0

Reading the comments at Bruce Schneier's blog, I came across this recommendation by someone where they write:

@Michael_H - Here you go, buy yourself a cheap Huawei G6620 on eBay, any network, doesn't matter which, then you'll want to go into Security Settings (5) Certificate Manager, now DELETE all the RSA tokens.. Then back out and goto web'n'walk service - settings (6) Trusted Certificates and DELETE all RSA tokens.

Now your Telecom's provider has no way to access your device remotely @ ALL...

Can't see your contact's, can't access your Phone Book, Can't see you on there GPRS..

It looks like the person recommends Huawei G6620 because that phone allows the deletion of the RSA tokens.

Now assuming that the Telecom provider, or other parts of the government, use those RSA tokens as part of their setup to access data from your phone....

...wouldn't deleting them at most force the telecom provider (or government) to use a non-encrypted channel to access the data on your phone?

Or is there some other "benefit" against surveillance from deleting the RSA tokens?

user100487
  • 503
  • 4
  • 8
  • 1
    It is not even clear which "RSA tokens" they talk about there. The common meaning of RSA token is the hardware device with RSA SecureID which has nothing to do with what they are talking about. Unless you get a more reliable resource about the topic than excerpts from the depth of some discussion I would consider this question as "unclear what you are asking". Just because "someone" said on the internet it does not mean it is relevant or true. – Steffen Ullrich Nov 25 '15 at 04:18
  • 1
    Also, perhaps deleting RSA "tokens" doesn't remove them from the phone, only from the application layer. The now hidden tokens might still be available to authenticate sessions with telcos and governments... - a clinically paranoid. – Andrew Philips Nov 25 '15 at 07:58
  • @SteffenUllrich, thanks, although I did not really think it would be true you are correct in highlighting that. I asked here because it seemed questionable to me but I was curious if there is some "wisdom" in it that I was not aware of. In the end I agree with the sentiment in Petro's answer. – user100487 Nov 26 '15 at 01:57

1 Answers1

3

I suspect that by "tokens" he means RSA keys or RSA certificates. In this case (SWAG) the phone contains the providers public keys which allows the provider access via authenticated connections.

The phone probably (SWAG here) doesn't allow unauthenticated incoming connections, or doesn't allow it for certain things.

Now, whether that is accurate or correct I can't say.

OTOH, the comments on Schneier's blog, well, some of those people are bugf*k insane, some are trolls, and some are genuine geniuses. Given that people in Cryptography have a tendency towards almost clinical paranoia it's hard to tell which.

Petro
  • 784
  • 5
  • 5
  • Good description of the very mixed quality of the comments in the blog, which obviously impacts the quality of a question based on such comments. – Steffen Ullrich Nov 25 '15 at 06:16