
Bunnie Huang and Edward Snowden’s Malware-Detecting Smartphone Case - elijahparker
https://www.pubpub.org/pub/direct-radio-introspection/
======
jeron
I'm glad this title mentioned Bunnie, when the smartphone case was first
announced most news outlets reported it as "a smartphone case that prevents
spying by Edward Snowden and some hacker"

~~~
dmritard96
agreed. quite skeptical that snowden is anything other than a PR stunt for an
otherwise interesting/useful project that requires hardware development
expertise

~~~
johansch
Well, to be honest both of them are quite good at promoting themselves. Just
in different circles...

------
empath75
I don't understand what kind of malware this is supposed to detect? This only
seems relevant when you're using airplane mode, and why wouldn't malware just
wait until you went back online before transmitting the data?

~~~
imron
Let's say you're a journalist meeting with a source.

Let's say a certain three letter agency would like to listen to that
conversation in real-time if they could.

Let's say the journalist thinks that by setting his phone to flight mode, the
radio is off and he can't be maliciously tracked.

Let's say the three letter agency has various means to connect and listen in
on phones in real time if it chooses.

This new smartphone case would then be able to confirm to the journalist that
the phone is not sending/receiving radio signals.

Now, that might sound like a far-fetched scenario, but bear in mind that
Snowden asked reporters meeting with him to put their phones in his fridge to
prevent exactly that scenario from playing out.

It is therefore not surprising that he might play a part in developing a case
like this.

~~~
tablehampton
So we assume that an adversary has dropped some malware that can silently
enable the radio, activate the microphone, encode the audio stream and
transmit it in real-time - and they want to avoid detection by this case.

Well, all they need to do is modify the malware to record the audio to a file
and transmit it when the radio is next switched on, perhaps interleaving it
with normal radio activity.

As a malware detector, this case is useless.

~~~
ddt_Osprey
Not useless. Just less useful.

It pushes the capacity for your adversary to operate into (slightly) slimmer
confines, which is a marginal improvement.

Otherwise, your adversary can behave in an unrestrained manner. No?

~~~
tedunangst
One might also argue that giving a violent prisoner left-handed scissors will
slow them down and is therefore a marginal improvement.

~~~
sangnoir
I can't argue with that: if I had to choose between the two, I'd rather be
stabbed by the non-dominant hand. Obviously not being stabbed at all is a much
better choice (when available).

------
jbb555
"For the iPhone, there are four different radio interfaces that could
potentially be used for malicious purposes: the cellular modem, Wi-Fi, GPS,
and NFC"

Well, GPS only receives... so how is it going to detect that?

~~~
ww520
When the GPS antenna is on, it gives off RF interference? Just a guess. GPS
draws quite a bit of power when turned on.

~~~
DigitalJack
Probably not from the antenna, but the downconversion and signal processing
chain definitely will. They are shielded, but I'm sure some gets through.

------
PhantomGremlin
Articles like this make me wonder how journalists were able to do their jobs
before the ubiquity of cellphones.

Here's an analogy to what's happening:

Since you're a high value journalist, a state actor has helpfully assigned an
FBI-type agent as your minder. And now you're debating whether you should put
a blindfold and earplugs on your minder before attending an important meeting
with him in tow. Or, alternately, you're debating on whether you should add a
gag to him to keep him from reporting back to his superiors.

But, the minder is resourceful. He has trained for the possibility of a
blindfold. So he might remove it at opportune times and take a peek at what's
happening. Or, when gagged, he is prepared to report back by tapping out a
message with his fingers, using Morse code.

In short, I think it's a Sisyphean struggle to try to keep the minder from
reporting back. Instead, just leave the minder elsewhere, far away from
important discussions.

There is no way a few amateurs with soldering irons will be able to
successfully and continually thwart state actors. Don't play their game!

~~~
robert_foss
Do play their game. Raise the costs of your opponent.

~~~
tedunangst
What happens when the NSA's costs are doubled? Do they track half as many
targets or do they spend twice as much money?

~~~
djrogers
They likely do a bit of both, and do it all less well.

------
kchoudhu
Journalist enters country, has bags searched. Customs officer: "This
smartphone case is not allowed in the country."

Oh well, we tried.

~~~
walrus01
Iridium handheld phones are already recognized by certain countries' customs
for a similar purpose, they don't want journalists to have phone call and SMS
access outside of the country using a system/network entirely outside of their
domestic telecoms' control. For example when reporting on internal crackdowns
on dissent, political opposition, etc.

~~~
mentat
Wonder how long it will take SDRs to be recognized as similar tools.

------
tablehampton
Better hope that the factory manufacturing this device, and the technicians
installing it within the phone, are trustworthy enough not to leave their own
backdoors.

A supposedly trusted device that taps into the hardware buses by design is an
excellent target for malfeasance.

------
supernintendo
So it's a sort of hardware-based Little Snitch without the ability to block
connections. Neat. Perhaps a useful tool for the security-minded but not a
true safeguard. Remote code execution exploits are very real. All an attacker
needs to do is modify your network configuration (DNS, proxy, hosts file,
etc.) to disguise network traffic over a specific address that looks real
enough so as to not warrant suspicion. This exploit could also be designed to
sit idly while the device is in airplane mode, avoiding the case's primary
detection feature.

~~~
ryanlol
> This exploit could also be designed to sit idly while the device is in
> airplane mode

This seems like a rather universal feature :)

------
Luc
Much better link straight to the source: [https://www.pubpub.org/pub/direct-
radio-introspection/](https://www.pubpub.org/pub/direct-radio-introspection/)

~~~
dang
Ok, we changed the URL to that from
[http://www.allaboutcircuits.com/news/edward-snowden-and-
bunn...](http://www.allaboutcircuits.com/news/edward-snowden-and-bunnie-
huangs-malware-detecting-smartphone-case/). We've kept the latter article's
title, although it's a bit baity; "Countering Lawful Abuses of Digital
Surveillance" kinda undersells it.

Edit: but we reordered the authors' names in the title to match the order they
used in the article.

