FireWire for example can be used for DMA yet it's completely separate from the rest of the hardware. Whether the modem is on a separate chip or not is irrelevant to if it's isolated.

Go back