
How the NSA can 'turn on' your phone remotely - sunilkumarc
http://money.cnn.com/2014/06/06/technology/security/nsa-turn-on-phone/index.html
======
dm2
Does anyone have any more information on what is actually possible from a
malicious tower?

Below is all I could find.

[https://www.youtube.com/watch?v=lCcKk8R0LFI](https://www.youtube.com/watch?v=lCcKk8R0LFI)

[http://www.pcworld.com/article/216842/coming_soon_a_new_way_...](http://www.pcworld.com/article/216842/coming_soon_a_new_way_to_hack_into_your_smartphone.html)

[http://openbts.org/](http://openbts.org/)

Is anyone else cautious when receiving free electronics? I'm always suspicious
that it could be bugged by a rival company (from another country) or possess
malware such as [http://www.technologyreview.com/view/429394/placeraider-
the-...](http://www.technologyreview.com/view/429394/placeraider-the-military-
smartphone-malware-designed-to-steal-your-life/)

Also, this seems dangerous:
[http://money.cnn.com/2014/03/20/technology/security/drone-
ph...](http://money.cnn.com/2014/03/20/technology/security/drone-phone/)

~~~
a1a
Second question: I recently spoke with a guy working right now on analyzing
off-the-shelf usb-sticks from all kinds of vendors. He called it "night-shift
malware" and his advice was to fdisk the hell out of all devices before even
considering to use it. This might be old news(?), but my point is that it's
not only free electronics you should worry about. Of course free electronics
contains another security aspect as these might be used to attack you
specifically while night-shift stuff is directed at "as many as possible".

Last article: This is why you should put tape over your smartphone cam.
Imagine what criminals (ex. burglars) could do using such technology. Correct
me if I'm wrong here -- but I find it surprising that most people care to put
tape over their laptop cam but not on their smartphone, why is this?

~~~
IvyMike
Laptops often have a good view of the room.

Cell phones often have a good view of the inside of a pocket.

Nitpicker's corner: Your usage patterns may differ.

------
Zigurd
This article contains some likely disinformation. For example, there is no
"mode" that will prevent a phone with a charged battery from processing
commands to the baseband.

Their second suggestion, "create a barrier" is hard to test for reliability.
Just because your phone thinks it has too-poor signal to connect a call
doesn't necessarily mean that it is truly isolated and can't be a room bug.

Pulling the battery is a reliable way to make the phone safe.

~~~
chippy
disinformation or misinformation?

Disinformation is intentionally false or inaccurate information that is spread
deliberately

~~~
tritium
No. You've got it backwards.

Disinformation is prevention of awareness (not informed at all).

Misinformation is intentionally false or inaccurate information that is spread
deliberately (informed with mistakes).

...but I see what you did there.

~~~
maxerickson
No, the broadly understood difference is that disinformation is intentionally
spread wrong information, while misinformation is just wrong information.

When I say 'broadly understood', I mean that it is the reasonable
understanding you should come away with if you consult some reference like a
dictionary or encyclopedia, it's what they say.

~~~
tritium
Look at the root prefixes, and compare with similar words.

Example: Disrespect. Respect is immutable, you either have it or you don't.
It's either provided or absent, but does not manifest itself in malignant
forms.

Example: Mistrial. A trial has already has already happened, and is found to
be problematic. It cannot be reversed, and its results cannot me revoked, only
amended. The events happened, and were wrong.

Conclusion: Disinformation is socially engineered ignorance, misiformation is
socially engineered misunderstanding.

Disinformation: The water is pure.

Misinformation: You might notice that the water has a funny taste, but it is
uncontaminated, and the taste is benign and harmless.

Another example:

I disinform you of my user account by never telling you I use this website,
and never browse it in a way that would give away my participation, even
though we are co-workers, and I eat lunch with you every day. I always tell
you about awesome articles and online reading material, but I never reveal how
I found them.

You disinform me of your awareness of my user account, by never hinting that
you saw me through my bedroom window, two night's ago, sitting at my computer
browsing this site and responding to a thread. Yesterday, we ate lunch, and I
told you about that "Door To Hell" Wikipedia article. You ask how I found it,
and I misinform you that I used wikipedia's random article link.

Today, you confront me face-to-face about what you witnessed, and I misinform
you that my user account is "pavement", and I only just started using this
site five days ago. I lie to your face and tell you that I'm unfamiliar with
the "tritium" account.

~~~
maxerickson
Just check some reference material. You might not like (or agree with!) what
it says, but it should be instructive as to how other people are likely to be
using the words (because the people who bother to put such materials together
are usually careful to make them reasonably accurate). Also check out
mistrial, it's actually a trial that is stopped before there is a result.

~~~
tritium
A mistrial is a trial that occured, but was fraught with mistakes.

And regardless of the common parlance, or the tendency of usage,
disinformation still draws its latin prefix from absence or denial,
misinformation draws its latin prefix from errors and problems.

You can slang it up any way you want, but the origin of each word still
stands.

~~~
maxerickson
Ave, Cæsar!

------
Spearchucker
Everything is relative. You can track cellphones that are switched off anyway,
because companies like CellSense
([http://www.cellsensegroup.com/](http://www.cellsensegroup.com/)) make
detectors that track moving ferromagnetic objects. While CellSense's sweet
spot is prisons, there are others who's use cases are more imaginative.

As always, if you're targeted, you're probably toast no matter what you do,
short of going off-grid in a remote but populated area with absolutely no tech
on or near you, and cash, no plastic.

------
jimhefferon
Phones and laptops should have a slide switch, a hardware switch, to turn off
the mic. I can cover the camera but I can't turn off the mic.

~~~
Istof
speakers can also be used as a microphones...

~~~
dm2
I was skeptical about this at first but it seems true:
[http://www.zyra.org.uk/sp-mic.htm](http://www.zyra.org.uk/sp-mic.htm)

Even the accelerometer in a phone can be used to record keystrokes from a
keyboard. [http://www.i-programmer.info/news/105-artificial-
intelligenc...](http://www.i-programmer.info/news/105-artificial-
intelligence/6430-your-smartphone-spies-on-what-you-type-.html)

Even WiFi can potentially be hacked to map/pinpoint people in a room/building.

Must be a fun time to be a spy with everyone putting numerous bugs, sensors,
and cameras in their work and home willingly.

~~~
Silhouette
I have been coming round to the once-crazy-sounding idea that the only way to
protect consumers from unwittingly bugging themselves and others around them
is to require all devices to state a prominent warning about any components
they include that can be used as sensors or communication devices, and to
include at least a hardware-driven indicator of when any sensor or
communication channel is active and preferably a hardware switch to force it
off.

Whether any government would ever support such a move is a different question,
of course. I suspect not in the current climate, because they'd fear losing
their own intelligence capabilities against targets they wanted to single out
legitimately. However, I also get the feeling that the tide is finally turning
against the "mass surveillance/database state" in the general public
consciousness and not just for geeks and civil liberties campaigners. Probably
not at the next major electoral cycles but maybe in the ones afterwards, I
suspect preserving personal privacy will be a political issue with some real
weight, and this kind of issue will be part of that debate.

------
jloughry
New application of an old technique: spoofing the "trusted path"; in the old
days by means of a fake login prompt to harvest passwords, today with a fake
"slide to power off" that blanks the screen and makes the phone play dead but
with its radio continuing to operate.

------
Theodores
When cell phones first started to become popular it was strange to see how you
could buy them without having to provide much in the way of ID, particularly
with PAYG phones. One would have thought that it would have made more sense to
have a reasonable amount of identity checks going on, after all we wouldn't
want to have the bad guys able to do things with mobile phones,would we?

However, if all of the phones are bugged anyway, if they all work like
tracking devices and if the carriers (e.g. Vodafone) are completely happy with
being complicit with that, then it makes sense to have phones available for a
low price and with not lot of background checks going on.

The only safe way to use a phone (if you have something to hide) is to not
have one and social engineer others into 'lending' you there phone on a fake
pretext of your battery being dead etc. and then to call a number where there
is no expectation of bugging going on.

------
zw123456
I can tell you with certainty from my experience in the field that phones, in
particular smart phones, can be turned on remotely, that is common knowledge
in the industry. The only way to prevent it is to remove the battery which is
not possible on all phones. I think a cool product would be a replacement
battery that had a hard on/off switch like a magnetic reed switch built in and
if you put a magnet on that spot it would disconnect the power.

------
Istof
You might be able to test if it was secretly kept ON by checking battery
levels...

------
abritishguy
Such a clickbait title.

~~~
Zigurd
It's a sloppy article, but the title is apropos.

