cross-posted from: https://slrpnk.net/post/16912428
Up until a few days ago, I’ve had a Google Pixel 5.
I used it for about 3-4 years, but I had to replace it due to its’ hardware failing and it hitting EOL software support wise. Especially the USB-C port is damaged, and the battery is drained in just one blink of an eye.
Said device is now lying around in the drawer, and I want to find a good use out of it. It’s still a fine phone. Like all those phones other people have in their drawer. It’s probably faster than my homeserver, has cameras, sensors, wireless connections, and much more.
It has GrapheneOS installed, and is still more or less secure, probably even more than 80% of other android phones right now I guess?
**Do you have any ideas for what I can repurpose it? **
I know that there’s Octo4a, which can turn it into an Octoprint server for my 3D-printer, but I already have a Raspberry Pi for that, and as said, the phone has an unstable USB connection.
Maybe I could use it for my photography equipment, e.g. as remote shutter?
It is never secure or truly safe to use. The kernel cannot be updated and so all vulnerabilities are adding up. You’re giving out enough info to figure out what device you are using just in the fingerprinting with every online connection. It is relatively easy for someone to look for you and exploit a known vulnerability. They don’t need a zero day or any kind of exploit. You device likely has the last secure kernel on it and there will be many published critical vulnerabilities that can be scripted.
Even if you stay offline and do not use WiFi or use airplane mode, you’re not able to verify what the modem is doing in the real world. You never owned the thing in the first place and the reason why is the proprietary binary module that supports the system on chip and modem.
All that said, it is no different than something like an old computer running Windows XT or with CP/M.
Hmm… Thing is, GrapheneOS is already more secure than stock Android, and the hardened memory allocator, spoofed MAC address, unprivileged Play Services, and much more as example, strongly help to reduce attack surface.
I think just going online, like connecting to my home router and doing system updates, won’t strongly compromise security.