During a speech at the February 2020 RSA Security Conference in San Francisco earlier this year noted security expert Heather Mahalik asked a starting question to the crowd: if you had to leave the room and could only choose between your wallet or smartphone, which one would you take?
Mahalik, like most of the room, agreed her smartphone would be the first choice in today’s data-driven reality. And with the latest phones available there is a constant assumption in consumer-land that these constantly evolving devices include everything new. Unfortunately, that’s not quite true.
A Backdoor Into the Castle
Mahalik went into quite a bit of detail on how her team’s work at Digital Intelligence and the SANS Institute have found through testing and deconstruction many new phones like the latest Apple iPhone, for example, are still using old hardware. That particular detail in a smartphone makes it extremely vulnerable to a hack as the old hardware becomes a backdoor into the security of the device.
This reality runs counter to a consumer’s assumption that the latest model of something is supposed to be completely new, but in practice many companies recycle old internal hardware while recasting the external side of a product with a new appearance. If the hardware works to the new specs, that’s a cost savings in production. It’s also a growing security weakness the older the hardware gets.
So you have a new phone, and the hardware problem is buried deep inside. Are you suddenly holding radioactive kryptonite?
It depends on who has access to your phone and when. Smartphones don’t have a long life. They are getting recycled every two or three years now on average. The dangerous part of the old hardware involves the fact that it can’t be upgraded.
With a now available hack known as checkm8 and checkra1n one can effectively open up a iPhone and its hardcoded data. Why is that a problem?
Well, iPhones are thought to be the Fort Knox of smartphones. But with the hardware hack, they can be easily opened like a Diet Coke soda can (absent the fizz), leaving the “gold” inside available for anyone’s taking.
How Extreme Do You Need to Be?
You might argue, no problem, I get rid of my old phones by smashing them with a hammer. Good for you!
It’s really an effective way of making sure your old phone isn’t usable in the wrong hands (just don’t puncture and expose the phone battery to air as it will start a fire – lesson courtesy of Bear Grylls survival videos).
However, the high majority of people don’t take such an extreme measure, either hand their old phone back to their employer, or they recycle it to get some cash by giving the unit back to a phone provider reseller.
Read Between the Lines
So, given the above, if you have one of the latest phones or are considering a replacement soon, spend a bit of time and double-check how old the hardware platform is on the given model. If you’re the type who needs a very secure security block on your data access in your phone, it may be worth your time to choose one model over another based on the specs versus just pricing alone.