Safe alternative uses of a GrapheneOS device after retiring as a phone

DeletedUser237

Artn If you can isolate the device from your 'main' network with vlans yeah I don't see a reason why not. Just treat it as a compromised one and don't allow any inbound traffic from it to your other vlans.

DeletedUser237

de0u I think you're overthinking this a bit, for a device that would 'just' be a more powerful raspi controlling home assistant it would have to be exposed to internet to be popped.. Obviously it could happen that it would pull a malicious update to some app or be compromised via some sophisticated TA who would pop their router first, but honestly just treat it as any IoT and put it in separate vlan with no traffic allowed to be initiated to your internal network and it's good to go.

de0u

DeletedUser237 It would have to be exposed to internet to be popped.

It would be nice if that were true, but RCE vulnerabilities have been found in Wi-Fi firmware before. Two random examples:

Or Bluetooth:

https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html

The notion that all attacks must arrive via the Internet is not really accurate.

DeletedUser237

de0u How do you think any of the vulns would be exploited? Not the BT but the two wifi ones I meant

de0u

DeletedUser237 How do you think any of the vulns would be exploited?

To be clear, I am not predicting that any individual device on some particular person's home network would be exploited. That said, these are known threats: Cantenna / WokFi / Bluetooth rifle.

DeletedUser237

de0u No, my question was how do you think such a device would be attacked via any given exploit if it would not be (directly) connected to internet?

de0u

DeletedUser237 My question was how do you think such a device would be attacked via any given exploit if it would not be (directly) connected to internet?

If a bored teenager half a mile from the device points a directional antenna at it, and if the vulnerability does not involve being authenticated to the same Wi-Fi network as the target, it doesn't matter whether the device is "connected to the Internet". Wi-Fi devices do process frames, e.g., beacon frames, from senders they may not be connected to.

Here is a 2021 example where connecting an iPhone to a Wi-Fi network with an SSID containing "bad" characters resulted in a DoS: Don’t Connect Your iPhone to This Wifi Network. But there is no rule that a bug like this would require connection, or that Pixel Wi-Fi firmware wouldn't be vulnerable, or that such a bug would be DoS rather than RCE.

Complicated radio firmware constitutes attack surface, which is plausibly attackable by anybody in range via a directional antenna, whether or not the device with the radio is "connected to the Internet".

DeletedUser237

de0u All fair and valid points and don't get.me wrong not trying to downplay nor challenge you in any way, but I wouldn't lose my sleep over a potential 'directed' attack, that is not as easy as running burp/any other scanner and pretending you hacked someone. Just my 2c, I am not trying to convince anyone to anything here.

Artn

de0u Thank you. Having examples of potential security threats from different use cases was exactly what I would like to know.

« Previous Page