An estimated 5.3 billion mobile phones became electronic waste in 2022. Many of these devices can be repurposed and used in different contexts to extend their lifetime and to reduce ecological impacts. An often overlooked aspect of smartphone reuse is cybersecurity: these devices embed hardware-backed security mechanisms that rely on vendor-controlled provisioning and are designed for a fixed device lifecycle. In this paper, we investigate whether security mechanisms and guarantees remain effective when devices are repurposed outside their original ecosystem. We explore security features in a PinePhone, an open-hardware smartphone, and focus on three core security aspects: boot chain integrity, isolation provided by the Trusted Execution Environment, and the protection of hardware-bound secrets. Our experiments simulate realistic repurposing scenarios and highlight the complexity of reconstructing trust anchors. We generalize our observations to infer requirements for secure repurposing and illustrate how vendor locked mechanisms hinder the repurposing of a majority of discarded devices.

翻译：据估算，2022年有53亿部手机成为电子垃圾。其中许多设备可在不同场景下改造再利用，以延长其使用寿命并减少生态影响。智能手机再利用中一个常被忽视的方面是网络安全：这些设备内置了依赖供应商控制配置且专为固定设备生命周期设计的硬件支撑安全机制。本文探究了当设备脱离原有生态系统被改造后，其安全机制与保障措施是否依然有效。我们以开源硬件智能手机PinePhone为例，聚焦三大核心安全维度展开探索：启动链完整性、可信执行环境提供的隔离机制，以及硬件绑定密钥的保护。通过模拟真实改造场景的实验，我们揭示了重建信任锚点的复杂性。基于观察结果归纳出安全改造所需的条件，并阐明供应商锁定机制如何阻碍大多数废弃设备的改造再利用。