OpSec Going Smarter: Secure Smartphones

Greetings, dear readers! I decided to write a rather unusual article in which I want to get away from the accepted concept and talk about various devices and gadgets for OpSec, but with a bias towards the real application and ease of use!

This is the third and logical continuation of my previous articles — if you haven't read them yet, please do so by clicking on the link below:


I - Specialized Smartphones

Your choice of smartphone can indicate how much you respect your privacy in the modern world, when protecting your privacy online is just as important as protecting it offline. Good thing is, these specialized smartphones that came into existence to protect your privacy, will make you sleep in peace at night.

But do they truly live up to their reputations? I believe that in general, three things are necessary:

  • The ability to physically disconnect the stubs to the camera (like in Purism Librem 5), GPS, microphone, speakers, and so on;

  • Next, ability to run GrapheneOS or LineageOS;

  • And third, it's root access, as follows.

Why even use a secure smartphone if you care about OpSec problems, you may ask?

Well, even though most of us have certainly longed to be free of the devices at some point, there is no escape the convenience and frequently the professional need that owning a secure smartphone brings.


II - Market Overview

One thing to keep in mind before we get started is that very few firms produce privacy and security-based smartphones, which means some of these devices are a little dated or use an earlier version of Android. As a result, do not anticipate the newest hardware or software to work with these devices.

Here’s a list of the most secure phones you can use today:

  1. Bittium Tough Mobile 2C

  2. K-iPhone – The one of the most secure Phones IMHO❕

  3. Solarin From Sirin Labs

  4. Purism Librem 5

  5. Sirin Labs Finney U1

  6. Latest iPhone (watch out iCloud & known attacks) or Android

  7. BlackBerry Device - Let's respect the true Pioneers in this industry!

  8. Google Pixel (4 and beyond) are good privacy friendly options if you reconfigure them to run GrapheneOS!

  9. Buy an old Nexus, run divestos.org or LineageOS or Ubuntu!

  10. Lenovo Device

Purism Librem 5
Purism Librem 5

Often in the deep-web / dark-net or hacker forums you can find ads for the sale of such devices. I strictly advise against dealing with them! You can easily become a victim or end up in jail - like in Encrochat & Phantom Secure cases! Check out this podcast!

More info:


III - Thoughts

I’m actually interested in such devices as I see a perspective in services like airgap.it (check out AirGap cons) for which you can use your smartphone.

It is worth mentioning, that I would prefer a dialog via Jitsi or Zoiper via SIP than via smartphone, but sometimes you just can't do without it!

On the other hand, there is another attitude: making a device which will be compatible to all phones at once and will implement only one phone-related function (voice transition), for example - link.

Maybe surprisingly for me many, I don't think it's possible to get this risk down in a reasonable way without compromise. Personally, I'd like two consider everything compromised mentally and setup multiple layers of defense and monitoring:

You can have all protection you want but with enough time and monitoring, you'll be pwned sooner or later. Be prepared for sooner and have a checklist ready or use something like Duress, in case bad boys or someone ever comes for you!

In other words, whatever you choose from specialized smartphones - always prepare for the worst possible outcome!

Accept as a fact that if the device falls into the hands of intruders, only custom capacitors can save your money (so that you can not get directly to the brains and read electric signals) and other things like self-destruction, epoxy, and so on.

That is, ideally, you can not allow physical contact in any case!

You can use special logic bombs or logic gates, extra passwords that trigger some kind of security action, alert events on your address via tenderly.co or Forta or using 2/3 multi-sig all the time from 3 different devices!

2-FA?..

Instead of SMS-based 2FA, use Aegis OTP for iOS or Android. Google Authenticator is generally not recommended anymore in order to stay out of the Google ecosystem, and Authy.com offers more robust account recovery options (Aegis does not offer the same level of account recovery options).

Turn off allow multi-device in Authy settings and you’ll be alright!

Keep in mind that the codes generated by 2FA apps are device specific. If your account is not manually backed up to Google cloud or iCloud and you lose your phone, you’ll need to spend some time proving your identity to restore your 2FA.

Regarding the risk of phone/device loss/breakage, that's a real risk for a lot of people! Treat your device with care!

The added security is worth the hassle! Hardware-based 2FA options are regarded as more secure than phone-based OTP options since the keys are stored on the YubiKey or NitroKey device itself, not on your phone, or in the cloud, or on your computer.

Anyway remember, the device must not fall into anyone's hands. One could also create a honeypot wallet and have a script that listens for tx's originating from those addresses that alerts authorities, security companies and/or friends & family that you are under Duress, perhaps even sending your location or last known location based off a GPS chip phone with the alerts!

Just be sure you know what you are doing and why!

Check out: Portable Secret

Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses.

Only knowledge can defeat criminals’ knowledge:

I. Anon

II. Privacy

III. OpSec

In this intellectual boxing match, the most prepared wins, and we want that to be you!

Check out:


IV - Support

Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! ❤️

If you want to support my work, you can send me a donation to the address:

Stay safe!

Subscribe to Officer's Blog
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.