Is a 'dumbphone' mobile more secure for basic phone calls than a smartphone?

Question

By dumbphone I mean: no internet connection, very limited features, etc.

By more secure I mean: secure from malicious and direct hacking. I don't mean as in protected from government tapping/snooping; I don't mean from authorities who could be granted access somehow, through the mobile operator company.

Has the security of the basic phone call changed much, in the last 10 years ? Obviously smartphones have an endless number of new security holes as time goes on, a quick browse of Apple's security updates history, or searching Android in the tech news, proves this. But I'd suspect most of these vulnerabilities can be utilised because of the frequent connections to the internet made with them. So, do smartphones utilise anything new [purely in] the initiation and connection of just the phone call itself ?

Does [this](https://en.wikipedia.org/wiki/Nokia_6650) qualifies as a dumbphone by your standards? — Dmitry Grigoryev, Feb 02 '17 at 11:21
Do currently available dumbphones even operate on non-internet enabled radio standards? — , Feb 02 '17 at 16:23
@DmitryGrigoryev It has some kind of java.... thing. That could be a not-dumb phone, or a very dumb phone depending on your point of view. — Criggie, Feb 03 '17 at 11:16
Define "more secure", please. Consider that Macs are claimed to be "more secure" by the simple fact that not as many people use that OS so there's less bang-for-buck for hackers. Dumb/feature phones *could* be considered more secure by the simple fact that people might not be targeting them any longer. — MonkeyZeus, Feb 03 '17 at 14:33
Is there a real difference between "illicit hacking" and "government tapping/snooping?" — Octopus, Feb 03 '17 at 16:54
I'm still not certain what your difference is. I think maybe you mean accessing the phone's data directly on the phone vs. accessing logs of your activity stored at the phone company? — Octopus, Feb 03 '17 at 18:52
"Malicious" doesn't seem any better than "illicit". Government can be malicious, too. Maybe you wish to say that your only realistic target is protecting yourself from hackers with fewer resources than those of a nation state. — Federico Poloni, Feb 03 '17 at 19:11
Both of the above are the idea of what I mean. Free free to submit edit to question description. — infinite-etcetera, Feb 03 '17 at 19:40
Note my question http://security.stackexchange.com/questions/124900/in-mobile-can-early-media-be-sent-from-the-phone would surely apply to dumb phones, where the mic attaches straightly to a simple and undocumented modem chip. — arivero, Feb 03 '17 at 21:53
Are you referring to modern "dumb" phones or the feature phones of the mid 2000's? — Blackhawk, Feb 06 '17 at 17:10

score 63 · Answer 1 · edited Jun 16 '20 at 09:49

63

Has the security of the basic phone call changed much, in the last 10 years ?

So, do smartphones utilise anything new [purely in] the initiation and connection of just the phone call itself ?

Yes. There are new technologies used to establish phone calls in cellular networks. Those new technologies mitigate some attacks which were possible due to flaws in the older ones. So if you use a "dumbphone" that runs on the older technologies you are subject to those attacks (i.e. the inverse is true, the smartphone is in this respect more secure).

The technologies used in the cellular networks basically evolved over time like this: 1st generation (analogue), 2nd generation (GSM etc.), 3rd generation (UMTS etc.), 4th generation (LTE etc.).

If you use a device running for example the GSM technology, an attacker might intercept your calls with hardware costs of only about $30 USD. Intercepting calls made with the newer technologies is harder up to a point where only nation state attackers can perform them.

edited Jun 16 '20 at 09:49

Community

1

answered Feb 02 '17 at 10:39

Hacktiker

914
7
14

33

Virtually all modern smarphones still support 2G, so they are still vulnerable to the same kind of attacks. – Dmitry Grigoryev Feb 02 '17 at 11:24
19

That's true, but the attacker would then need to perform a downgrade attack because those devices would only use the older technology if the newer one is not available. – Hacktiker Feb 02 '17 at 11:32
19

A key point is that the attacker would need to be in cell range. If i infect your smartphone, i don't have to drive behind you with my RTLSDR / USRP to read your texts – J.A.K. Feb 02 '17 at 11:51
6

@Hacktiker In most countries (excluding Austria AFAIK), a downgrade attack is a matter of standing in the area covered by the old 2G cell. – Dmitry Grigoryev Feb 03 '17 at 08:21
2

@DmitryGrigoryev agreed! That is why I set my smartphone to either connect LTE or show the antenna tower my best finger (not that one). – Mindwin Feb 03 '17 at 13:14
1

No offense, this misses the question completely, I feel, while being upvoted more than double of the next answer. The OP is not asking about using a GSM phone, but using a phone that *only* consists of the cellular network functionality, without the "smart" technology on top (i.e. without Android, iOS, Blackberry)... – AnoE Feb 03 '17 at 21:23
My understanding of cellular networks, albeit limited, is that they all use SS7 which is fairly vulnerable to attack and the cellular network (XG) you are using is irrelevant making a basic phone no better than a smart phone. – ninja coder Feb 04 '17 at 15:13

score 22 · Answer 2 · edited Feb 03 '17 at 15:30

22

Case in point: Snowden uses a feature phone (i.e. 'dumb phone). A few people would like to attack his phone, but even if they succeed, it's a very limited reward. OpenMOKO is an example of such a phone. An attacker will likely need a good working knowledge of the system he is trying to penetrate, and android is easy to persist on once in. Harder to persist on a classic Nokia.

With a HackRF One and OpenBTS it is still possible to IMSI catch (and downgrade crypto, and listen in on protocol data + calls), and in any case it is my understanding that when the phone modem is using DMA you are somewhat at the mercy of your telephony provider - who can silently push configs, over-the-air updates etc.

If possible, ensure that your phone cannot have its 4/3G downgraded to broken GSM. If using a smartphone, do not use default browsers, use apps that provide end-to-end crypto for IM and calls (WhatsApp, Wire, Signal (the last one is best), and if necessary VPN on public wifi.

edited Feb 03 '17 at 15:30

That Brazilian Guy

521
5
14

answered Feb 02 '17 at 11:27

user400344

863
5
9

5

"If possible, ensure that your phone cannot have its 4/3G downgraded to broken GSM." Is this setting available on any known phone? What would this feature be named? – l0b0 Feb 02 '17 at 19:31
@l0b0 Android had a very well hidden menu which allowed this to be changed, though I'm not sure if it still does. I can't seem to find it today. – Michael Hampton Feb 02 '17 at 20:25
10

Snowden's threat model might be a little different from the OP's. – user Feb 02 '17 at 21:44
Why is signal best? That sounds pretty opinionated and subjective- "best" in security? Usability? Price? – Tim Feb 02 '17 at 22:29
It is open source. https://github.com/WhisperSystems/Signal-Android + https://github.com/WhisperSystems/Signal-iOS – user400344 Feb 02 '17 at 23:14
And it will present both peers with a random phrase on each voicecall to make MiTM at least noticeable. – user400344 Feb 02 '17 at 23:20
5

@l0b0 as far as I know this feature is present on all sufficiently modern Android phones: on mine, it is in *Settings* > *Mobile networks* > *Preferred network type*, which then lets you select between *2G/3G*, *2G only*, or *3G only*. The setting in question would be *3G only*. – Giulio Muscarello Feb 02 '17 at 23:37
There was some talk recently about it being possible for WhatsApp's owner, Facebook, to silently decrypt all data passed theough the app. http://boingboing.net/2017/01/13/whatsapp-facebooks-ability.html - but regardless, it's better than raw SMS/voicecalls. – user400344 Feb 03 '17 at 00:16
5

The reason for using a dumb (feature) phone in a case like Snowden's has nothing to do with the security of _calls_. If that was the only thing at stake (as this question asks) that data point would be irrelevant. The difference is in the surface provided for other kinds of attacks. The firmware of smartphones (including baseband radios, etc.) are often hackable from the network provider end of things and more likely to be turned into unwitting bugging devices than a less capable device. (Also turning them on and off, etc. is a lot faster if you're worried about the firmware being compromised. – Caleb Feb 03 '17 at 12:24
@l0b0 My stock Samsung Galaxy S5 has such option in network settings. I can choose between LTE/3G/2G, 3G/2G, 3G, 2G. If I set it to 3G, it does not connect to 2G networks. – AndrejaKo Feb 03 '17 at 20:52
@AndrejaKo Sounds great. But what will it do if 4(LTE)/3G coverage is unavailable (for any number of reasons)? – user400344 Feb 03 '17 at 22:11
@Caleb Signal at least deals with voice calls in an ethical manner. – user400344 Feb 03 '17 at 22:13
@user400344 Not use the phone or accept the possibility of interception, same way as it is with any other broken encryption method. – AndrejaKo Feb 04 '17 at 09:38
Can you give more examples of dump phones and their persistances, please? OpenMOKO is pretty deprecated. – Léo Léopold Hertz 준영 Mar 26 '17 at 13:36
1

@LéoLéopoldHertz준영 No it's not. – user400344 Mar 26 '17 at 13:42
1

@LéoLéopoldHertz준영 http://shr-project.org/trac . less is more. – user400344 Mar 26 '17 at 13:46
@user400344 Yes, any proposal for phone with less functionalities? Any with only 4G or 3G? No GSM. – Léo Léopold Hertz 준영 Mar 26 '17 at 14:12
A raspberry pi zero with a module that supports 4G/LTE, an LTE antenna, and several USB batteries. – user400344 Mar 26 '17 at 14:19

score 11 · Answer 3 · answered Feb 02 '17 at 11:04

Sure, Internet connection and physical data intefaces like USB or microSD constitute attack vectors.

However, if you use your smartphone as a dumbphone (i.e. never enable data connections, never plug an SD card in it and never connect it to devices other than the official charger), the level of risk is nearly the same.

It can be argued that if your phone falls in the wrong hands, nothing will prevent the attacker from using those interfaces, or exploit Android bugs. But physical access is fatal for dumbphone security as well. Those devices also have debug interfaces and interface bugs which can be exploited.

it's very nearly fair to just say physical access is fatal to security period. if it's not, there's almost no way the device will be as usable and mobile as a phone — Leliel, Feb 02 '17 at 17:58

score 5 · Answer 4 · answered Feb 03 '17 at 16:32

5

I think you might be conflating two different things when you say "more secure".

On the one hand, I'm sure that the old proprietary operating systems of 'dumb phones' could easily be hacked if the attacker could analyze the firmware, versus 'smart phones' where security, permissions and the safety of managed code prevent a lot. From that perspective 'smart phones' are vastly more secure.

However, if you look at the two phone types in terms of attack surface, there are vastly many more ways of attacking a 'smart phone' than a 'dumb phone'. If all your 'dumb phone' can do is text/call, the hacker is limited to physical access or cellular MitM attacks. Bring Bluetooth or internet connectivity into the picture and you open a couple more avenues. But on 'smart phones', someone could convince you to download a malicious app, or they could attack you through a legitimate app that has vulnerabilities, or they could phish you, etc.

However, if you had both a 'dumb phone' and a 'smart phone', and limited your activity ONLY to phone calls, I would still expect the 'smart phone' to be more secure with respect to targeted hacking.

answered Feb 03 '17 at 16:32

Blackhawk

191
7

*"old proprietary operating systems"* You mean like how Symbian is proprietary like Windows Phone is proprietary like Apple iOS is proprietary? The only real non-proprietary choice would be Android, but I strongly suspect that there are *plenty* of proprietary bits in a real-world Android installation even before you start adding apps yourself. – user Feb 05 '17 at 15:22
@MichaelKjörling a fair point - I suppose I'm more referring to hardware manufacturers who roll their own OS to cut costs - really just a menu system baked into firmware. – Blackhawk Feb 06 '17 at 17:12
1

I think you are underestimating the software complexity of non-smartphone cellphones. – user Feb 06 '17 at 21:19
+1 for the attack surface. You need to have some dedicated, malicious neighbours if they set up an IMSI catcher. However, if the phone is an internet-connected computer, then every script kiddie on the internet is a potential attacker. And it's not only the number of potential attackers which expands the attack surface, it's also the user. With my old dumb phone, I made calls and sent texts. With my smartphone, I visit websites and install apps. – Dohn Joe Aug 21 '19 at 08:51

score 3 · Answer 5 · answered Feb 02 '17 at 22:24

It can mitigate some risks but expose you to some other ones.

You see, in most smartphones (but not all), the cellular network interface is separate from the main CPU and only talks to it through a specific bus - if the mobile interface is compromised it's not game over just yet as the attacker still has to compromise the main CPU (though vulnerabilities in the code that controls the mobile interface, text message parsing like Stagefright, etc).

Feature phones, on ther other hand use an all-in-one chipset that runs both the OS as well as handle cellular communication. If that one is compromised the attacker gets full control of the phone straight away. It is also much easier to hide malware in a feature phone than a smartphone because you don't have to worry about future OS updates breaking it, or some advanced features like a Terminal (on Android and jailbroken iOS) which could allow someone knowledgeable to detect your malware.

Is a 'dumbphone' mobile more secure for basic phone calls than a smartphone?

5 Answers5

Linked