Reply
Thread Tools
Posts: 22 | Thanked: 16 times | Joined on Nov 2009
#1
Hi,

Something that hardly (if ever) comes up in reviews are the security features of the N900/Maemo. So maybe someone could help me out here:

1. Is is possible to encrypt the SD-filesystem, so that if your phone gets stolen nobody can view your photo's and other personal stuff located on the SD card? (e.g. does Maemo offer native encryption support or Truecrypt or someting)

2. Are apps running in some sort of sandbox that prohibits them from accessing your phone contacts, e-mails, sms message, gps location, and so forth without giving explicit approval? (e.g. like Windows UAC or pre-install security info like Android).

3. Is the webbrowser running in a sandbox or would hackers e.g. be able to exploit some bufferoverflow in the Flash engine and run remote code on the N900?

4. How can regular users be sure that the software they install won't cause mayhem (like having a backdoor) coz on Windows there's plenty of Antivirus/Spyware tools to keep lusers safe.. Is there a roll-back feature like WIndows/Mac has?

5 How safe is the personal info stored on the N900? I would rather like to believe that all personal info on the N900 would be in some kind of safe: so that only with approval third party software would have access to it..(or at least have an option to ask for access permissions first).

6. In case the N900 gets stolen, is it possible to remotely wipe the device and/or locate the device through SMS or Ovi? Like iPhone, Android, Blackberry etc offer as a service?

Last edited by Holyshit; 11-26-2009 at 07:52 PM.
 

The Following 5 Users Say Thank You to Holyshit For This Useful Post:
biatch0's Avatar
Posts: 226 | Thanked: 194 times | Joined on Nov 2009 @ Malaysia
#2
I thought I was paranoid... you take the cake wanting to run TrueCrypt on your N900 SD/filesystem...
 
Posts: 293 | Thanked: 64 times | Joined on Jan 2008 @ Fremantle, W. Australia
#3
Security is a tradeoff with convenience. And a phone is too easy to loose.

You can use the Linux command-line tools for encryption, such as GPG. i use that on the n800, and assume its on maemo-5.
 
cashclientel's Avatar
Posts: 663 | Thanked: 282 times | Joined on Nov 2009 @ London, UK
#4
1. yes
2. no, but you've got the advantage on linux of being able to run apps with users with low access rights (I think Windows UAT copied this approach?).
3. Yes, mostly.
4. Be sure what you install is safe first. If 'viri' start appearing for the N900 then you can sure that anti virus software won't be far behind.
5. As safe as you not loosing it or installing any dodgy programs.
6. Not at the moment but I'm sure 'they'll be an app for that'
 
Khertan's Avatar
Posts: 1,008 | Thanked: 798 times | Joined on Jul 2007 @ France
#5
Personally, my n900 is always connected to internet ... in case of i lost it i can remotely completely erase all information on it ...
 
Posts: 393 | Thanked: 66 times | Joined on Feb 2010
#6
This is a great question, has anyone tried running a TrueCrypt volume on their N900?
 

The Following User Says Thank You to mail_e36 For This Useful Post:
Posts: 196 | Thanked: 53 times | Joined on Jan 2010 @ UK
#7
Been using one for a few weeks now without any problems.
 
craftyguy's Avatar
Posts: 443 | Thanked: 228 times | Joined on Dec 2009 @ Oregon, USA
#8
Originally Posted by Khertan View Post
Personally, my n900 is always connected to internet ... in case of i lost it i can remotely completely erase all information on it ...
Are you running some sort of dynamic DNS service on the phone to keep DNS entry up to date with an IP? If someone steals the device and connects to a cellular ISP(tmobile,etc), how do you plan on accessing the device? Every ISP connection through a cell provider I've ever encountered blocks things like SSH, or the device is NAT'd behind their routers and you have no way of initiating connections to the device.
 
Posts: 2 | Thanked: 1 time | Joined on Mar 2010 @ Qatar
#9
hi fred,
im new to linux. could you tel me how to install truecrypt in n900?
and which package to download?

thanks in adv...
 
Posts: 207 | Thanked: 117 times | Joined on Nov 2009 @ Pittsburgh, PA, USA
#10
Originally Posted by craftyguy View Post
Are you running some sort of dynamic DNS service on the phone to keep DNS entry up to date with an IP? If someone steals the device and connects to a cellular ISP(tmobile,etc), how do you plan on accessing the device? Every ISP connection through a cell provider I've ever encountered blocks things like SSH, or the device is NAT'd behind their routers and you have no way of initiating connections to the device.
I am using openvpn. phone reconnect to my server.
 
Reply

Thread Tools

 
Forum Jump


All times are GMT -4. The time now is 01:48 AM.