4

Unidirectional Data Transmission to a Smartphone

I'm going to use an old Android phone to store sensitive data (e.g., Bitcoin wallet private key), with no SIM card and WiFi and Bluetooth turned off. I could disable wireless connections physically if I get paranoid enough. This way, even if the system is compromised, it won't leak any data to the outside World.

The question is, if I want to install or update software on the phone, how can I send the apk files? The obvious way is through SD card, but what if some malware in the phone writes the key to the card? I'd have to dispose of the SD card every time, which can be costly and inconvenient.

I guess there may be microSD cards with a write protection lock switch, but I've never seen those before.

Ideally, I'd like to send something like audio signals or series of QR codes which the receiver will decode as a binary file.

TazerFace
  • 317
  • 3
  • 12
anton_
  • 41
  • 3
  • Normally, I'd suggest a USB write blocker, but I can't find any which work in the direction you want - they tend to be for blocking writes to the USB device. – Matthew Jun 19 '17 at 15:07
  • So you trust the OS on the phone to keep Bluetooth and WiFi off even though these are just software only settings but you fear that it might write to an SD card? And why is this even a problem if you use this SD card only to transfer data to the phone? Apart from that you might also use adb over USB. – Steffen Ullrich Jun 19 '17 at 15:54
  • @SteffenUllrich regarding SD card, I'd have to dispose of it after use - otherwise it's not obvious how can I be sure nothing had been written there. Although I guess it's reasonably safe to just format the card and reuse it. – anton_ Jun 19 '17 at 18:20
  • @SteffenUllrich regarding USB, if my computer is infected, then it could exploit some USB vulnerability in the phone and get access to its storage. – anton_ Jun 19 '17 at 18:27
  • 3
    @anton_: if your computer is infected it can write a corrupted APK to the SD card too. I have the feeling that your risk analysis is both sketchy and inconsistent, like assuming that phone and computer might be corrupted but at the same time relying on them being not corrupted. – Steffen Ullrich Jun 19 '17 at 18:38
  • 1
    A note on microSD cards with a write protection lock switch, its not a hardware solution so even if the switch is in the locked position it might be 'hacked' to writable with the registry. – daniel Nov 15 '17 at 10:09

1 Answers1

1

You can use for example Soft Modem for Android, such as one based on this library. This can be made completely unidirectional if you do not connect the L/R pins and only connect PC audio output to Android MIC through a divider. Of course you would have to manually verify the integrity of the content you have sent, since in this case you will not have automatic retransmission.

However using an Android phone - especially old one - to store anything important is a bad idea. Basically while you only need the phone's memory component, you depend in many other components to access this memory - and many of those components are way less reliable than memory (display and USB charging port are probably the weakest).

George Y.
  • 3,504
  • 2
  • 10
  • 15