An estimated 5.3 billion mobile phones became electronic waste in 2022. Many of these devices can be repurposed and used in different contexts to extend their lifetime and to reduce ecological impacts. An often overlooked aspect of smartphone reuse is cybersecurity: these devices embed hardware-backed security mechanisms that rely on vendor-controlled provisioning and are designed for a fixed device lifecycle. In this paper, we investigate whether security mechanisms and guarantees remain effective when devices are repurposed outside their original ecosystem. We explore security features in a PinePhone, an open-hardware smartphone, and focus on three core security aspects: boot chain integrity, isolation provided by the Trusted Execution Environment, and the protection of hardware-bound secrets. Our experiments simulate realistic repurposing scenarios and highlight the complexity of reconstructing trust anchors. We generalize our observations to infer requirements for secure repurposing and illustrate how vendor locked mechanisms hinder the repurposing of a majority of discarded devices.

翻译：据估计，2022年有53亿部手机成为电子垃圾。其中许多设备可在不同场景中再利用以延长其寿命并减少生态影响。智能手机重用中一个常被忽视的问题是网络安全：这些设备嵌入了依赖供应商控制预置配置的硬件安全机制，且专为固定设备生命周期设计。本文研究当设备在原始生态系统之外被再利用时，安全机制及安全保障是否依然有效。我们探索了开源硬件智能手机PinePhone的安全特性，聚焦三个核心安全维度：引导链完整性、可信执行环境提供的隔离性以及硬件绑定密钥的保护。实验模拟了现实中的重用场景，揭示了重建信任锚的复杂性。我们归纳观察结果以推导安全重用的必要条件，并阐明供应商锁定机制如何阻碍大多数废弃设备的再利用。