Need mobile phone without WiFi, BT, Data, Camera, and Apps

EnthusiastXYZ

Limp Gawd
Joined
Jun 26, 2020
Messages
221
Mobile radio (talk) is 100% insecure due to utilization of the ancient SS7. 4G/LTE/5G encryption can be easily downgraded to 3G/2G. That makes it almost impossible to protect yourself against Stingrays/IMSI catchers. Most people in professional world do not use Signal. They use SS7-based mobile phones. I have to have one, but I want the lowest attack surface possible. I want a mobile phone that can support mini or nano SIM card, but have absolutely no WiFi, no Bluetooth, no mobile data, and no camera. It needs to be super-basic. I can't find such a phone that isn't a burner phone! Need advice...
 
Let me know what you find. I'm rocking a Sonim XP5S or something. Super basic. No apps. But I'm stuck with Wi-Fi, BT, and a camera. I'd love to have a stripped down device with nothing.
 
I just saw this mentioned elsewhere. It's not quite what you asked for, but it's darn close. It's got bluetooth and wifi, but you don't really need to use them. There's a lower model without wifi, I think, but it's also GSM only, and US networks are turning off 2g (or already did)
 
Pinephone, but the gpu is pretty ancient. Has dipswitches to disable the sim modem, wifi, bt, cam, and mic. There are builds of android and linux that run on it, but be aware the software is very wip.
 
Last edited:
It's not in the realm of science fiction to actually "make" one using a GSM module, Arduino/ESP, e-paper.

It would be a hefty project, though, with many overlapping fields, like 3D printing, electronics and embedded software engineering.
It's on my bucket list.
 
Pinephone seems like the most feasible idea because of hardware switches. If there is way to enable mobile data via software-only, then on-device VPN capability becomes a requirement not met by Light Phone or Punkt. The prices for those phones are also too high. For such prices, I would just get a Pixel 4a and install Graphene OS with whichever VPN on it. There's got to be something even simpler than those recommendations. It can be old, very old, as long as existing GSM/CDMA providers can support it.

Is it possible to disable mobile data completely on Pinephone?
 
Very nice. Crazy, but neat.

The one I would theoretically be able to do is this: https://www.cnx-software.com/2018/10/26/makerphone-esp32-diy-mobile-phone-micropython-arduino/
But I've already spread myself quite thin on two time sinking projects, and I'm not capable enough in all those fields. Heck, I'd probably have to get an unlimited plan SIM card just to safely experiment in case I butt dial the ISS.

Overall it's a two-board setup - one is the ESP with logic, storage, interfacing and the other is the GSM module with which you talk through a serial connection.
 
Very nice. Crazy, but neat.

The one I would theoretically be able to do is this: https://www.cnx-software.com/2018/10/26/makerphone-esp32-diy-mobile-phone-micropython-arduino/
But I've already spread myself quite thin on two time sinking projects, and I'm not capable enough in all those fields. Heck, I'd probably have to get an unlimited plan SIM card just to safely experiment in case I butt dial the ISS.

Overall it's a two-board setup - one is the ESP with logic, storage, interfacing and the other is the GSM module with which you talk through a serial connection.
Yeah, what I understand from hanging out in the pinephone community is the gsm modem is it's own little SoC, with an OS (firmware) and everything. Pretty neat, but also a bit scary since the fw is closed, and the interfaces not officially documented. Of course, that may not be the case with an older modem or one from another company–my knowledge doesn't extend that far.

They're banging on an open source OS for the pp's modem, but it's slow going since any slip-up could mean a bricked modem.
 
IMHO, there is no way to properly secure a cell phone as the tower/system architecture prioritizes QoS over verification/security (why stingrays are even a thing).

You would be better off using a dedicated call routing mechanism that goes to a cellphone when needed but routes to a voip on your home network when you geolocate to your residence. This allows a hard shut down / battery removal of cell devices within that fenced area.

There is a reason emitters (even fitness trackers) are not allowed in high security environments. Also IMHO, if you are willing to accept the inherent flaws of the cell network to get the benefit of mobile communications, you will be better off just editing your usage activity to understand that environment.
 
IMHO, there is no way to properly secure a cell phone as the tower/system architecture prioritizes QoS over verification/security (why stingrays are even a thing).

You would be better off using a dedicated call routing mechanism that goes to a cellphone when needed but routes to a voip on your home network when you geolocate to your residence. This allows a hard shut down / battery removal of cell devices within that fenced area.

There is a reason emitters (even fitness trackers) are not allowed in high security environments. Also IMHO, if you are willing to accept the inherent flaws of the cell network to get the benefit of mobile communications, you will be better off just editing your usage activity to understand that environment.

The reason I want such a simple phone is to make sure that compromising such a phone cannot connect to LAN/WLAN, cannot compromise LAN/WLAN, and cannot reveal sensitive information about LAN/WLAN. There is no way for a mobile carrier to turn on phone WiFi if phone doesn't have WiFi (hardware) capabilities. Forwarding mobile radio calls to/from VoIP that is on LAN/WLAN could reveal at least some information about LAN/WLAN.

Google Voice can do what you advice. You can use a landline or mobile number to create a Google Voice number, then remove the number you used to create Google Voice from Google Voice account. Afterwards you can connect/disconnect whichever phone number to that Google Voice number (for forwarding) at will, but Google verifies each new number you connect to Google Voice over SMS or voice call to that new number. What is good is that you can select to have Google Voice forward SMS and Voicemail to a secure and private email address, such as ProtonMail and/or Tutanota. That way you don't have to login to your Google account to see who called, when, and to see text messages themselves. Google Voice can be used from PC and routed through VPN without revealing your local IP. Google Voice on Android uses STUN and logs indicate it does reveal your mobile phone's local IP.

You can also use something called Gnirehtet, a USB reverse-tethering app that acts as VPN tunnel to route information over USB to your PC. With Gnirehtet you can temporarily remove SIM card from your phone, connect PC to VPN, then connect phone to PC and use Google Voice that way, making a landline-based VoIP solution.

Another idea is to have a data-only plan and only use Google Voice. Data connection can VPN to route all Google Voice calls where mobile data is available. In such a case, a Stingray-based downgrade to a non-data protocol would make phone calls impossible, but if available (and/or intercepted) mobile data would always stay encrypted. I think...
 
The reason I want such a simple phone is to make sure that compromising such a phone cannot connect to LAN/WLAN, cannot compromise LAN/WLAN, and cannot reveal sensitive information about LAN/WLAN. There is no way for a mobile carrier to turn on phone WiFi if phone doesn't have WiFi (hardware) capabilities. Forwarding mobile radio calls to/from VoIP that is on LAN/WLAN could reveal at least some information about LAN/WLAN.

I mean, if you want to go even higher and righter on the paranoia scale, you'd still be at risk from airgap attacks since the phone has a speaker and microphone... :D
 
Back
Top