Can we have an open phone please? The case of the Ubuntu Phone
For some time, many in the privacy and security community hoped for a completely open-source mobile phone, one that would allow for code to be examined and strengthened to prevent malicious attacks to a user's privacy.
So when Canonical, the company that primarily funds Ubuntu GNU/Linux, announced it was entering the mobile phone market, we were among the many who hailed this development. Given the company's track record, it was believed that the open-source philosophy of Ubuntu would carry through to their mobile phone version. In light of what we now know about the fallibility of mobile phones, which can enable highly invasive and mass surveillance, the need for this kind of phone has only increased recently.
However, despite hopes of a totally open mobile handset platform, Privacy International has learned from Canonical that their new phone will suffer from the same problems as their competitors by leaving the baseband closed. While the operating system of the phone will be open, without the ability of the security community to examine the baseband software of the new Ubuntu Phone, the open-source nature of the remaining element may provide no more assurances than other open-source phone operating systems such as Android.
Why does this matter?
Mobile phones are now with us for most if not all of our daily lives. From bedside charging at night to the almost permanent place in a pocket or handbag, there is very little in our lives that does not occur within earshot of these devices. In addition, the increase in functionality and capabilities means that much of our daily interactions take place through these devices, from sensitive transactions on mobile banking to the entertaining consumption of videos and websites. It is vital therefore that users can trust their phones to maintain the privacy and security of their activities and communications.
While most of the mobile phones available to consumers are closed systems, one approach to ensure that devices are respecting their users privacy is to make the software running on the device completely transparent by releasing the source code. Without knowledge of, and control over, what information a device broadcasts it is difficult to see how users can trust their device not to betray them.
Further, an artificial division has emerged in the development of software for mobile devices. The operating system, where most users interact with their phone, is the shiny and sleek look and feel of the device, including the suite of applications and built in bells and whistles that come preloaded. For the majority of users concerned about privacy, this is where most attention has been focused to date.
However, the second component is arguably much more relevant when it comes to users privacy -- the baseband. The baseband is responsible for communicating with the mobile operator's network to ensure wireless connectivity is maintained. It also underpins everything in the operating system and has access to most, if not all, content transmitted from the device as well as the unique identifiers of the device. Depending on the design, it may also have access to the content on the device as well.
That is why the Ubuntu Phone displayed so much promise. Since most phones are closed, or only their operating systems are open but not the baseband, it was hoped that Ubuntu Phone would be a first from a major mobile phone manufacturer. OpenMoko was an initial attempt but has since been discontinued.
Open source allows for the examination of code by international experts, modifications and improvements without waiting for the author to find time to implement them, and act as a deterrent against back doors in the code. Such backdoors are common with widely-available mobile phones, leaving many users vulnerable without even knowing it. A recent discovery in Samsung software reportedly allowed for remote access to a devices content via the baseband. Backdoors purportedly inserted for maintenance and debugging may be exploited by criminals and Intelligence Agencies.
The possibility of a fully open-source phone would create significant privacy opportunities, particularly in light of the recent Snowden revelations regarding NSA/GCHQ using malware to indiscriminately infect devices.
Slappin' the baseband
Canonical announced at the Mobile World Congress (MWC) conference in February that they signed agreements with telcos in Spain and China to deliver Ubuntu-based handsets by the end of 2014. In their press release of the announcement, the company said: “Ubuntu is a free, open-source platform for client, server and cloud computing", and “Ubuntu code is always open, so it’s visible".
So with eagerness, we decided to find out if they were going to make an open-source phone that could provide greater certainty of security and privacy. We asked if the software running on their new device would be entirely open source, including the baseband. The initial response from Canonical was “Everything we build for Ubuntu is open source.” The vagueness of the statement, especially since it hinted that only what they were building would be open source, caused us to press harder.
It was when we received a follow-up that we learned that the baseband for Ubuntu Phone would indeed be distributed in a closed format only, “The baseband software is the firmware that runs in the modem, e.g the chipsets we get from third parties. Therefore, we do not control that part of the solution, that is provided by the chipset vendors, and it is typically binary only”, Canonical told us. What this means is that the user gets the functionality without the ability to examine how the functionality is achieved.
Here's why this is a problem. A phone's baseband can be exploited in a number of ways by malicious external devices that force it to surrender information about the user that can sometimes lead to suppression of protests or even death. A closed baseband does not allow for the examination of one of the most critical components of the phone, which goes against the open-source philosophy many Ubuntu users have come to embrace.
The choice of Canonical to use a binary only baseband is even more disappointing when Osmocom have already produced a functional open-source GSM baseband for the Calypso chipset. One must wonder why was this not adopted or improved upon by the talented individuals at Canonical, especially given the previous enthusiasm for open-source philosophy.
The surveillance industry is striving to keep up with communications technology as it evolves from 2G to 3G and now to 4G. It is disappointing that Ubuntu failed to provide an open baseband implementation that researchers could experiment with. This would have provided a deterrent against backdoors and allow for the development of techniques to mitigate the effects of IMSI catchers, potentially detect their use, and alert the user.
If Canonical and Ubuntu are to ensure the Ubuntu Phone is to be embraced as a clear alternative to other systems, especially by the privacy and security community that so often use their products, a future version of the software must adopt the fully open-source philosophy again. This would provide the much-needed trust in their devices that are increasingly essential to our lives.