Pixel hardware mods for true Air-Gapped OS functionality

Joy69

I'm wondering if anyone has tried to air gap a pixel with graphene OS installed.

Has anyone ever tried to disassemble a pixel and remove the cellular, wifi, bluetooth, NFC, GNSS, Microphone Camera hardware components
And be able to use the phone with GrapheneOS with it not being bricked?

A Truly air-gap device that is intended for solely offline use. Where only apps can be installed via USB data transfer.

If not what's a good way or good device to do this with. To use as a off-the-grid password manager, data manager, no taking calendar, pretty much everything that doesn't involve internet

Any ideas or suggestions or thoughts?

DeletedUser288

Joy69 A Truly air-gap device that is intended for solely offline use.

GrapheneOS is for mobile phones, not for obscure niche use cases. All modern software is complex and bug-loaden, so it needs regular updates. Contradicts air-gapped fundamentally.

argante

Joy69 This is partially possible. See NitroPhone - this is a Pixel with GOS, but you have the option to buy it without a microphone, camera and gyroscope (can be used to capture sound). As for unsoldering the cellular modem, it is very invasive. In Pixel 9 it is quite easy to disconnect the cellular antenna and without it the modem should not work properly. The cellular antenna is at the top of the phone and can be disconnected. Write to NitroKey about whether they can remove the cellular modem. I'm curious about the answer myself. I do not know about Bluetooth and Wifi, but this can be easily disabled directly from the GOS settings and it should not pose a big risk. If you want to avoid Wi-Fi, you can access the network using a USB-C to RJ45 adapter.

EDIT: As far as I know, you can send your phone to NitroKey for this service. So you don't have to buy a new phone from them.

DeletedUser203

Or get the German Nitrokey phone done for you.

Joy69

DeletedUser203 that seems like a great phone. I've never heard of it before. I'm going to do more research on it and see if it's a contender

Joy69

Joy69
DeletedUser203 Nitro phone seems to have grapheneOS and have the capability to remove the hardware microphone, radio, and cameras. Thank you for providing this information. Have you used this phone or have experience with them?

Joy69

DeletedUser288 Yes I'm searching for a mobile phone that can run a significant amount of apps, something that fits in the pocket. Currently keeping the phone on airplane mode all the time but want to go one step further and remove the hardware.

On the contrary, one needs a device that is regularly maintained and updated.
GrapheneOS can still be updated, I'm not sure why you're saying that it can't, via command line update with USB

admin

Fairphone devices lack basic security features and patches. They do not meet the requirements to run GrapheneOS. That was a poor recommendation, especially given the context of this being the GrapheneOS forum.

someone27281

I think you are thinking about air gap devices all wrong.

The threat model of an air gapped device is it is too dangerous to be connected to ANY network, because advanced threat actors WILL try to sneak in. For that kind of model, you need to think about the set up from all angles.

You said you will use USB data transfers to send data. Who will verify that the USB device is not tampered and armed? The threat model requires ANY sort of connectivity to be verifiably vetted to be safe. Also regarding the need of a smartphone, if you install multiple apps, can you verify all apps you install to be not Trojans? What about the physical security? Can the threat actor hit you with a tire iron and collect your device anyway?

A correct set up of an air gapped device is:

The device (say, device X) has a stripped down operating system based on Linux or BSD or similar which has minimal amount of functions which is specifically set up to do what you want to do and nothing more
The primary disk of X is set to be read only. You set up another device Y that is a copy of X but it's sole functionality is to securely verify that the data in X 's primary drive is in a known safe state and is not tampered or corrupted. The verification tool must be hardened as possible.
Both devices is always in an power off state, with both drives are separately stored in a secure physical vault. The device X and Y is also stored in it's own secure room with high physical protection.
Any electronic device that goes inside the secure room must be checked with state of the art malware detection mechanism. This includes everything from a USB device to a digital watch.
Only authorised people must go in and come out with full body checking

Pretty sure unless you are Mr. Trump or someone on behalf of him, you need a truly air gapped device. All other "air gapped" devices has flaws and if someone is willing to use a zero day on you, someone is willing to defeat your air gap. Sometimes a simple tire iron would be all that is needed.

Edit: for your actual use case, get a normal GOS device, keep it up to date. Disable network connectivity on your apps and don't put a target on your back.

ignoramous

someone27281 threat model of an air gapped device is it is too dangerous to be connected to ANY network

Air-gapped setups cannot afford to have any form of communication (not just over "computer networks"). For example, data transfer over sound or lights (LEDs) & sounds (typing) on keyboards, heck, even power modulation (archived).

In practice, USB ports are often exploited to compromise air-gapped setups.