Security of GrapheneOS when using Hotspots and Public Wifi?

de0u

ironwindow Imagine if the way that hotspots worked is, when you share your hotspot, you grant the other device/phone permission to directly access your mobile network under your name/account.

That's not how it works. A SIM can be live on only one device at a time, and many hotspot client devices don't contain a cellular modem.

ironwindow Contrast that with another method; if when you share a hotspot, the other device indirectly connects to the internet by connecting to your phone first before reaching the mobile network. This means that your phone would have to handle and funnel all the potentially-malicious data to and from the network for them. I'd consider the latter method a lot more risky than the former method, unless if substantial safeguards are implemented.

That is how it works (here is a Wikipedia starting point).

As I wrote (de0u), malicious hotspot client devices would be going through a code path that is less used than the code paths used by apps on your device accessing public Wi-Fi, and the code might be less audited.

de0u

ironwindow What's the likelihood that, for the 15 minutes you're connected to the free McDonald's public wifi, some seasoned hackers in that same McDonald's are going to target your machine by executing a series of zero-day exploits to bypass the compartmentalized structure of Qubes?

That scenario may not constitute a full enumeration of the threat landscape. If a web page visited by a browser in a Qube chains a browser sandbox escape with a Xen VM escape, the hypothetical hacker could be thousands of miles away fast asleep in bed.

The first article I found about Qubes escapes is old, but Qubes, like all hypervisors, is subject to VM escape bugs: https://www.csoonline.com/article/561467/xen-hypervisor-faces-third-highly-critical-vm-escape-bug-in-10-months.html

ironwindow

@de0u
Sorry about the delay, life's been stressful as of late so I haven't had the chance to follow up until now.

de0u "VM escape" bugs are more common than is widely understood, even for VMs under constant expert scrutiny: https://arstechnica.com/security/2024/03/vmware-issues-patches-for-critical-sandbox-escape-vulnerabilities/

More common than understood? Even under constant expert scrutiny????
This is very alarming and unfortunate to hear. Maybe you or anybody else reading through this thread are rightfully laughing at my naivety, but I assumed that VM compartmentalization was a significant-enough barrier to prevent most attacks.
I have spent quite a while now working to harden the security of my devices and my usage of them, but it seems that the more I learn about cybersecurity and privacy, the more practices and precautions I take to decrease attack surface, the more hopelessly-elusive peace of mind becomes.
I don't know what to do now. If even specialized OS's like Qubes or Graphene can't provide us with reasonable assurances of security, what now? In the long-run, are we all just fucked and waiting for the inevitable zero-day in the wild to compromise our devices and irreversibly leak or sell every bit of personal information, logins, medical/financial files, etc. onto the internet?

And the recent news of XZ Utils, which very nearly backdoored most linux systems worldwide, is not helping my state of mind the least bit. That shit is as consoling to me as watching a Gorilla Glue commercial right after seeing a baby get mauled by a silver-back gorilla, or as soothing as getting a back massage with nothing but 40-grit sandpaper. I should've never sunken this much time and energy into my "privacy and security journey" if I knew it'd yield me increased anxiety, paranoia, and anything but true security.

de0u

ironwindow The good news is that by taking elevated precautions you can shield yourself from a strong majority of simple cheap drive-by attacks. At some point what's left is that if a well-resourced actor or agency focuses on you in particular they may well succeed. But those actors inherently can't focus on many people at the same time, and compromising a careful target requires "spending" zero-day exploits or other large expenses.

Overall, if you want to protect everything against all theoretical threats you will exhaust yourself pointlessly. It's better to figure out what you most want to protect, from whom, take sensible measures, and then stop.

Trying to add just one more technique to achieve complete invulnerability is not possible. Probably settle for being fairly expensive for your most likely adversaries to compromise, then climb a mountain or canoe down a river.

Michael2852

ironwindow Hotspots in particular appear to be, at least on paper, an attractive attack vector. Everything that the stranger does online, like visiting a sketchy website, would go through and have to be handled by my phone

But its only go through an no code is executed, right?

Michael2852

ironwindow For example, if I were to use Qubes OS, I wouldn't worry a bit about connecting to public wifi. Qubes is set up in such a way that different software & activities of varying trust/security can be separated into different VM's, or in other words, qubes. That way, if one qube has malware or is compromised, that compromise is contained within that one qube and other qubes are unaffected.

Isn't this the same ike Android app sandboxing but more RAM heavy?

« Previous Page