SailNet Community banner

1 - 20 of 24 Posts

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #1 ·
Am finally breaking down and considering trading my trusty flip phone for a smartphone so I can access email and the web in a https environment instead of highly insecure wi-fi links around marinas and such. My main concerns are 1.the phone's ability to pull in a signal- I know some phones are a LOT better at pulling in the GSM and/or CDMA signals.(I need GSM to get a signal at home, CDMA is very weak). 2. durability aboard a boat- waterproof/ resistance would be nice but not essential but the overall durability has to be good. 3. Unlocked with ATT network capability so I don't have to get into a contract and can use it with Tracfone or Consumer Cellular or some reasonably priced no-contract service provider and with a foreign sim card like those from Batelco. Thanks in advance for any experience with these things. I have very little knowledge of what to look for in this technology. One thing I'd stay away from right now is the Android 4.1 system because the OpenSSL is vulnerable to Heartbleed hackers.
 

·
Mermaid Hunter
Joined
·
5,689 Posts
Am finally breaking down and considering trading my trusty flip phone for a smartphone so I can access email and the web in a https environment instead of highly insecure wi-fi links around marinas and such. My main concerns are 1.the phone's ability to pull in a signal- I know some phones are a LOT better at pulling in the GSM and/or CDMA signals.(I need GSM to get a signal at home, CDMA is very weak). 2. durability aboard a boat- waterproof/ resistance would be nice but not essential but the overall durability has to be good. 3. Unlocked with ATT network capability so I don't have to get into a contract and can use it with Tracfone or Consumer Cellular or some reasonably priced no-contract service provider and with a foreign sim card like those from Batelco. Thanks in advance for any experience with these things. I have very little knowledge of what to look for in this technology. One thing I'd stay away from right now is the Android 4.1 system because the OpenSSL is vulnerable to Heartbleed hackers.
There are a number of security issues.

On the server side (and ignoring the current Heartbleed vulnerability), http:// v. https:// is controlled by the websites you choose to use. It has nothing to do with the phone you use.

Heartbleed has nothing to do with Android 4.1. Heartbleed is a vulnerability in OpenSSL that is running on the servers you connect to. It has nothing to do with the phone, computer, or browser you use.

With regard to transport, WiFi links may use encryption like WPA2 that protects everyone on the link. Your choice of WiFi access points makes a difference. Your choice of phone does not.

There are more issues than just GSM or CDMA - you should be aware of the frequencies in use in the areas you plan to be. LTE (really fast data over cellular) has made this more challenging. In the Appleverse the iPhone 4 is the last (so far) of the truly world phones. If you are willing to give up LTE you can--at least for now--use an older phone and get 3G anywhere.

I use an iPhone 4 on AT&T with International service. I've been an AT&T customer a long time and they unlocked it for me. I also have a Motorola Razr. I usually use the Razr for local SIM cards. I use a Google Voice number that points to both the AT&T phone and the Razr so I don't have to regularly pass new phone numbers to people.

There are lots of other solutions. The key is to get an unlocked quad-band GSM phone.

With respect to durability I'm a fan of the Lifeproof cases. The cases themselves only seem to last a couple of years but they are waterproof and shock absorbent. The failure mode seems to be the rubber covers over buttons and switches and not the seals. That's good news as the failures are apparent.
 

·
Old enough to know better
Joined
·
4,346 Posts
Not AT&T but I am switching to Republic Wireless. If you have decent Sprint coverage the price can't be beat. They currently offer the Moto X any Moto G phones for $299 and 149. I sent my moto X back because I want to order a custom phone with a Teak back and get 32 GB instead of the 16 the standard one came with.

I was on Verizon and there service is better for sure. But I line that I can change my plan depending on where I am and they are as low as $5 a month for WiFi only service. I was happy with the $25 unlimited 3G plan.

Sent from my NookColor using Tapatalk
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #4 · (Edited)
Thanks Dave. I think the case idea is the way to go as far as water/shock resistance. The Android 4.1.1 os on the millions of phones having this system definitely has an SSL vulnerability to the Heartbleed intrusion, for which there is no patch as of yet.Android 4.1.1 Still Vulnerable to Heartbleed | News & Opinion | PCMag.com All the other Android systems seem to be ok. There have been no reported attacks on individual users yet but as soon as all the servers have patched this hole, hackers will look elsewhere. The danger of having passwords and private info stolen is there with 4.1.1.

I really don't need speed, but do not want to trust passwords to over the air, unencrypted signals. The wi-fi systems in marinas from the marina's router to the server are safe on https websites but the signal from the boat to the router is open completely to anyone with the equipment to intercept it. With a cell phone signal, the internet connection is secure from phone to cell tower. While not as secure as a fiber optic cable coming direct to your computer via an ethernet cable, it is mostly secure. Even kids seem to be able to intercept wi-fi signals.

Miata, that Moto g phone is on my short list. It looks pretty nice for the price.

My existing phone is a Tracfone. I have never had even a single complaint about either the coverage or operation of the phone. It just does not do internet. Am hoping I can stay on their network but their smartphones are not great and most have the 4.1.1 problem. I have a lot of time paid for and don't want to lose it going to another carrier. Consumer Cellular seems to have some good deals and some better phones like the Moto g.
 

·
Mermaid Hunter
Joined
·
5,689 Posts
The Android 4.1.1 os on the millions of phones having this system definitely has an SSL vulnerability to the Heartbleed intrusion, for which there is no patch as of yet.
No. OpenSSL does not run on phones, any phones. I think this is a media misunderstanding. It simply doesn't work that way. OpenSSL is one of the ways--one of the biggest ways--the 's' is added to https://. If there is anything that makes Android 4.1.1 more vulnerable I haven't seen it in the IT community.

The wi-fi systems in marinas from the marina's router to the server are safe on https websites but the signal from the boat to the router is open completely to anyone with the equipment to intercept it.
Well that isn't true either. If you are connected to an https:// site, assuming properly written, the connection is encrypted end to end. If you have the security settings in your browser set correctly the browser will warn you if your password is sent unencrypted.

If WPA2 is available that provides an additional layer of protection.

The best thing you can do is use a virtual private network (VPN) that solves all the problems up to but not including the server itself. See the ActiveCaptain article on the subject.

Regardless, none of this has anything to do with your choice of phone.
 

·
Registered
Joined
·
765 Posts
I have been to a sailing regatta today in Florida giving away the first 10 prototype FrogSuit floating waterproof neoprene cases for iphones (we also have them for Samsungs too) and it was pointed out by two people that one can put a Lifeproof case in the neoprene FrogSuit holder to make it float. This allows you to use your Lifeproof, it floats, is very well padded, and has a good lanyard.
We expect to have the website up on Monday.
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #7 · (Edited)
No. OpenSSL does not run on phones, any phones. I think this is a media misunderstanding. It simply doesn't work that way. OpenSSL is one of the ways--one of the biggest ways--the 's' is added to https://. If there is anything that makes Android 4.1.1 more vulnerable I haven't seen it in the IT community.



Well that isn't true either. If you are connected to an https:// site, assuming properly written, the connection is encrypted end to end. If you have the security settings in your browser set correctly the browser will warn you if your password is sent unencrypted.

If WPA2 is available that provides an additional layer of protection.

The best thing you can do is use a virtual private network (VPN) that solves all the problems up to but not including the server itself. See the ActiveCaptain article on the subject.

Regardless, none of this has anything to do with your choice of phone.
That would be good news indeed because I have been avoiding anything with that os. Are ALL the articles about the 4.1.1 system's vulnerability completely wrong? Why would techies and people who know about these things single out that specific Android version? There was mention of a "reverse" vulnerability, in the amount of 64 bytes at a time but enough to potentially steal data.

It is good to hear that my wi-fi communications from boat to router ashore are sent encrypted. I had heard differently. Does that mean that the common fear of using wi-fi in a business having a network set up, say like a coffee shop, are actually secure as long as you are connected to a https site? A lot of people avoid using their devices this way because they think it's not safe. Thanks a bunch for that information!
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #8 ·
Not AT&T but I am switching to Republic Wireless. If you have decent Sprint coverage the price can't be beat. They currently offer the Moto X any Moto G phones for $299 and 149. I sent my moto X back because I want to order a custom phone with a Teak back and get 32 GB instead of the 16 the standard one came with.

I was on Verizon and there service is better for sure. But I line that I can change my plan depending on where I am and they are as low as $5 a month for WiFi only service. I was happy with the $25 unlimited 3G plan.

Sent from my NookColor using Tapatalk
Unfortunately Verizon has no service up here in the boonies at home. Gotta get one that works home and boat. ATT has decent 3G signal here which is what TracFone uses. Too bad, the $25 3g plan is attractive.
 

·
Mermaid Hunter
Joined
·
5,689 Posts
That would be good news indeed because I have been avoiding anything with that os. Are ALL the articles about the 4.1.1 system's vulnerability completely wrong?
There is a theoretical vulnerability of Android 4.1.1 *IF* exploited from a website that has not patched the OpenSSL bug. No one has demonstrated any ability to exploit the vulnerability in the wild.

Let's be clear - OpenSSL is a great product that many banks and vendors use. A bug was found, a patch was issued, and responsible websites have applied the patch.

All that said, I would stick with hardware platforms (phones) that have continuing support from the vendor. That can be a challenge with some Android phones.
 

·
██▓▓▒▒░&
Joined
·
13,645 Posts
smurph-
Oddly enough, if you want a MotoG, pm me. I have one new in box, sealed, direct from Moto that was going to go on eBay.

"in a https environment instead of highly insecure wi-fi links " Eh, no, it gets worse than that. Aside from what's been said about heartbeat, Google has only promised to fix Android 4.4.x and later, and your carrier will need to push an update to the phone, which many of them won't bother doing. In theory Android 4.1.x and up can be patched and if I read correctly, Android 2.x doesn't need patching. Right now...we're all still vulnerable.

But cellular service is actually just as vulnerable as public wifi. There's a trick the government and hackers have been using for years now which isn't mentioned a whole lot, called "man in the middle". Cell phones simply connect to the strongest local signal, and if I put a pico-cell (one of those home signal boosters) at the marina, I can intercept every cellular call that is made because my little pico-cell will be closer than the nearest real tower. Once I've grabbed those calls? Right, I can decrypt them and steal everything in them.

So, some discretion while traveling is still in order and it might very well be another six months or year before anything really improves. There's just been a new voluntary consortium started up to address the SSL issue with donations from some big tech companies, but that's just starting up now.

Bottom line: It ain't pretty.

On phones, on GSM and CDMA, you may be getting confused there. Some carriers use one, some use the other, none really use both and very few phones use both in any form. Mainly what you will find is that some Verizon phones can use GSM when they roam outside the US, because Verizon is all CDMA and their "native" phones couldn't work outside the US traditionally.

What's really confusing the issue today is that 4G LTE, which is not "4G", is a new protocol which is GSM (sort of) and is being used by some CDMA players, like Verizon, on what are otherwise CDMA phones. It gets worse because by some definitions some of the new standards are both GSM and CDMA variants, you can get a headache from it.

Best bet? Whoever your carrier is, find phones FOR THAT CARRIER. Because even with a company like Tracfone or a carrier that uses "the same" protocol that your carrier uses, and even with an unlocked phone, all carriers will NOT allow you to activate a phone that came from another carrier. And if they allow it, not everything works.

For instance, 4G LTE on international phones (EU, etc.) does not work in the US. We use different bands, and a US 4G LTE phone won't do LTE overseas. Either one will have to fall back to 3G GSM. And if you try to use a US phone from AT&T on T-Mobile, or vice versa, thinking "they're both US GSM" well, no, they are only compatible for 2G data, not even 3G, and AT&T is shutting down 2G service in 2016 as well.

Did I mention, it ain't pretty?

So, buy what works with your carrier. By all means, buy what's most flexible, but the carriers are all still doing very well at making equipment proprietary.
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #11 · (Edited)
Appreciate your input! What's your opinion as to Win8 vs Android? Would be nice to be able to use Office applications like Word, Excel, and Outlook, especially if needing to send/receive these types of files.

Hello, it's the "man in the middle" issue I'm concerned about on the boat. Shoot, some of my 7th graders used to be able to hack into wi-fi, so I avoid transmitting anything of importance over wi-fi networks but I thought cell phone signals were much more secure, that it takes some pretty sophisticated equipment to intercept phone internet signals and decrypt them.
 

·
Mermaid Hunter
Joined
·
5,689 Posts
What's really confusing the issue today is that 4G LTE, which is not "4G", is a new protocol which is GSM (sort of) and is being used by some CDMA players, like Verizon, on what are otherwise CDMA phones.
LTE is wideband CDMA (WCDMA).
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #13 ·
Some pretty good info over on AC. At home here I get 0 CDMA signal so it's out of the question anyway. Some of the phones I've looked at do have both GSM and CDMA circuitry which may mean they do neither very well. This stuff is mind-boggling. I just sent a phone back to TracFone that had only CDMA. Turned out to be useless here, a ZTE Valet. It was also Android 4.1. TracFone needs some better phone choices. Their network is great but they have no middlin' quality phones. No way I'm spending $700 for an iPhone or $100 a month for service.
 

·
██▓▓▒▒░&
Joined
·
13,645 Posts
"Win8 vs Android?"
Heheh. Microsoft has a long long history of dumping hardware. They're now giving away the Win8 phone OS to makers because they can't sell it. Not to mention, how much bigger the Android market share is.
I refer to Google as "persons in need of adult supervision" and that applies across their product line, but they are the 800# gorilla in the cell phone OS business.

Cellular man-in-the-middle is still going to be much rarer than WiFi exploits, but since it has been in the nooze several times this year and the equipment is fairly cheap, I wouldn't be surprised to see that exploited more often. Using a VPN connection, so you are encrypted all the way back to a "known good" hardwired server, probably is worth the trouble as well.
 

·
Old enough to know better
Joined
·
4,346 Posts
Some pretty good info over on AC. At home here I get 0 CDMA signal so it's out of the question anyway. Some of the phones I've looked at do have both GSM and CDMA circuitry which may mean they do neither very well. This stuff is mind-boggling. I just sent a phone back to TracFone that had only CDMA. Turned out to be useless here, a ZTE Valet. It was also Android 4.1. TracFone needs some better phone choices. Their network is great but they have no middlin' quality phones. No way I'm spending $700 for an iPhone or $100 a month for service.
When I was in Ithica I had fairly good coverage with Republic, but not as good as my Verizon phone. But along 17 there was no problem with the republic.
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #16 ·
"Win8 vs Android?"
Heheh. Microsoft has a long long history of dumping hardware. They're now giving away the Win8 phone OS to makers because they can't sell it. Not to mention, how much bigger the Android market share is.
I refer to Google as "persons in need of adult supervision" and that applies across their product line, but they are the 800# gorilla in the cell phone OS business.

Cellular man-in-the-middle is still going to be much rarer than WiFi exploits, but since it has been in the nooze several times this year and the equipment is fairly cheap, I wouldn't be surprised to see that exploited more often. Using a VPN connection, so you are encrypted all the way back to a "known good" hardwired server, probably is worth the trouble as well.
Hardware???? How about software? All my computers run on XP, their most popular AND STABLE os of all time (I've had them all), which they have just dumped! Grrrr.
 

·
first sailed january 2008
Joined
·
1,409 Posts
I didn't read any of it but the title. You want an iphone in a life proof case.

Edit- I did go back and read I'm not spending $700. Get an iPhone 4s on craigslist and sign up for unlimited straight talk. $45 a month. I rarely endorse a product or service but this is that good. If you enroll in auto refill it's $42 a month. Or $60 for unlimited calls international. So iPhones don't have to be as expensive as you think. You could get an iphone 5 for $350-$400.

I have been everywhere from the corner of America in Washington and I literally had calls and internet as I left the San Juan islands and it cut out right on the international border on my GPS. I've used it all over 48 states, (not Maine or Alaska) from really remote areas to cities and I would say I have calling in 99.5% of places and data in 91%.
 

·
first sailed january 2008
Joined
·
1,409 Posts
If you're worried about security, as I am, apple devices are much more secure than android, or so I've been told.:rolleyes:

Besides security they are tough. I spent all last summer on the boat writing you guys from my iphone. Ebay has a lot for pretty good prices, you'd probably be happy with a 4s. Then you can get a fusion stereo and plug it in and jam! To jimmy Buffett.
 

·
no longer reading SailNet
Joined
·
2,309 Posts
The $60-$100 Nokia 520 and 521 devices (520 is on AT&T, 521 is on T-Mobile) are incredibly inexpensive (those prices are without a contract) and are also very durable when wet. My 521 has been dunked twice and continues to work. My wife's phone has gone through the washing machine and also continues to work. The price is also cheap enough that I don't really care if I do kill it. I love the hardware and price point. I don't think the future is $600 devices like the iPhone, it is <$100 devices that save consumers $20/mo.

The biggest downside as a sailor is that Navionics, iNavX, and Garmin Blue are not sold on the Windows Phone Store. I don't know of a good app for offline charts.

The biggest benefit is that an app version of deepzoom.com is. That shows tides and currents better than any other app that I've used on any modern platform (Android, iOS, Windows Phone, Windows PC, OS X).

I use T-Mobile for my service and find the free international roaming to be very useful. I look forward to using it while sailing in the San Juans and BC this year. I'm on a family plan and our per-line rate ($40/mo) is a little less than what northoceanbeach quoted, but I think a single line is a little more.
 

·
Over Hill Sailing Club
Joined
·
3,688 Posts
Discussion Starter · #20 · (Edited)
Well, have been doing some research on this cell phone security topic and have concluded that the data and voice transmitted from cell phones in any form is extremely vulnerable to hacking in a number of ways. Basically, if it's in the air, it's hackable. Also, that there is no way of knowing where your signals are going and that those pathways are all extremely vulnerable to be intercepted and very possibly not even encrypted once they leave the router you are connected to. One of the better pieces I've read:Critical infrastructures - Main threats for 2G and 3G mobile networks - Security Affairs | Security Affairs
 
1 - 20 of 24 Posts
Top