Linux Phones

Comparison with Other Phones

Linux phones such as the Librem 5 are a major degradation from Android/iOS. They lack any proper security model and are ridiculously insecure. The comments from the Linux article apply to Linux phones fully and there is not yet a single Linux phone with a sane security model. They do not have security features such as full system MAC policies, verified boot, hardened kernels, app sandboxing etc. that modern Android phones do.

Distros like PureOS are not secure at all. They're mostly a reskinned Debian. They enable AppArmor but most processes still run unconfined so it's mostly useless. They change a few security-relevant settings but these are also mostly useless as they don't even apply the exec-shield patch so that sysctl doesn't exist, disabling kexec is to prevent root from booting a malicious kernel but root can do so many other things to modify the kernel such as loading a kernel module, hiding kernel symbols from /proc ignores the fact that they're clearly visible in System.map and finally, disabling source routing is already a Debian default. PureOS also uses linux-libre which prevents you from loading any firmware updates and the Librem 5 prevents you from even flashing new firmware manually which leaves you with insecure firmware with known vulnerabilities.

The hardware lacks many modern security features like verified boot, hardware backed keystore and more.

These devices are also not open hardware/firmware unlike what they try to claim. The majority of the hardware/firmware is still proprietary.

Hardware Kill Switches

Hardware kill switches are nothing but marketing frills.

The microphone kill switch is useless since audio can still be gotten via the sensors (such as the gyroscope).

The network kill switch is useless since the attacker will just wait until you turn them back on again to exfiltrate data. If you need to disable network access, you can use airplane mode.

The camera kill switch is no better than some tape.

Modem Isolation

Modem isolation isn't anything special. Qualcomm SoCs have isolated the modem via an IOMMU for years. The way the Librem 5 isolates the modem is via the Linux kernel USB stack which is not a strong barrier as shown in the Linux article.

There is also a lot of misinformation about how the modem being on a separate chip means it's isolated. This is completely untrue. Just look at how FireWire for example can be used for DMA yet it's completely separate from the rest of the hardware. Whether the modem is on a separate chip or not is irrelevant to if it's isolated.

Go back