Tell HN: Your Android carrier can remotely turn settings on

234 points by brainchild-adam ↗ HN
My wife is currently in Germany and had cell broadcast warnings disabled on her Android 11 device. Apparently, the local carrier she uses turns them back on remotely. She gets notified of this. "Settings changed by carrier."

(1) Were you aware that carriers can remotely override your settings like this? (2) Any strategies to keep something like this from happening besides rooting the device? (3) How do you feel about this type of remote control by a third party?

I must say I strongly dislike losing control over my own device. It feels dystopian to me.

I also couldn't find any mention of this particular power of carriers apart from one lonely Reddit post about someone trying to turn off Amber alerts [1].

---------------- EDIT: Additional info for clarity:

The settings I am referring to are under "Apps & notifications"/"Wireless emergency alerts". They are about controlling whether to and which alerts one wants to receive on their phone.

It's an unlocked Android One device. The carrier seems to be able to remotely change these settings (see the referenced Reddit post as well), which I would never expect. It seems to be because of the SIM the phone uses and the network it connects to. No user-controlled software change like updates.

----------------

[1] https://old.reddit.com/r/GooglePixel/comments/zebvs4/settings_changed_by_carrier/

298 comments

[ 3.9 ms ] story [ 278 ms ] thread
(1) No, but not surprised, (2) don't have a phone, (3) I don't like it, that's why I don't have a phone.
How do you manage w/o a phone?

Some of our bank accounts require using an Android (or iPhone) app, for example. Messengers like Signal don't work w/o a smartphone. COVID-related apps for traveling. I could continue.

Genuinely curious.

I don't use or carry a phone. The long and short of it boils down to things working just the way they do with a phone, just more human involvement, like requesting a paper menu, or handing someone money directly. You make plans to be at a place at a time, then you just show up.
> bank

Choosing your bank according to the provision of acceptable services.

> messengers

You just need an OS somewhere (not necessarily a smartphone)

> travelling

Cannot really help: if some administration requested a smartphone, I would either try to avoid it or buy some provisional, temporary thing.

Note really an issue, I've never had one. Banking is mostly on paper, sometimes I phone them up. Not bothered with messengers, travelling in the EU, there was always a paper-form alternative for that. The main upside is the looks of disbelief (and occasional panic) when you respond "don't have one" to a demand for mobile number :-)
Yes, I am aware carrier can control carrier/network settings since those are loaded from network anyway, you can try to override them, but obviously if it's something like Cell Broadcast, call forwarding/barring or caller ID and others, carrier can decide to use different settingh from yours.

I feel like you are confusing local Android settings with carrier settings loaded from network. For instance carrier is not going to change setting of your default keyboard or ringtone without (carrier customized) system update.

Thank you. I should have been more explicit.

The settings I am referring to are under "Apps & notifications"/"Wireless emergency alerts". They are about controlling whether to and which alerts one wants to receive on their phone.

This not only seems very user-facing to me, it's also something I definitely would want to have control over.

It's an unlocked Android One device. The carrier seems to be able to remotely change these settings (see the referenced Reddit post as well), which I would never expect. It seems to be because of the SIM the phone uses and the network it connects to. No user-controlled software change like updates.

Does my surprise make more sense now?

It doesn't really matter under what setting it's placed in the OS, but "emergency alerts" or CB is clearly network setting/service, so it's not surprising carrier can control status of this setting/service and override what you set in the phone.
Not... really? It's not the setting for whether the phone receives alerts; it's the setting for what the UI does in response (make a bunch of noise vs accept silently). The UI is very much on the user-controlled side of the phone.
they try to avoid people accidentally switching it off, it's much less harm if you hear it than vice versa
I'm aware that this is their reasoning. I do not accept this as an argument for it being a carrier setting.
iPhone too, not just Android. At least in Germany, and Israel.
No required. In iOS can be disabled. Also in Germany.
No, the highest level cannot be disabled.
I have 2 phones. In one I disabled it, and did not get the alarm. The other one was enabled and received the alarm. It can be disabled. Period.
1) yes, but only got the warning once. 2) I think you need to root and disable OTA updates, but never tried. 3) Hate it, but I think it's a drop in an ocean of control, and probably way more harmless than depending on Google for everything (at least in my case). Not an Apple user, but apparently this is also a thing on Apple devices: https://www.vox.com/2015/2/12/11558938/what-is-this-carrier-...
It's part of the mandated law in certain countries so it's normal to be implemented there.
I was not aware this could be done remotely explicitly going against settings the user himself has set.
It’s a carrier setting, you are merely expressing a preference.
Phone (call, data) interception is mandated in a lot of countries (i.e. operators have to do it is presented with a judicial mandate) against the wishes of user too. This setting is in the same vein, in order to allow authority controlled public broadcasts.
Governments hijacking infrastructure is not remotely the same as governments hijacking personal devices.
You are at mercy of the whims of your local government. You don't like it? Then fight to join the local government.
They are not hijacking your personal device.

Your personal device is letting you know your carrier does not provide an option for this setting.

(1) I wasn't aware of it, but I am not surprised that something like this was written into the standard (presumably. I doubt carriers rolled their own thing)

(2) All the ways I can think off are significantly harder than rooting, so essentially no.

(3) I don't really mind that much, I have Google services running on my phone and I am certain those can do far more than my carrier could ever dream off. I have begrudgingly accepted those, so it would be a bit hypocritical to complain about my carrier turning cell broadcast back on. Especially since "turning cell broadcast back on" is a use case that I can see the argument behind.

It you care about this then I suggest you look up the relevant standard documents, probably you will find this behavior documented there.

> written into the standard

What standard are you referring to?

Parts of it are in the GSM, CDMA, CDMA2000, '3g', LTE, 4g/5g standards. They are thousands of pages long. They do quite a bit. Usually baked into the firmware from whoever makes the chipset.
(comment deleted)
IMHO, carrier settings are a small portion and not super impactful part of the phone configuration you see in the settings list. This is actually a somewhat cool feature. Imagine going to another country, jumping on another network and your phone automatically knows what cell bands and towers to connect to.

Carriers can't change regular settings like language, lock screen code or background. Just what cell towers you connect to and a short list of telephony related features. Please correct me if I'm wrong.

The part you mention I was aware of and am actually thankful for. This, at least to me, goes much further. Hence the shock. Updated my post w/more details so it makes more sense (hopefully).
I don't know if this happens in The Netherlands, but if they forced your phone to receive NL Alerts it would seem very reasonable to me. Only the government issues those.

I've understood cell broadcasts are also used for advertisements/otherwise spammy stuff in eg. the US? Then I could understand you considering cell broadcast being turned on being unreasonable

The fact the government issues the alerts doesn't mean the government won't get pressured into sending spammy messages.

For example, what politician could turn down the grieving parents of a kidnapped child, when they call for using the emergency alert system for missing children?

But if I work from home, and there aren't any kidnapped children in my home, then waking me up at 5am with a missing child alert just inconveniences for no benefit to anyone.

> inconveniences for no benefit to anyone.

Everyone will be forced to see how much they care which proves how good they are, like it or not!

Stranger than waking people up from sleep for a custody disagreement, is when they'd broadcast those on TV... The purpose of those is not to find the kid, but to send a message to TV viewers, none of whom would be of any assistance in finding the kid.

You see this display of "care" with storm sirens being set off after the storm already passed the area.

You can turn it off. Shouldn’t be too inconvenient if it’s important to you.
This entire thread is about the fact that in some case the carrier can override your decision and turn it back on.
Amber alerts are a well-defined category of messages you can receive. The regulation about what constitutes a legitimate case for an emergency broadcast are very strict and subject to public review, so pretty hard to misuse for unrelated purposes.
Yet, no one is forcing governments to use the system as-designed. In Quebec, on my phone, I can disable quite a few types of cell broadcast alerts like AMBER alerts, Test alerts, etc. The only hidden setting is the one for presidential alerts.

Well guess what? The Quebec government sends every type of alert, even the regular test ones, with the presidential alert severity which makes all of these settings useless and does nothing but irritate the population with spammy messages. Recently, they sent out an AMBER alert that was supposed to be localized in some area and, instead, sent it everywhere in Quebec except for the affected area. This is exactly why people have the right to remain skeptical about alert systems like this one.

> I've understood cell broadcasts are also used for advertisements/otherwise spammy stuff in eg. the US?

Err, no - emergency alerts aren’t used for advertising here.

How much of the baseband driver do they have access to on your device?
> Imagine going to another country, jumping on another network and your phone automatically knows what cell bands and towers to connect to.

They already do that. Or, rather they don't need to "know" anything; a phone with no signal will scan through all the bands it has a radio for, and will find a network to connect to. If a network rejects the connection, it'll move on to another.

This is also something that traditionally has been configurable: you can tell your phone not to do this, if you want, and it will obey your command. But allowing the carrier to change settings on the phone after a connection is established is pretty intrusive, IMO.

(1) Yeah, though I definitely forgot. In my country, it used to be really hard to find a plan with mobile hotspot, which used to be a x€/month (don't remember the number) option that would just hide the setting. That was a very long time ago since I saw on but I think some plans still have those restrictions and use that method to enforce it.

(2) Changing to a device that doesn't have that feature. Which probably means no Android and no iOS. I would not be willing to do so, I'd change carrier instead if it was problematic enough to me.

(3) I don't mind when it's to set settings for a good reason. I assume some settings are configured that way for the phone to properly work on the carrier network. On the other hand, I hate it when it's to enforce a stupid thing or extract more money from a built-in feature.

Yes, Cell Broadcasts are controllable by carriers and that's even mandated in some countries (e.g in USA the carrier can send out a broadcast that will ignore all "silent phone" settings and scream loudly no matter what you've set and where). This will happen on all phones allowed to be used in those regions - whether Apple, Google, Samsung, Nokia or even Huawei.

You can attempt to disable it, but you need to be aware that in many places it's outright illegal for phone manufacturer and carrier to allow that.

> e.g in USA the carrier can send out a broadcast that will ignore all "silent phone" settings and scream loudly no matter what you've set and where

My iOS settings and experience differ from this rather greatly - can you cite any such laws or regulations?

I have clear settings on my up to date ios device in the US, on a large American carrier that allow me to a)ignore emergency alerts, b) get them but silently if my phone is in silent mode, or c) allow them through at full blast.

There are types of broadcasts even in US (IIRC Presidental broadcasts, but don't quote me on that) that will ignore your settings.

See https://support.apple.com/en-us/HT202743 - note the little "3" note where it says that some broadcasts in some regions can't be disabled?

I used to work for a carrier and yes, there are some settings that can be changed. If your phone is locked to a carrier it can even hot-replace applications without you noticing (useful for embedded carrier applications that donwload a full APK when you open the one installed in the device by default)

I believe these varies by country, since this was done for a limited set of countries my Company sas operating on

If you can do it, or your phone is able to do it. Then it can be done remotely by the carrier and sometimes the ODM. Usually initiated by SMS that you will never see.
These are emergency broadcast alerts. Different countries have different laws on these - and in some countries you might not even be able to disable them.

Just because its listed under "Apps & notifications"/"Wireless emergency alerts", it doesn't mean they are "user settings". Its not necessarily the local "carrier" that turned the settings on, its more that connecting to a cell tower in a particular jurisdiction can enforce receiving emergency alerts.

More on the EU alerts systems: https://en.wikipedia.org/wiki/EU-Alert

Just because another country has a law does not mean my phone should disregard what I told it to do.

This absolutely is a user setting.

How far we've fallen from sharing the DeCSS flag, to arguing that users shouldn't have control over their devices, and governments and carriers should.

The local (EU) law about emergency broadcast is clear in that it applies to both residents and visitors, and alerts are to be delivered without the need for “opt-in”. In other words, if you’re in range of local services, you must receive the alerts (which, you know, is handy in case of an actual emergency).
Gotcha. I'll just draft a law saying all devices must automatically unencrypt themselves when they enter my country's borders.

Hey, it's the law! You must comply, and for your convenience, your phone will do that automatically for you!

Good grief.

If you do not like the regulation, fight to change it. Do not expect your devices to do the fighting for you.
My devices should absolutely work on my behalf, and only my behalf, i.e. "do the fighting for me".
A better response to these laws would be that the device should just stop working if the settings I have selected conflict with local law. The cell towers are free to refuse to allow my phone to connect. They should send some sort of message to me to tell me what I'd need to do in order to comply with local law and be allowed on the network.

But of course, that wouldn't be convenient, and a lot of people would be confused, and that would generate costly support calls, so they'd rather just violate the sanctity of the things we apparently don't really own and put intrusive hooks into "our" hardware and software.

In the case of this particular requirement -- that wireless alerts be enabled -- I would almost certainly just enable them and go about my day. But reaching into my device and changing things without my consent crosses a line.

You can do that now with nearly all of the big carriers around the world.

You just need to sign a service level agreement along with paying for them to develop that feature and deploy it on your phone.

Given that the fight is between megacorps, megastates and ~mega~individuals, it feels like a slightly uneven fight.

The people who have the power to make the phones vs the people who have the power to make laws and prevent the makers from selling, vs a few individuals who actually care and a large majority who do not have the time to care.

I’d love to vote with my wallet, but I live in a country that 90%+ votes against me, so my vote is meaningless.

If you are in fact the monarch of a sovereign nation, you can indeed give companies a choice: "either design your products to automatically decrypt themselves when they enter my territory, or don't do business in my country."

Companies will then be forced to make a decision based on the market size of your country. Or they will break the law, and you will have to deal with enforcement.

Most companies would like to do business in the EU.

> Companies will then, of course, be forced to make a decision based on the market size of your country.

And as we've seen time and time again, China can get away with a lot of bullshit with demands anywhere from tech to culture (e.g. MCU films that ended up censored). At least now, Apple has woken up and begun moving off production to Vietnam, and Marvel has decided to ignore Chinese demands after all.

My device should serve me, not the EU. If I choose to violate EU emergency alert laws, that's on me.
For other use cases, I'd probably agree with you. But you being startled and confused during an emergency because you didn't see the instructions on time can be very dangerous for everyone around you. It's not just on you.
The marginal upside to everyone else is not even close to worth the marginal downside to me. It's my choice to make. If a government wants to force messages on me so badly, they can set up something like an air raid siren (and they typically do, for actual emergencies).
For people suffering from certain mental health issues, the alert itself can cause significant problems for them and others.

If you suffer from panic attacks, for example, and these alerts trigger them, they do not help you, no matter how well intended.

If you suffer from (C)PTSD, and these alerts trigger flooding, they actually make everything worse.

If this were to happen while you are driving, you might even cause an accident.

The world is sadly too complex for simple solutions that assume something to be always good or helpful.

Which is why I believe it's important for the user to eventually control his device.

If there is emergency, I'm sure you'll find out very soon that something is happening. We are usually not living in lone solitudies.
the same applies when the device is off, or i left it at home. unless there is a law that requires me to carry a functioning, powered device to receive emergency alerts at all times, there is no reason why a device should be required to receive alerts just because it is capable of receiving them. if i turn of alerts on my device, then it's no different from a device that doesn't have the capability to receive alerts.
Then you probably don't have one of those fancy new things called smartphones, as they are all very locked down and don't allow you to access or modify a lot of system settings, limit access to files apps create, don't allow to move some apps to the SD card, some of them even disallow you from installing apps from anywhere but their own app store. Certainly you don't have one of those devices that treat the user in a completely patronizong way.

Of course, you can liberate yourself quite a bit from the draconian rule of the manufacturer by rooting the device, but then you're also able to disable cell broadcasts permanently...

Notice that I used the word "should", not "does". And, in fact, I am deeply concerned about the war on general purpose computing.
(comment deleted)
I guess if we're at a point where the law says the phone must have a function and the user doesn't want that function to operate, the only real option is that the phone just not function in that region?
People keep failing to understand that if you can't make your device do something that is illegal, it's not /your/ device. It's that simple. Politically crafted laws are not physical laws of the universe, they not only can be violated, they often /should/ be violated. Laws are not a moral imperative. This particular law (emergency alerts) might not be an issue, but the fact that your device will follow the government's mandate over the user's choice is all we really need to know about that device.
It's not the default of the device though.

We need to get rid of those in power who decide on things they have no fucking clue about it. The easiest way to do that is to not just go vote, but educate everyone else about who is running and why they are/are not a good choice. The harder way is also (at least for the US folks) showing up and engaging at primary votes and holding the primary candidates accountable, which takes a lot more effort but has the advantage that your vote is amplified in its effects.

Just root the device, then you can disable it. And don't give me any of this "it should be possible to do this without rooting the phone"

Smartphones are already locked down in a million other ways compared to eg a desktop Linux install. Why is this different?

> Smartphones are already locked down in a million other ways compared to eg a desktop Linux install. Why is this different?

It's not, but it's bad that smartphones are locked down like that, so we should be pushing back on it at every opportunity.

I'm with you there and in general, it just feels like a rather minor point even just compared to the excessive tracking Apple and Google do. I'm just thinking of the recent news where it was discovered iphones still send tracking data home even if disabled in the settings. That's way more concerning to me at least.
> all we really need to know about that device.

Namely, that it's created by a party / parties also subject to (and abiding by) these laws?

I'm not sure what you plan to do with this information; certainly a law-abiding supplier is more likely to remain in business, so perhaps it's indicative of a better chance of receiving long-term support for the device...

You enter a new country, in case Germany, you're automatically opted in to the emergency broadcast notifications, as any other local laws.

The EU legislation allows "opt out" from level 2/level 3 notifications, but is based on the notion that messages are received "without the need for the public to have to opt-in".

So for compliance sake, you're opted in. Maybe this should only happen the first time you enter EU or a member state, and then either your phone or cell service provider should remember your preference (which is probably not worth the resources to implement for the cell service provider, but maybe your phone already does?).

I'd be interested to see if this already exists, i.e. do you only need to opt out in Germany once? Does that opt-out at EU level?

When your wife disabled notifications, she merely opted out of notifications in whatever jurisdiction she was in (presumably US?), but opting out of something in US doesn't mean you opted out of every other similar law from every other nation state.

She actually opted out already being in Germany, and once she noticed the reverted settings, she turned them off again. Only to find they get turned back on by the carrier, enforcing a specific set of settings against her will. Which is when she told me about it. In this case it's more about the principle. At least for now.
If it's not a user setting, then it shouldn't be listed with all the other user settings, and labeled as something the user has control over. At the very least, any setting that can be overridden by the carrier should have a note or warning next to it, stating that.

The fact that it's so unclear leads me to wonder what other settings -- perhaps some related to my security or privacy -- the carrier can modify without my knowledge.

Hide number setting is something telcos can change remotely, at least its common.
It doesn't really matter what the laws say. When I tell my computer to do something, I expect it to be done, no questions asked. If I tell it to violate a law, I expect that law to be violated. I have free will and the computer must obey that will, not impose somebody else's will on me.
You’re using a utility and you must accept the terms to use that utility. There’s probably some verbiage in your carrier agreement about it.

You can’t disable 911/112 just because you don’t like it either.

9-1-1 doesn’t usually call me at odd hours though.
Is that a thing? At least in this part of the EU, they never ever sound unless it’s a genuine emergency or the monthly test. I’m pretty sure the only reason they would go off is for a tsunami because they don’t even go off for tornados.
Apparently government alerts come though to americans at all times at full volume whenever a parent doesn't return a kid to the other one on time.
I think in the US you can set it to a lower-than-highest level, but in Canada, they send the kid-in-a-custody-dispute ones at the nuclear incident level (which was also sent out by mistake once).

Nothing sadder/funnier than seeing politicians defend their broken system as it increasingly did broken things.

I don't care what the carrier agreement says. If they want to send me the warnings, fine. My phone is perfectly equipped to receive them and will happily display them should I choose to allow it. What's unacceptable to me is forcing my phone to do anything. It doesn't matter to me if there's some piece of paper saying I can't turn them off, I will turn them off and I will resist them if they try to force it on.
I mean, you can try. At some point they may just kick you off the network. No shoes, no shirt, no service. IOW, providers have a right to tell you how and in which fashion you use the service. Just like you can’t walk into a 7/11 butt naked, you apparently can’t go into Germany without enrolling in emergency alerts that probably go off once every decade (not including tests).
Can’t easily disable them in Canada. And all alerts are sent at “presidential” level, while the issuers fail to geo-target them, so you get alerts for “abducted” (usually child custody dispute) several hundred km away.

Buuuuut, these alerts are LTE/5G only, so I’ve set up an iPhone automation to switch my phone to 3G in the evening and back to whatever in the morning to avoid alerts at night. I’ll cry when 3G gets shutdown.

Back in the day my phone carrier in Argentina would send me ultra-high-priority alerts with ads several times a day.

A lot of people in this thread are understandably okay with good carriers doing this for good reasons, but it's very easy to abuse if there aren't strong enough communication laws. From the amount of spam I got when I lived there, I'm surprised this is not happening in America.

Wow, that's obnoxious. I'm sorry you had to suffer that. I live in Brazil and I get constant advertising and phisshing SMS messages, it got to the point I had to kill SMS notifications and forget it even exists. I still get robots trying to call me at random times during the day, there seems to be no way to turn off telephony but it's less disruptive. If my phone had unblockable advertising disguised as high priority disaster alerts I think I'd throw it off a bridge.
use Silence app from fdroid. it let's you mute sms selectively
Absolutely they can. Carriers have access to the system partition aka We do what we want (hopefully they do what makes sense). This is how bloatware is installed (the things you can't get ride of).
Are you sure this is the case? All the carrier app loading implementations that I am aware of (this is a small number) explicitly whitelist some carriers or even some apps by certain carriers. For instance, the implementation I worked on myself (as a reviewer) only granted a single carrier to load one of their apps when the SIM card was inserted.

With that implementation, it would not be possible for any random carrier in a foreign country to load random bloat onto my phone just by me crossing the border to that country.

Your thinking is tainted by the american model where you buy carrier locked phones. But no, that is not usually how it works. The system partition can be modified by the party who issues system updates. Normally this would be the company making the phone, such as Samsung. But in the US, some carriers sell modified phones locked to their network, and in that case the carrier is also the one shipping updates.
Worked at Sprint back in the day and we (I) had to do this. Special certificates to produce a special OS build with the right privileges (carrier specific). The carriers and builders (Samsung etc) work together to get this in place. That on top of zero rating data being sent out for tracking allow the carrier (or builder) to do what they want.
Pretty sure they're "required" in Germany and cannot be disabled by the user.

You travel to other countries, you abide by their laws. This is no different.

No required. In iOS can be disabled.
The highest level cannot. We just had a nationwide test in Germany a few days ago.
I have 2 phones. In one I disabled it, and did not get the alarm. The other one was enabled and received the alarm. It can be disabled. Period.
1) seems pretty obvious. 2) you don't. 3) perfectly fine.
> I must say I strongly dislike losing control over my own device. It feels dystopian to me.

Even with a rooted device where perhaps you personally coded up the ROM you are still missing a piece which is the binary blob that runs the baseband radio. That firmware is, afaik, not something which exists in any sort of open-source or rootable manner. It's a closed blob running proprietary software on your phone, and it runs at a lower level than the ROM/OS does. So, even if you go to great lengths to secure most of the software that runs on the device (a noble goal, it's your hardware after all!) then you still must contend with the uncertainty and perhaps risk (depending on your threat model) of that untrusted code running there. You can search around the web for articles covering baseband radio exploits that span the years...

For the PinePhone you can install a free OS running the Baseband Processor: https://hackaday.com/2022/07/12/open-firmware-for-pinephone-...

Probably illegal and the firmware running the radio hardware is still proprietary.

That's partially open source software on the broader Quectel EC25-G modem, but not the Qualcomm’s MDM9207 baseband that the modem uses.

> Not everything is open in this firmware. The baseband firmware, aka the RF bits known as ADSP firmware, remains closed and not yet reverse-engineered by anyone – you’re not gonna be running OpenBTS on this modem yet.

> The TrustZone kernel remains closed too – my understanding is that it’s signed by Qualcomm.

Moreover, some of these settings restrictions are encouraged or mandatory for the FCC/Ofcom/your-local-radio-regulator to certify your device. This is to prevent people from doing naughty things with the spectrum.
I don't believe this is entirely true anymore. Yes, years ago, the baseband processor (and firmware) had full DMA capabilities to the RAM ostensibly managed by the OS, and could do nefarious things if it wanted to. But I believe nowadays the baseband is a bit more isolated, and communication with it is mediated by the CPU and OS.

Some manufacturers likely still implement the "old" architecture, though.

How can I find out what peripherals my smartphone's baseband processor has access to?
You would hope but to a large extent SMMUs are still not meaningfully deployed in consumer smartphones. Even when they do exist, the bounding enforced upon them are so expansive that it's essentially pointless. For example, one device I found had an SMMU in front of its BT/WiFi chip but, unfortunately, the driver on the AP side configured the SMMU to have access to all of system memory. Baffling.
(comment deleted)
IIRC in purism phones baseband is totally/mostly isolated and has no DMA.

Edit typo

I've disabled them on my phone because it's always either a test or some nonsense "it's too busy in <town> 10km away, stay away". Alerts they would never turn on the sirens for. I'd be very annoyed if my carrier re-enabled alerts.
In Germany people may not be as used to natural disasters and the like, but where I've travelled where the weather is way more extreme, these are like life saving emergency alerts so you don't get sucked into a tornado like a cow or die in a flood or tsunami. I love how jarring the alerts are, there was an incident in the USA recently where some way too close menu entry got hit at an emergency alert center for a nuclear bomb and people ended up taking cover thinking they were going to get nuked in Hawaii [1]. The USA system you can understand the technical workings of here [2] while this seems to cover more of the technical workings of the EU systems [3] - These are simply service area broadcasts [4]

[1] https://en.wikipedia.org/wiki/2018_Hawaii_false_missile_aler...

[2] https://www.youtube.com/watch?v=sdmkTkWB40Q

[3] https://media.ccc.de/v/osmodevcon2019-107-production-grade-c...

[4] https://osmocom.org/projects/cellular-infrastructure/wiki/Se...

You can turn off all the government alerts in iOS, in the US at least. I have had them all off for many years since one woke me up in the middle of the night for no reason.
Quite the opposite in Canada unfortunately, specifically Ontario but other provinces may be a joke as well... Can't turn off alerts, and we're well known for sending them out in the middle of the night, or just sending test alerts with no significant value. Thankfully silent mode turns them into vibrations, I feel sorry for those who use ringtones. Moved back here after living in SF for so long and this feels ass backwards, far preferred the optionality y'all are given.
That is unfortunate. The alert that caused me to turn them all off was even written about in the news that day. Millions of people in the entire NYC metro region had their sleep disturbed and were pissed.

https://nymag.com/intelligencer/2013/07/ambert-alert-phone-4...

I remember group chats of people discussing how to turn it off and my friends and I telling our parents how to turn them off.

Can't you pull out your sim card when you go to bed?
Seems pretty inconvenient, plus the world is moving to eSIM. Although, I wonder if the alert system even cares about SIM. Presumably they would send it out to any device connected to the network, not just those with a SIM?
> there was an incident in the USA [where a mistake] at an emergency alert center had people thought they were going to get nuked in Hawaii

I think your example is a powerful reminder why folks turn off alerts. For most of us tho, it was the bazillionth urgent notice of a non-applicable event.

I'm experiencing the opposite; my wife and I have the same iPhone model (13), with the OS up to date. When we bought the phones, 18 months ago, I customized them to have identical settings; while doing that, I also disabled the Amber Alerts. Still, a few weeks ago, our phones started to emit an unheard (til then) sound in the middle of the night: it was an Amber Alert. WTH? did any of the OS updates enable the AA? I looked at the phones and - hey, where did that setting go? the alerts are no longer visible in Notifications. What's weird, is the fact that you can type "Govern" (for Government Alerts) in the Search field, and Notifications comes up - but, when you go into Notifications, there's nothing there.

I googled the issue and it's affecting quite a lot of people. It's unclear whether the culprit is the provider or a long-standing bug in iOS (the first mention I found is a few years old). Some people suggested that you take out the SIM and the options would reappear. Didn't work in my case.

On my iPhone 12 running iOS 16, the "Government Alerts" section is at the bottom of the Notification settings screen, just need to scroll down for it.
A little tangential, but carriers and hackers can execute arbitrary code on your device through OTA updates with the baseband modem. It's even been done on 5G.

Which also reminds me how the NSA has intentionally crippled standards in the past so they could eavesdrop or inject code without having to go through the carrier. This means Johnny Scriptsalot can do it too.

Carriers can actually send arbitrary AT commands which are more or less arbitrary modem commands. Depending on how deep you think the integration between the broadband controller and the CPU are they could potentially also do much more. I wouldn't trust much on any phone.
Wait until your learn what a country or local government/police can do remotely to the baseband firmware of your phone with a court order...

10-20 years ago the FBI was regularly remotely programming firmware to listen in and record cell phone microphones to capture conversations of suspects. IIRC a mafia case hinged on data gathered in this way so it is not some abstract theoretical or crackpot theory (https://www.cnet.com/news/privacy/fbi-taps-cell-phone-mic-as...).

It's only gotten worse as phones have gotten more capable. You don't own squat about the device in your pocket at all times.

So drug lords throwing mobile phones out of the car window after each call is just a movie trope?
Each phone takes time to be detected, identified, and tampered with. So it may make sense to activate a new burner phone, talk about something sensitive, and destroy it right afterwards, before the law enforcement understands what phone was that.
Call me paranoid but I would assume that intelligence services keep a special eye on newly activated non-smartphones.
Ability to detect and correlate these switches has been documented in Snowden leaks years ago.
Sure, but can they get a warrant and tap it in <24 hours? IDK, but that sure raises the barrier to entry.
When have intelligence services used warrants? They gather evidence illegally and pass it to law enforcement who then do parallel construction.
Whenever they don't want Congress up their ass. Four things can simultaneously be true, despite seeming contradictory:

1) Prudent opsec against nation-state adversaries dictates that you assume 0 time for them to have a tap on a device.

2) In reality, it takes >0 time, because people processes aren't instantaneous.

3) Intelligence services sometimes break the letter of the law.

4) Intelligence services usually follow the law, because it's less hassle.

> Whenever they don't want Congress up their ass.

That's not really a problem when intelligence services can just "remind" any would-be annoying congress person that they have endless amounts of data showing exactly what they and their family members have been doing and could plant whatever they want into the data they already have.

One of the things that finally convinced Snowden to give up everything he had in order to tell the American people that the NSA was violating their constitutional rights was when he watched NSA director James Clapper outright lie right to the faces of congress. After the truth came to light, do you think Mr. Clapper faced any meaningful consequences for that? Nope. Can you guess why not?

Intelligence services are too powerful to be held accountable by anyone. They'll do whatever they want.

I guess Clapper needs to see consequences.

I think I got hacked for trying to run for Congress.

"If video games have taught me anything, it's that if you encounter enemies then you're going the right way." - Ali G

lol

When I worked in a wireless repair shop in early 2000's, we handled the local FBI field office account. Field agents would come in and I'd chat them up as they sat and waited for me to fix their phones.

This was also around the time remote meth labs were getting really common out in rural areas. Multiple agents were talking about how frustrated they were with getting access to burner phones since most of the companies were resellers. They said by the time they got a warrant to start recording the devices, they were already dead.

I guess the bad guys knew their burner phones were only good for about two to three months tops. That was usually the timeframe from when the FBI got a read on a line, saw a judge and got the warrant processed, to contacting the carrier and getting access.

Sounds like whatever was hampering them in the past has been fixed.

In The Wire, Lester sells Bernard tapped burners. It's the only way they could get up on the burners before they were thrown away.

There are a tonne of reddit links on this one so I'll leave it to the Interested Reader.

I am a reporter, and I cover crime. Occasionally, I cover a story whose publication might endanger people. Think cases involving gang violence and/or individuals cooperating with law enforcement. Before I publish those stories, I contact the lead detective on the case to ask whether that concern has merit, and whether certain people’s names, for example, should be anonymized.

In one of those conversations, I was asked to not publish details about the extensive cellular tracking data that had helped to make the case. According to the detective, despite the ubiquitousness of cellular tracking data in prosecutions, your everyday criminal is not doing anything remotely like ‘throwing mobile phones out of the car window after each call.’ Quite the opposite, they are posting pictures of themselves with contraband to Instagram, and using their phones to facilitate crime as if they were untouchable.

Perhaps drug lords are more careful than lower-level dealers, but I’m not so sure. Total conjecture here, but I suspect the money gets to their heads, which leads to a feeling of invincibility — with consequent opsec failures.

If you keep an eye on major arrests, criminals routinely get taken down in essentially the same ways as the criminals who were caught before them. Despite their belief that they had been taking precautions against those failure modes.

I suspect this is survivorship bias: you're more likely to catch criminals who have bad opsec.
You'd think the criminals would at least watch The Wire for some basic OpSec.
A big part of The Wire is the uniqueness of the discipline the criminals have, and ultimately how it stems from 1-2 people at the top.

Also, public telephones are no longer an option.

The problem with any defensive strategy is that the opponent only has to win once.

Street level criminals are like Fast food employees - replaceable. The guys up the chain can be invisible indefinitely, but hooking up with the wrong girl, pissing off the wrong guy, being too impulsive or too deliberate with a decision etc can be the one mistake.

I rotate burner SIM's. I never make calls with the SIM. Instead I use jmp.chat if I need to use OTA calls or SMS. I am in airplane mode 99% of the time and use WIFI instead of cellular. I never activate cellular near my home. I am always connected to VPN so that the traffic cannot be analyzed. My phone is anonymous without any identifiers. I think all this mitigates the baseband attacks, but tell me if I am missing something.
Your location data. Tower associations can still happen with data "off", since there's plenty of "listen" components. All your home wifi connections are well Geo-located, thanks to other Android users picking up the ESSID as they walk / ride / drive past your house. Your shopping / outings? Forget it, fully known.

VPNs hide the content of connections, at least from MITM / eavesdroppers, but server-side data scrapes are quite effective at figuring out who you are (or what your phone is ... see below). Nothing really does a good job of hiding the fact that you are connected to a VPN except TOR, and where that connection originates (e.g., your wifi network, which is well Geo-located, remember?). And de-anonymization of VPN connections to identify downstream connections are possible, IIRC. Details about your phone are well recorded (MAC, SID, etc)

And always remember, your phone can be implicated based on location data, which will implicate you once it's discovered you own the phone. And that's as simple as looking up the SIM purchase / use.

In my country, this one girl is buying prepaid SIMs and selling them on darknet. Which is fully legal. Still she got notified from our intelligence agency, lol. They're butt-hurt a lot from this.
From https://grapheneos.org/faq: "Connecting to your carrier's network inherently depends on you identifying yourself to it and anyone able to obtain administrative access. Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device."

When I am at home, I am WIFI only. When I am out, WIFI & bluetooth are off. This takes some discipline at first but then just becomes habit. I know the spot on my commute home where I switch my settings.

BTW habitually switching at the same time and place is terrible opsec. It leaks a ton of information.
Yeah I'm not sure what information this really protects assuming you're only communicating over encrypted channels (https) already.

In theory it could protect location data from the carrier for locating you with a wild amount of opsec practice but I highly doubt you could pull that off for a daily driver.

Having wifi/bluetooth off in public isn't a terrible idea though as those are generally much easier attack surfaces and are leakier.

It is the same general location about half a mile from home where I flip over. This is to ensure location from cell tower triangulation does not identify my home and therefore me.
It’s all about your threat model.

Suppose you wanted to find someone that aways turned on their phone on at ~8:15 AM and found someone that always turned their phone off at ~8:10 AM within 15 miles. How difficult would you say it was to make this connection?

Nobody is looking for me. I don't have any regular commute either. I just make sure not to use cellular at my house since that would narrow the owner of the SIM down to one of the people living in this house.
Do you own a car with OnStar or SeriusXm ?
I have O*. How do I disable it?
I appreciate the extra information. I'm still skeptical on any phone except the OS/HW combo the faq was written against (which by the way was not in your original post)
I would never trust that. It is how thing are supposed to work, not the way they necessarily will. Just buy a phone with physical disconnect switches if it is important enough for you.
The baseband is an entirely separate SoC that is a blackbox outside of the control of GrapheneOS. And your radios are solely under the control of that system. GrapheneOS just asks it nicely to do things on its behalf.

All of these privacy focussed phone OSes tread lightly on the fact that there are a grand total of zero modern open source basebands in existence.

Agreed. We can only mitigate by tactics: -not associating the device ID's to personal ID's. -only using cellular in limited situations. -rotating the SIMs periodically with other family members
You don’t get to choose those things if you don’t choose what the radio does. Swapping SIMs around doesn’t accomplish that. The hardware and software that the baseband has entirely within the confines of its own black box is enough to track you.
I can promise that airplane mode does not fully disable the cellular radio, at least not on Samsung phones. Repeating a comment above: I can verify they do in fact receive data - I worked an immersive art project that had 100 Samsung cell phones that were in airplane mode, and we found out the hard and noisy way that they were still able to receive emergency and AMBER alerts (U.S. alerts that notify of potential child abductions).
In theory: 1. Wait until you enable the cellular again 2. push an update to the baseband firmware 3. when you disconnect, the new firmware will tell the OS that the baseband is disconnect, in reality, it's doing nasty stuff. You'd only notice it due to the battery draw.

You need burner phones to cycle after each usage.

TBH, seems you cranked up the paranoia to 11. The VPN has to terminate somewhere, so if I was a state actor attacking you, I'd figure out where that is. WiFi+BT firmware isn't bullet proof, either, and hypothetically an exploit chain could be found to enter via WiFi and stealthy enable cellular. In practice XKCD #538 applies: https://xkcd.com/538/

For most of us the attacker is someone trying to make some money by scamming, stealing CC or installing a malicious app.

Airplane mode doesn't shut off your baseband. It just sends it a message saying "go into airplane mode". The firmware is still running. It could still be receiving and sending data for all you know.
I can verify they do in fact receive (if not transmit) data - I worked an immersive art project that had 100 Samsung cell phones that were in airplane mode, and we found out the hard and noisy way that they were still able to receive emergency and AMBER alerts (U.S. alerts that notify of potential child abductions).
They need to add possibility to disactivate the hardware components, in order to save battery power (in addition to disabling the features you mention).
If the VPN is compromised, you're compromised.
What are the odds of seven chained VPNs all being compromised?
Doesn't matter. As long as one is compromised, you're screwed.

VPNs cannot break TLS, (unless you're dealing with the intelligence apparatus of a major power, which probably can break TLS) so they cannot introspect most of the content you send and receive anyways.

What they can do, however, is see the domain name of the HTTP requests you send when setting up TLS.

Chaining VPNs doesn't add security by any metric.

They don't have to break TLS. They just use an exploit to get access to one of the unencrypted sides of the link.
I break into Tiffany's at midnight. Do I go for the vault? No, I go for the chandelier. It's priceless. As I'm taking it down, a woman catches me. She tells me to stop. It's her father's business. She's Tiffany. I say no. We make love all night. In the morning, the cops come and I escape in one of their uniforms. I tell her to meet me in Mexico, but I go to Canada. I don't trust her. Besides, I like the cold. Thirty years later, I get a postcard. I have a son and he's the chief of police. This is where the story gets interesting. I tell Tiffany to meet me in Paris by the Trocadero. She's been waiting for me all these years. She's never taken another lover. I don't care. I don't show up. I go to Berlin. That's where I stashed the chandelier.
Absolutely lost it at the coworking place. Luckily it wasn't too packed. Thank you kind sir.
What on earth does this have to do with the parent post? Please enlighten me.
It's a monologue from The Office which uses similarly extremely short sentence structure as seen in the GGP comment.

It's also possible GP is referencing GGPs arguably paranoid position on phones, relating it to similar paranoias held by Dwight (the character who delivers the monologue).

https://youtu.be/PlIzKaGBeHk

They're both wild tales. /s
(comment deleted)
>maybe spend more time writing your own copy eh, I think people find popular culture references funny because they are already familiar with them
But your essay isn't funny. Fortunately, as they say, practice makes perfect!
>I rotate burner SIM's. I never make calls with the SIM.

Do your family and friends do that?

Maybe it's better to blend in with the noise.

Just curious and I admire your commitment, but is there some aspect of your life that demands this diligence, or are you simply principled?
I just don't like people following me around. It is creepy.
A person's gotta have a hobby and an ethos. More power to you for the dedication.
So you're detected just by Wifi. Ok. Your phone is transmitting every network you saved. As OSINT you can pretty much fingerprint everybody with just that. And even since phones are using randomized MACs, there are methods to leak true MAC.
> Your phone is transmitting every network you saved.

That's not how saved networks work, as far as I know. If you have a source saying otherwise, I would like to read it.

The WiFi spec has something called "active scanning" [0] for clients (as opposed to passive scanning, where the client listens for the periodic AP beacons). There's something called a "directed probe request" [1] that a client can send during active scanning which will contain the AP's SSID it's directed towards. Whether or not your particular device sends these direct probe requests is probably configurable and different per client. According to this [2] post, Android devices will sometimes send SSIDs in a scan, but not all of them and not always. Might be possible to find the logic here in the Android source code, I assume it's there somewhere.

[0]: https://www.wi-fi.org/knowledge-center/faq/what-are-passive-... [1]: https://dot11ap.wordpress.com/active-scanning-probes/ [2]: https://stackoverflow.com/questions/36264440/phone-doesnt-se...

Active scanning (where the client sends the SSID of an AP it's trying to connect to) is ironically limited to just hidden AP SSIDs.
I’ve always assumed that behaviour like this is so unusual is would motivate a closer look by security services.
The only thing it evidences is that someone is smart and values their privacy.
Criminals the security services are looking for are not that smart. If they were, they wouldn't have been criminals in the first place.
> If they were, they wouldn't have been criminals in the first place.

What does intelligence have to do with whether someone is a criminal? There are dumb criminals and smart criminals; I'm not sure what the correlation here is.

I think most criminals are dumb. Quick google search shows average IQ of a criminal is 85.
Average IQ of all criminals, or criminals that got caught?
It must just be the ones who got caught. If they weren't caught how can anyone be sure they were a criminal?

Honestly though they might as well just use the average IQ for the population. There's not a person alive who hasn't violated some law at some point. We're all criminals.

Probably not directly related, but mainly due to fewer opportunities. This is one of the reasons I strongly agree with universal basic income. The capitalistic game is harder than many people are capable of playing. They shouldn't have to suffer enormously because of that, and neither should society. Otherwise, should we assert that ethics are inherently easier for some people, yet penalize all people the same regardless of their capacities?
Excluding ideological motivators, if you are technically competent to pull off a cybercrime and escape unseen, you are technically competent enough to work at a tech company making 300k+ a year while only doing about 10 hours of actual work per week.

Treating this just like investments, over your lifetime, its a no brainer on which is the better path to take.

And a smart enough person would also know that there's a long chain of caveats to this specious claim, significant enough that being a criminal and getting away with it is much more compelling.
None of the caveats include hypothetically being thrown in prison though. Being a criminal and getting away with it is significantly harder than phoning in your job as part of a capitalist machine
You're on a forum that's thematically dedicated to the idea of being a "hacker" in spirit; to a lot of people, the easy boring path isn't attractive.

"Why do this risky exciting dangerous thing over there when you could come over here and be a flacid lifeless drone with me at Bezos' personal blowjob-drone company. Marry the first person you meet, have some kids, yay stability!"

You are going in the wrong direction. Lean into the surveillance. Use it to create an alibi.
> if I am missing something

It's the day you miss something that your effort was pointless. Even if your solution is always secure, it only takes one slip up to ruin everything

Any threat as large as youre trying to protect against, if interested in you, can just wait for you to make a mistake.

I doubt I am any target. I am just another regular Joe living under mass surveillance and avoiding when possible.
> can just wait for you to make a mistake.

Anyhow, if one slip-up is enough, you're doing it wrong. Imagine you were a mad scientist testing out a jetpack- you are confident yes? But I imagine you would feel more confident with a bunch of nets, and a trampoline underneath that, and a lightning rod in case of a storm, and a requirement that you hold down multiple buttons at once to play with the controls, etc.

That is, if you are serious you will put in multiple safety nets at every layer of the stack so that "one slip" is not enough.

You like to talk to people, but you know that a long-term pseudonym is the gravest danger of them all.

You like virtualization, but you keep some crucial data and keys(treams) on a un-networked machine.

You like anonymizing networks, but you know the caveats of traffic tunneling and didn't connect from your home router.

You connect to a randomly-chosen wireless AP, but you know that just in case your MAC-spoofing fails or you get pwned or something, you are glad that you bought the device with cash and never tied its characteristics to your identity.

You are glad that the only transceiver connected to the device is an external wireless dongle so that when you are done, you don't accidentally connect with your device from home.

You are glad you waited for an overcast day so that you could thwart spy satellites that use visible/infrared light, and that you connected to the AP from afar to thwart cameras.

The list goes on. The guy whose face you see plastered in the news? Yeah, that guy thought his experimental jetpack was the shit. And it was- until it wasn't.

Wrap your phone in aluminum foil when you're not using it.
From my experience, people who do take this type of an exaggerated approach often end up exposing themselves more in ways that they don't even realize...

How do you pay for jmp.chat? Do you trust their code to be bug-free and without possible exploits? Do they do regular security audits and code reviews? Do they have enough users and maintainers to be able to quickly detect and address security issues? Are you sure Airplane Mode turns off the baseband and cuts off all cellular communication? It doesn't, you can still emergency receive alerts in Airplane Mode. Your phone can tell exactly where you are by comparing your wifi search results + RSSIs to known public databases without even having to use GPS. How much do you trust your VPN provider to keep no logs? How do you pay for VPN?

All that plus the fact that, under general surveillance, behaving in a way that is consistent with avoiding tracking at great inconvenience is a great way to get flagged.
jmp.chat can be paid for with a virtual card and not tied to any ID. However I have it associated to my real ID in this case as it is the number everybody knows.

I use the word 'mitigate' not 'solve' since closed source baseband modems are a problem. Cellular traffic is off in airplane mode, but the baseband could be exploited if someone wanted to find me AND knew which IMEI to target. Because the IMEI has never been associated to me, that is a challenge.

I run my own VPN and share it with a few other people.

>I run my own VPN and share it with a few other people.

How confident are you in your VPN server configuration skills? Gaining access through mis-configured self-hosted boxes is the easiest attack vector usually as most people who self-host aren't experts in the software they are using leading to leaks. Besides that, do you keep a list of packages installed on your box, open ports, etc? How about security patches and regular updates as well as auditing access logs to ensure no one gained access to your box?

We're talking about the FBI here. They see traffic coming from a server. The ask who's server it is, your host tells them your name and address. The FBI asks the host for physical access to the server, and installs whatever monitoring they want regardless of your patch schedule. The FBI asks them to keep this off the access logs, and they do.
You might be assuming I am trying to evade an APT or I am of any interest to them. That is a fun rabbit hole to go down, and I realize they could spend resources to pursue these avenues. Other comments summarily say that if you try to protect your privacy too much, you automatically become a person of interest. The measures employed by an APT to target and monitor someone at these levels are expensive. They do have abundant resources, but they would be wasting much money and lose focus if they targeted every privacy seeking person. After spending thousands of dollars, they would find nothing interesting on me other than someone with above average tech knowledge who just doesn't like to be followed around. The suggestion that I am flagging myself for surveillance is ridiculous. If I am wrong, I hope they do surveil me to learn this themselves.
I'm willing to bet that if you generate roughly the same data as your peers, you're invisible, but if you generate NO data at all, you become worthy of checking into, as either the algorithm has no ability to correctly record your data or you are working very hard to hide yourself from the system, possibly for nefarious reasons, and therefore need to be monitored just in case.

Squeaky wheels get the grease and squeaky nails get the hammer, but silence in a noisy forest is alarming.

What's your threat model?
From my understanding, when installing an alternate OS (ie lineage) you can dive deeper into the partitioning of the device's os and see all components/folders. Under `vendor` you can choose not to install firmware for different kinds of stuff (wifi, baseband).
You sound interesting and likely good company for a nice meal somewhere exclusive. In SF by chance?
There is no such thing as anonymous. There is only more difficult. A government that controls enough endpoints (e.g. your country's backbone) can infer identity.
The sim basically doesn’t matter. The imei identifies the phone to the network, the sim identifies the subscriber. So the network sees phone x unknown subscriber prepaid carrier. Airplane mode does not prevent the phone system from triangulating your phone, or from turning the baseband on remotely even when the phone is “off”.

The carrier definitely knows where you live if you take your phone to your house at night, even if it is off. The only way to prevent that is to put it in a faraday pouch at your “airplane mode” checkpoint.

Why do you think basically zero phones have trivially removable/changeable batteries? Any phone that clams to be security first and doesn’t at least have a switch (an actual switch) that disconnects the battery altogether is a joke.

> It's only gotten worse as phones have gotten more capable

I wish my cellphone would not have all those sensors for this reason...

The camera and mic are pretty easy to destroy if you want to get rid of them!
That's not a bad idea... then just connect an external mic (headset) when you need one.
There's a bunch of other sensors though... also don't forget that there is often more then one microphone... like on the Pixel 7
Are you saying that a phone manufactured in 2022 can have its firmware remotely changed to record microphones?

Specifically can your whatsapp/signal audio calls be recorded by FBI remotely in this manner?

Honestly, a phone manufactured in 2006 is probably vulnerable to a similar attack. The larger point is that state-sized threat actors (and the carriers they work with) have a crazy level of control that cannot be underestimated. Especially in 2022, it's hard to look at any sufficiently complex smartphone and assume it's not vulnerable to sufficiently motivated threat actors.
>whatsapp/signal

Hint, it's not the application you use but the microphone/speaker itself.

> Are you saying that a phone manufactured in 2022 can have its firmware remotely changed to record microphones?

Yes, court records show the FBI has and continues to explicitly do this. Leaks from folks like Snowden show the NSA/CIA have done this too.

> Specifically can your whatsapp/signal audio calls be recorded by FBI remotely in this manner?

The baseband firmware is at a level 'below' the operating system of the phone. It can directly access peripherals and intercept them, so it could be reading your microphone and passing it along to the higher level OS at the same time. WhatsApp/Signal thinks it's secure, and if you look at its app signature or anything else it looks exactly like the normal app you expect. However your data is still getting intercepted at the lower level and recorded for a state/government actor.

I am not at all familiar with the hardware design of phones, so I want to be very clear in my understanding.

Are you saying that the electrical signals from the microphone and to the speakers pass through the baseband chip before/after going to the main chip on the phone? Or that the baseband chip has separate access to the microphone and speakers?

There are varying architectures, so it depends. But at a minimum, the baseband at a minimum has low level access to anything that goes over the network. In some implementations, the baseband can just read straight from main system memory if it wants.
No?

Baseband firmware is the firmware for the modem. It has no relation to the SoC that runs the phone, unless there is some sort of exploit that allows it direct hardware/memory access. To listen to the mic or capture video, it has to interface with the ADC chip which is not directly connected to it.

There may have been phones in the past that allowed DMA to the SoC from the baseband chip which hypothetically would have allowed a properly crafted exploit on a per app basis, but its not longer the case, as pretty evident by the FBI asking Apple to unlock the phones (if they could access the memory from baseband, they would not need to)

Many phones have the peripherals including microphone connected or accessible to the baseband.
Are attacks like these still possible? I've read here on HN that hardware makers are isolating the baseband processor as much as possible to prevent attacks like these. Surely there are countermeasures?
Most modern phones have signed firmware for everything, so the FBI would have to go to the manufacturer and court order them to hand over the signing key. Or take advantage of a leaked key.
What I meant was chips are increasingly being isolated at the hardware level so that they cannot access other peripherals directly. This would make them resistant to compromised firmware attacks.

People are discussing that in this thread:

https://news.ycombinator.com/item?id=33958252

It looks like the implementation isn't perfect yet but it's a start.

I really wouldn't be surprised if some three letter agency hasn't shown up to every one of the major chip manufactures out there and forced them to install backdoors for them.
intel's ime is a perfect example
Ah so that's the hack they were doing in the show Person of Interest
I was talking to someone who was charged with a fairly minor crime, and they said the first advice their very expensive/experienced lawyer gave them is to no longer trust their phone is not recording them, as the local police (australian) use this ability quite freely.
Ridiculous, when has a blackbox co-processor with DMA to your entire device caused problems..?