Opportunities and Challenges in Securely Reusing and Repurposing Mobile Devices
For the mobile device lifecycle and e-waste reduction community, this work highlights cybersecurity challenges in repurposing smartphones, but is incremental as it focuses on a single open-hardware device.
The paper investigates whether hardware-backed security mechanisms remain effective when smartphones are repurposed outside their original ecosystem, finding that vendor-locked mechanisms hinder secure repurposing of most discarded devices.
An estimated 5.3 billion mobile phones became electronic waste in 2022. Many of these devices can be repurposed and used in different contexts to extend their lifetime and to reduce ecological impacts. An often overlooked aspect of smartphone reuse is cybersecurity: these devices embed hardware-backed security mechanisms that rely on vendor-controlled provisioning and are designed for a fixed device lifecycle. In this paper, we investigate whether security mechanisms and guarantees remain effective when devices are repurposed outside their original ecosystem. We explore security features in a PinePhone, an open-hardware smartphone, and focus on three core security aspects: boot chain integrity, isolation provided by the Trusted Execution Environment, and the protection of hardware-bound secrets. Our experiments simulate realistic repurposing scenarios and highlight the complexity of reconstructing trust anchors. We generalize our observations to infer requirements for secure repurposing and illustrate how vendor locked mechanisms hinder the repurposing of a majority of discarded devices.