Thread: Sailfish on Turing Phones?
View Single Post
juiceme is offline juiceme
2016-02-09 , 06:02
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#195
Originally Posted by gaelic View Post
What I don't get:

Turingphone is advertising a "secure" phone.

But Sailfish OS as of today is nothing secure at all: the disk is not encrypted and screenlocking is only half baked. Anyone can just connect via USB and read all data in cleatext.
That's a fairly tall order, how are you going to do that?

I assume you are talking about the case that user has set up the USB port in "automatic filesystem export" mode. And even in that case I think you cannot access anything if the device is locked, right?
(at least SSH via USB cannot connect to device when it is locked... I am not sure about the disk export because I don't use that.)

If you have bootlock in the device there's not possibility for Evil Maid attack either.

Just about the only way to get at some data is to remove the SD card, and if you do not have that encrypted.... well that's your problem then.

And BTW, this is all beside the point anyway; The rumoured "Turing Phone" if it ever exists is without USB and without SD card so those attack vectors are out-of-scope....
 

The Following 6 Users Say Thank You to juiceme For This Useful Post: