[HN Gopher] How to Use an iPad as a Secure Calling and Messaging...
___________________________________________________________________
How to Use an iPad as a Secure Calling and Messaging Device
(Updated 2022)
Author : CharlesW
Score : 68 points
Date : 2022-08-04 19:02 UTC (3 hours ago)
(HTM) web link (yawnbox.com)
(TXT) w3m dump (yawnbox.com)
| rkwasny wrote:
| A bit of an overkill, just buy a 2nd hand laptop for cash,
| install linux and use a chat app that does not require a phone
| number.
| mandeepj wrote:
| Would it still be secure if the attacker\hacker is able to find
| your username ?
| tragictrash wrote:
| > Most Androids get slowly patched, if at all.
|
| This is changing, and picking the right manufacturer can make all
| the difference.
| petra wrote:
| Patching is good but not reliable enough.
|
| Is there anything for Android similar to Qubes-OS?
| unintendedcons wrote:
| GrapheneOS is the best available option right now. I struggle
| with it when I want to do anything interesting. Its
| explicitly not made for devs. Its locked down for users. That
| said, if you need a smartphone, its the best available phone
| OS today.
| codethief wrote:
| GrapheneOS?
|
| Been using it for almost a year and I never want to go back.
| gzer0 wrote:
| Which phone do you recommend to load GrapheneOS on?
|
| Every time I try, I end up with a phone that is unable to
| unlock the OEM bootloader; even if the phone is from the
| factory
| cowtools wrote:
| GrapheneOS only supports the google "pixel" line of
| phones (probably because they support the bootloader-
| locking by user, and ship with most stock android/AOSP
| support):
|
| https://grapheneos.org/faq#supported-devices
|
| I'm running it on a pixel-4a (google-sunfish) and it
| works fine. You may want to pay close attention to the
| parts where it tells you how to lock/unlock the
| bootloader:
|
| https://grapheneos.org/install/cli#enabling-oem-unlocking
|
| https://grapheneos.org/install/cli#disabling-oem-
| unlocking
|
| CalyxOS also supports older models like the pixel 3,
| albeit with lower standards for security:
| https://calyxos.org/install/
|
| Additionally there's AOSP distros like LineageOS that
| support many devices, but with much lower security
| standards: https://wiki.lineageos.org/devices/
| normaler wrote:
| Not really comparable to Qubes-OS technically, but there is
| graphenos.
| steveBK123 wrote:
| Android being "just around the corner" of getting better on
| patches if you just pick the right manufacturer has been the
| story for what.. the last 5.. 10 years?
| tragictrash wrote:
| It's not around the corner, it's here and has been for years.
| walterbell wrote:
| Note that PAC is broken on all M1-based Apple devices, so the
| most secure device on the list may be the A15-based iPad Mini,
| https://9to5mac.com/2022/06/10/pacman-m1-chip/
|
| Apple needs to provide a way to test and report the integrity of
| the radio baseband firmware on a device.
|
| 4G LTE is susceptible to IMSI catchers / fake cellular base
| stations, https://news.ycombinator.com/item?id=32237621
|
| After installing E2EE messaging app, you can block all network
| traffic to Apple, then whitelist the Apple notification servers,
| https://support.apple.com/en-us/HT203609 and iOS security update
| servers, https://support.apple.com/en-us/HT210060
| tptacek wrote:
| Why does Apple need to provide a way to test and report the
| integrity of baseband firmware? I'm not saying it wouldn't be a
| good thing; I suppose it would be. But people believe very
| weird things about iPhone/iPad basebands.
| walterbell wrote:
| May 2022, https://dl.acm.org/doi/abs/10.1145/3507657.3528547
|
| _> On recent iPhones, Bluetooth, Near Field Communication
| (NFC), and Ultra-wideband (UWB) keep running after power off,
| and all three wireless chips have direct access to the secure
| element. As a practical example what this means to security,
| we demonstrate the possibility to load malware onto a
| Bluetooth chip that is executed while the iPhone is off._
|
| LTE baseband issues, not specific to Apple, https://gist.gith
| ub.com/adaburrows/fda8711e468858fc5ace98daf...
| tptacek wrote:
| The paper lays this out: there are baseband features that
| use the Secure Element, and talk to it over I2C, because it
| stores secrets for things like (I guess?) car keys. That
| doesn't mean those chips can DMA things into and out of the
| Secure Element.
|
| For clarity: the Secure Element is the payment chip in the
| phone; it's not the SEP, the "Secure Enclave". The
| Enclave's memory is, in addition, hardware-encrypted.
|
| The cellular baseband on an iPhone is an HSIC peripheral.
| als0 wrote:
| Does the A15 have PAC? If not, then why is it _more_ secure?
| walterbell wrote:
| A12 onward has PAC.
|
| P0 review of PAC on the A12,
| https://googleprojectzero.blogspot.com/2019/02/examining-
| poi...
| als0 wrote:
| I haven't seen anything that suggests the A15 is not
| vulnerable to PACMAN. Do you have a reference?
| midislack wrote:
| How is Signal secure? It's proprietary and they need your phone
| number.
| ArrayBoundCheck wrote:
| I might get bashed for this but open source isn't secure at
| all. Have we had a month where no heavily used dependency gets
| infected?
|
| Proprietary code that's been audited is already better then
| most projects
|
| Not sure why phone number matters. Pretty much anyone can find
| your phone number
| danjoredd wrote:
| Here is the problem...is Open Source less secure because
| people find more software bugs, or is that accomplishing the
| whole purpose of open source technology? With the source code
| public, people find more bugs and it comes across as less
| secure, but they ultimately get fixed. A lot of those same
| bugs go unnoticed for years in proprietary software, and as a
| result its less secure. Yeah, proprietary software can be
| audited, but you only have like one or two guys doing the
| audit. They are going to miss something big. More eyes is
| better than few eyes.
|
| As far as the phone number goes, the person above is more
| focused on anonymity than anything else. You having your
| phone number tied to it is a pretty big cause of concern if
| that is the goal you are after unless you use a throwaway
| number.
| ziddoap wrote:
| > _Proprietary code that 's been audited is already better
| then most projects_
|
| Even better would be open source code that's been 3rd-party
| audited. Because you have formal audits, plus several
| informal audits. Like Signal.
| ArrayBoundCheck wrote:
| The OS is likely less secure than signal. Google and Apple seem
| to play a game of wack a mole
| gleenn wrote:
| It's open source and had security auditing over the code. If it
| makes you feel better, I think Moxie also posts here in HN too.
| greyface- wrote:
| Their server is not 100% open source.
| https://news.ycombinator.com/item?id=29072031
|
| Also, for a period of about a year, the code that was open
| sourced differed from the code actually running on the
| servers, adding "mobilecoin" features in secret.
| https://news.ycombinator.com/item?id=26715223
| walterbell wrote:
| Wire is open-source and does not mandate a phone number or
| sharing of address book contacts.
|
| Wire contributed to IETF MLS multi-vendor open protocol for
| E2EE group messaging,
| https://datatracker.ietf.org/wg/mls/about/
| sneak wrote:
| Signal does not mandate sharing of address book contacts
| either; it works fine without contacts permission. (This is
| how I use it.)
| h4waii wrote:
| Security!= Privacy
|
| Providing a phone number doesn't undermine the security of
| Signal at all.
|
| I'd also hazard to say that Signal isn't proprietary either,
| yes, there are parts of the project that are pretty opaque and
| we can definitely get behind the issues with that, but it's far
| from proprietary IMO.
| ziddoap wrote:
| A phone number. You mean the thing that you hand out to
| strangers so that they can contact you? The thing that was
| designed from the start to be shared, and used to be listed in
| a big book that everyone had? The thing that you put on top of
| the paper that you hand out to dozens of companies when looking
| for a job?
|
| What are you concerned about with your phone number? In what
| way does Signal (or anyone) having your phone number undermine
| your security?
| cowtools wrote:
| ziddoap wrote:
| > _you goddamn idiot._
|
| Lol
|
| Nothing of what you said relates to security (hint: all of
| that was privacy related), thanks for trying.
| cowtools wrote:
| [deleted]
| sneak wrote:
| Note that creating a US region AppleID now hard requires a phone
| number that can receive SMS to create it, in addition to an email
| address.
|
| An AppleID is required to install any apps on an iPad or iPhone.
|
| I think creating a Ukranian region Apple ID does not require a
| phone number and can install all global apps. Many popular apps
| (but fortunately not Signal) are published only in specific App
| Store regions (such as US).
|
| Note also that signing in to the App Store _will_ now silently
| enable iCloud. It has to be disabled explicitly again.
| shp0ngle wrote:
| This guide recommends to use Signal which does require the
| phone number anyway. Which makes the paranoic start with "GSM
| is inherently unsafe" that much more ironic
| lostmsu wrote:
| AFAIK you can't install US bank apps on devices with non-US App
| Store.
| navanchauhan wrote:
| You can always create a new Apple ID > sign out from your
| current Apple ID in the App Store > login with the new one >
| download whichever app you want > sign out and sign in to
| your original Apple it
| sneak wrote:
| Banking in the US requires strong governmental identity
| verification.
|
| Installing identity-linked accounts on a secure and private
| device defeats the whole purpose of the process described in
| TFA.
|
| Nobody following this guide should be installing US banking
| apps on the device.
| neither_color wrote:
| I don't do any of these things but I'd like to add that glinet
| routers are awesome, come with wireguard/tor support for client
| or server mode right out of the box, and are great for granting
| access to all devices(e.g watch, phone, laptop, tablet)
| simultaneously when using internet behind portals like hotel WiFi
| vorpalhex wrote:
| Yup, one of their routers lives in my travel kit along with
| cables and such. Tiny thing, runs off usb power which means it
| can be powered off a battery if needed.
| thenthenthen wrote:
| Which one are you using? I have an ancient one somewhere
| (like smaller version of tplink mr3020), dont think it has
| wireguard etc.
| aliasxneo wrote:
| This sounds interesting. How are you configuring it to sit
| between a hotel wifi and your device? My networking knowledge
| isn't too broad, but this sounds like something I want to
| setup.
| navanchauhan wrote:
| The router basically connects to the hotel wifi and all the
| requests go through the router. So, while the hotel wifi only
| sees one device (my glnet router appears as a Samsung
| mobile), all the other devices connected to the router can
| identify each other.
|
| I don't remember what exactly you call this, bridge mode
| perhaps? Or AP repeater mode? I'm not too sure about the
| networking terms here
|
| Edit: This comes in handy when you want to connect a device
| which is not capable of using the captive portal. That device
| can simply connect to your router. The router can connect to
| the Ethernet port or you can use its app/web interface to
| connect it to the WiFi network and proceed with the captive
| portal if needed
___________________________________________________________________
(page generated 2022-08-04 23:00 UTC)