I know sensitive: Is backdoor required?

The recent revelation that an iPhone can be activated remotely to allow a third party access to the camera and microphone without the consent of the phone owner, has caused some to suggest that this vulnerability is actually a feature required by the Government.

  1. Has the Librem 5 team been made aware of such a requirement?
  2. If so, will you be open about your compliance with such a requirement?
  3. If not 2), can you speculate about whether a member of your team would be willing to quit your team and anonymously provide the community a way to defeat this back door?

I’m so sorry to even have to bring this up.

3 Likes

I believe that is what the Warrant Canaries are for:

https://puri.sm/warrant-canary/

9 Likes

Issues like this are why there are the physical switches in the design. By physically separating the baseband processor from the main system, and providing a removable battery, you can prevent remote control by the traditional telephone network carriers. This is how the carrier can tell where you are even when your phone is off. The baseband stays in contact with the nearest cell tower, and can be “pinged” even if your phone is “off”.

The design of the laptops took this into account with the physical off switches for wireless, and the camera/microphone. No electrical connectivity, no possible way to activate – remote or otherwise.

Hardware is controlled by software. Unless the physical design takes this into account, such as the LED on the same power line as the microphone/camera, malicious software – including the OS – can compromise you. PureOS is pure libre software. It is nigh unto impossible to hide that sort of back door in software when it is open source and everyone is looking for something like that because of how the Librem’s are marketed.

The iPhone issues are only when malicious software is installed on the phone. There isn’t much you can do for security if someone else can install software on your phone and grant explicit permissions. I believe it also requires either a rooted phone or an unpatched exploit to grant that level of access.

6 Likes

Apple claims to have no backdoor. So why would I want a Librem phone, when such security is already available from big name phones? https://ca.finance.yahoo.com/news/apple-tim-cook-doj-backdoor-iphone-214520728.html

Is it because Apple can be coerced into providing info to the gov by way of a backdoor and Purism can’t be coerced? Is the canary on the Librem phone a last ditch extra in case the gov does find a way to make any phone maker, Apple or Purism to cave in and gives the gov a backdoor or something like that?

Short answer:

Apple claims to have no backdoor. But since none of their code is auditable, you have to accept what they say.

All the source code on the Librem 5 is open and available, so it can be inspected and confirmed to be backdoor-free.

7 Likes

They may be able to be coerced into making such a claim even though they know it to be false.

It is a sick world in which we live.

5 Likes

If you trust Edward Snowdens leaks (which have never been proven to be false) this has been the case for many years already.

4 Likes

Oh, here we go again.

I’ll bite. Is the claim that Apple is willingly working with the NSA and that Snowden’s files prove this or am I missing the point? Or are we just saying that Apple has a backdoor and could be forced by .gov to give up the keys?


““The iPhone has special software that can activate itself without the owner having to press a button and gather information about him,” Snowden’s lawyer told reporters. “That’s why on security grounds he refused to have this phone.””

So Snowden won’t use the iPhone because he believes in special software. Not that he found proof in his files, that he believes it to be so. That’s a far cry from “works with the government”

I am not saying the security switches on the Librem 5 do not have value to me and others. But again, that’s not why I put my money where my mouth is, I paid for a Librem 5 because I wanted a linux phone. Just the OS alone will allow me to control my phone they way I want and for me to review the code I put on the phone.

When it comes to smart phones with only two choices, Android vs iPhone, I’ll take a iPhone hands down. I pay Apple for services (sure mobile me is free now, but now it is tied to a device that you purchased). While Android is made up of free google services. When a service is free how do they make money, google doesn’t provide those services from the goodness of their heart, they need to make money. So in that case YOUR data is the real product. Thanks for signing up and not reading the EULA.

Based on my knowledge, Apple has fought the US .gov tooth and nail anytime the .gov wanted something reveled for them from one of their customer’s devices. So what’s the problem, that they can do so but have demonstrated that they won’t do so?

Can anyone explain to me how a phone that is turned off can be turned on remotely? Then further demonstrate it? Seriously, I won’t even look that one up as my basic understand of electrical engineering answers the question for me. It would take concerted effort on the developers part to make that so and well if there is no money in it, capitalists won’t bother. Sure I can set up a device that based on some criteria will come out of sleep mode - but “off” means something else. No power going to the device. Now this should be easy to test. Open you iPhone, turn it “off” and check for power with your multimeter.

My critical thinking brain is engaged whenever someone prefixes a statement with words like “claim” or “supposedly”.

Apple claims that the earth is round (spherical), but we all know the truth - don’t we?

(Please understand, no offense is intended in my post. I am debating the points made not the people that make them. I chose to not sit here and let these “claims” go unchallenged. Go on then, I’ve got my nomex suit on - flame on.)

3 Likes

But the post uses both the term ‘off’ and the term ‘“off”’ so make of that what you will. It really isn’t clear what kind of ‘off’ is intended. Press and release to Sleep? Press and hold to Power Off?

I think the implication is that the phone gives the appearance of being off but is not completely off, as in, for example, Wake-on-LAN on a mainstream computer (or, more to the point, Wake-on-Baseband).

A sophisticated user could put the claim to the test in another way. The claim was that the baseband still communicates with the tower even when the phone is “off”. That is presumably testable by detecting the radio activity, without needing to open up the phone.

Or is the claim that Apple is unwillingly working with the NSA? Apple’s public position has certainly been that they have and will put up a fight and would only act if legally compelled to.

It is not as if the NSA is the only agency that might be implicated. Apple is a multinational.

Personally I don’t believe very few companies which are not state owned willingly make backdoors as it would hurts their sales if their customers knows of it.

I don’t care if we are talking about Apple, Google, Microsoft or any other large american company, they all can be forced by law to give up data to the NSA.

I wouldn’t compare these companies against Huawei as that’s state-owned by China, but I do not trust any of these companies much more than i trust for example Xiaomi. At least that’s the case for people who are not americans as PRISM requires a warrant for information about american citizens.

XKEYSCORE, TURMOIL and TURBINE … and then there is the post PATRIOT act era …

one thing about proprietary software is that it COULD intentionally/unintentionally “host” malicious code in it’s binary … the said code could be written to self destruct if ANY attempts are made to audit the source-code (when and if internal audits happen … highly problematic)

besides the mere fact that it is closed-source means that ANY traces could be erased by an update to the lover-levels of the code or the higher-levels …

just yesterday i’ve come across a security issue in regards to the older UHK-keyboard Agent (the software that is used to configure the keyboard and flash the firmware)

it was promptly addressed by an update on github by the manufacturer … both the Agent software and the firmware … all thanks to the fact that it IS copy-left …

Not everyone does, no

This comment covers why you shouldn’t be concerned about such things with the Librem 5, even beyond the fact that we have a warrant canary. This is why we continue to make a big deal about the fact that PureOS is 100% Free Software (and FSF-certified as such), that our Librem 5 was built to comply with Respects Your Freedom, and why we make such a big deal out of reproducible builds. The combination makes it incredibly challenging for someone to implant a software backdoor into a Purism device without it being detected.

In general we try to build systems such that while we think you have reason to trust us, you shouldn’t have to, to be safe. I also talk about some of these points here and here.

6 Likes

Did you reach the goal of reproducible builds btw? That’s actually a big deal in security scope - when you go all paranoid you don’t need to rebuild and reinstall the system, will suffice to rebuild and re-checksum.

We aren’t at 100% yet, but we are nibbling away at it along with the Debian project as a whole.

1 Like

I don’t believe any company can ever offer services or products with 100% safety online or even offline 100% safe. close to 100% or 99,99% maybe. Any claims for 100% security are unreal and just marketing sales.
many factors affect online security Internet Service Provider, software of your router, WiFi hop spot safety you are using at your coffee shop or other factors, but Purism Eco System phone+laptop+pureos is very safe.

I personally Believe that Fedora SE linux setup is safer then debian, but it might just be since I used Fedora for more then 10 years and I don’t know all security features debian has, so I might be wrong about it.

(But that is just me, I also have custom router with openwrt and I compile my own kernel for fedora, build my own bio sensors with rasberry pi and home IoT and prefer My own LAN cloud over cloud in general.)

PureOS is safer then most commercial OSs like Windows, Windows Phone (or Windows Mobile) for sure.

The best part about my Librem PureOS experience is the open minded community here.
Purism Dedication for privacy is commendable and for now and community supports that claim as true.
I agree with this user / community trust is important and for example even if lets say Facebok becomes one of the most private company in the world now, after all that happened probably lots of people will not trust them.

Regards, Alex

1 Like

the weakest link in any private/secure system is a human-person … maybe that’s why we are gradually being demoted to full-robot …

100% true, I remember my days as sys admin in 2010 when I saw stikcers taped to keyboard with passwords.
Regards, Alex

A strong password taped to a monitor is stronger protection from remote access attacks than a weak password that’s memorized.

Physical security is a valid aspect of IT security that is often underappreciated.

This is not to say I recommend taping passwords to things but rather that there is context that matters as well.

3 Likes

True about in an office that has 50-100 visitors per day that is not a good choice at all in my opinion.
reC I was just giving real life example of the point he made that humans are the weakest security link.

Regards, Alex