Threat model: Concealing my location from dangerous assailants. I presume them to have capabilities to leverage SS7 attacks by outsourcing hacks.
People make arguments for ditching the Sim and going wifi only. Makes sense.
However...
I cannot use house WiFi/ethernet consistently due to a nomadic lifestyle.
Two possible solutions to follow shortly, but before that...
Attacks surface considerations:
I would still have apps and online practices which are linked to my real identity. Think email apps, Instagram, whatsapp (with donor number from a voip or burner phone app) etc.
Solution 1:
4G hotspot device with sim, connected via ethernet adaptor as best practice to silence radios.
The police would know my router IMEI and sim to safeguard me, but no one else would ever know. Data from the Pixel would be encrypted on device, and speak to the world via the 4g hotspot, so we can presume anonymity and privacy is achieved with reference to the network.
Solution 2:
Have sim in Pixel, but use a burner phone app/VOIP number to register for all things. Do not share my real number with anyone. WhatsApp will not link to my real sim. Again, only pice and government kniw my real sim details.
Questions:
Could malicious code injection or phishing attacks exploit the phone (or user) such that personal info can be scraped (either from the phone or the router) and returned to the attacker. That is, could a hacker send a request for information (presumably via STK) to collect info on where I am?
With regard to the above, can anyone comment if GOS is robust and effective in blocking STK commands triggered by unsolicited SMS, code injection, etc?
Other considerations:
Hardening of baseband is no doubt stronger on Pixel with GOS than on 4G travel router. But because no one would know my real sim in either solution, the quality/efficacy of baseband hardening on phone vs 4G travel router might be a moot point.
However, if anyone can ever ascertain my Pixel sim with Solution 2, then I'm fully exposed and any STK requests may return cell tower triangulation and GPS info with ease as it bypasses any OS toggles and communicates with hardware directly. The 4G router has no GPS so provides a safety buffer that the phone cannot if anyone does discover the associated device sim.
Can anyone offer some insight on how well either of these set-ups could defend against remote attacks like the ones described?
What are peoples opinions?