Everybody talks about the OS, buy nearly everyone forgets about the base band, the hidden OS on every phone that you have almost no control over.
Whilst the media is worrying about Apple iCloud and phone encryption, GCHQ are quietly delving into your base band and enjoying the smoke and mirrors.
To use analogy, we are worrying about the government looking under our clothes, whilst in fact they are peeling back or skin and skulls and peering into our humanity.
People talk about it less these days because modern modem/baseband chips are sandboxed. In older phones they had bus master access and could do whatever they wanted, hence their frequent targeting by unlockers. But they didn't need all that access and have since been locked down a fair bit. Also, Qualcomm at least got more serious about security and started hardening their firmwares.
Also, intelligence agencies tend to be after stuff that the baseband doesn't have any convenient access to, like photos and files on disk. Even though an un-sandboxed baseband could theoretically access the hardware, it'd be doing so in parallel with the real OS and that'd be super painful to implement.
Finally, why bother when the OS is such a bigger surface area? The IC's aren't magic, even if they developed some impressive tricks under the cover of secrecy. They attack systems in the same way as your average defcon presenter does.
Of course they can. Even the iPhone, Apple can easily push an invisible update and install a bot on your phone if asked by the government. As long as you don't control the backend and even the frontend, you're at the mercy of whoever controls it (Apple in this case). That's why all the Apple talks on privacy lately sounds like not much more than good marketing to me.
"In the secret documents, provided by NSA whistleblower Edward Snowden, the intelligence agencies described a successful effort to obtain secret encryption keys used to protect hundreds of millions of mobile devices across the globe."
Google can do that, too, through the "Play Services" framework, in case others weren't aware of it. We know this because Google has already used these "powers" to uninstall apps/malware from phones (non-Nexus).
Yeah--reading the Ars Technica review of Marshmallow terrified me with some of the things they are doing there. Like the fact that users have more granular control over permissions now, but internet is always on for apps no matter what, there's a whole slew of permissions that aren't exposed through the user-controllable permissions that are pretty bad, and there's new stuff in there that allows screenshots to be sent from an app to Google for "searching in the app." I try to read this stuff without a tinfoil hat, but they sure don't make it easy.
The internet permission has been semi-broken from Android 1.0 onwards. In particular, people tended to interpret it as "this app cannot upload my data to the internet". But then it was discovered apps could do things like request the music app to play an audio stream from an arbitrary URL. Any data to exfiltrate can be put into the query params. Or the app can request the browser to open, same trick. By the time the user realises what's happened the data is gone already.
In fact more or less any app that can be convinced via IPC to open an attacker-controlled URL can be used to circumvent the expected meaning of the internet permission.
And then there's the inconvenient fact that virtually all apps need it for one reason or another, so it just became meaningless. Good riddance, I say.
> Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.
This sentence is as much context as the article provides, and I won't rehash my other comment, but this could be from a recently purchased ~$20 burner to a ~$800 iPhone. Not every phone is windows/android/apple and connected. idk, I found it pretty eye opening.
What do you mean? I can turn javascript off in my browser which effectively takes control of the front end by preventing communication with the server. Native is a different story but saying "there's no such thing as a front-end that you control," is misleading.
Did you write the browser yourself? On an operating machine that you hand-coded on a CPU architecture that you clean-room designed and implemented personally?
None of this should be a surprise. We should expect that any device with Internet access can be hacked by someone, regardless of their intentions. If it isn't the NSA it's Chinese "patriot hackers" or Russian cyber-criminals operating with the consent of their governments. Or many others. Instead of seeing this security state as a binary, we should always consider two questions:
1: How much do we value our privacy and security versus the needs of society (in the case of backdoors and so on), and,
2: How much do we trust the people whose business is having the ability to break into our phones? I don't like how invasive our security agencies are but if they end up preventing major crimes or terrorist attacks I can't say what they do is wrong.
At the end of the day, I want the people defending me to be more powerful than the people attacking me, but I don't want my defenders to use their same tools against me.
I agree with your post but you left out "How much should we trust companies who are intent on slurping as much data as possible, storing it insecurely, with the main purpose of selling it".
NSA's / GCHQ's work is made easier by companies who ask for too much data, and who don't know how to send that data securely or keep it secure on their servers.
> I don't like how invasive our security agencies are but if they end up preventing major crimes or terrorist attacks I can't say what they do is wrong.
What if they're just using the information to further their own personal power and fortune and forestall any potential rivals?
If it's the Chinese or the Russians then it's bad. And you never hear about them being in the business of preventing major crimes or terrorist attacks.
If it's the NSA then it's either hype, speculations without any real evidence, right up until there is, and then it's "not surprising".
It's true that everyone wants to hack your device.The difference is that NSA has set the tone: Make the technology providers under your influence include exploitable flaws and back doors.
PCs are fully mature products and 99% of customers don't need performance breakthroughs. That means it should be possible to make open hardware and open software that make exploits much harder than they are today. Phones are getting there. It's time to make hardware and software that optimize for verifiable security.
When Blackberry 10 handsets boot up, they spend a few seconds verifying the security of the software. Since the handsets are practically impossible to root, I'm guessing any alterations would be flagged up.
In 2011, the UK had a few days of rioting and looting where kids were supposedly using Blackberry's private pseudo anon messenger system BBM to advertise flash mobs of looting.
UK authorities complained BBM's encryption was to blame for the looting.
Within a few days afterwards, the BBM service experienced some rare downtime, during which presumably, accommodations were made to cater to accessibility of the encrypted messages for the UK gov.
> I don't like how invasive our security agencies are but if they end up preventing major crimes or terrorist attacks I can't say what they do is wrong.
That invasiveness IS a major crime in itself, of mindboggling proportions even. Besides, the operative word here is "if".
> At the end of the day, I want the people defending me to be more powerful than the people attacking me, but I don't want my defenders to use their same tools against me.
Not gonna happen.
> "If the totalitarian conqueror conducts himself everywhere as though he were at home, by the same token he must treat his own population as though he were a foreign conqueror." -- Hannah Arendt
"Describing the relationship between GCHQ and its US counterpart, he said: "GCHQ is to all intents and purposes a subsidiary of the NSA.
"They [the NSA] provide technology, they provide tasking and direction as to what they [GCHQ] should go after." "
This is the juciest part. This is the confirmation we've been suspecting for a long time: CGHQ is the NSA, and all of their programs are shared. This means that we can pin the worst abuses of GCHQ onto the NSA, and also confirm that US citizens are directly targeted by even the most outrageously invasive surveillance efforts-- there is no exempt population, proving the NSA's PR lies once again.
Snowden wasn't a liaison between CGHQ and the NSA. How would he know if it were a subsidiary of the CGHQ. If it's from documents he took, then were is the documents showing it?
I'm sure there is a lot of cross sharing of information, but to call it a subsidiary is a bold claim.
Snowden was a sysadmin because he explicitly decided to become one to get access to more documents.
I've read most (nearly all, perhaps) of the Snowden documents. They paint the exact same picture he is painting. GCHQ appears to be so tightly integrated with the NSA that they have access to each others intranets. It's well known that one reason Snowden got so many documents is that he was able to crawl the entire GCHQ internal wiki .... from Hawaii.
If you look at other presentations then it's clear that they have unified infrastructure to a great extent and GCHQ is willing to do nearly anything to stay in the club.
I don't have the ultimate answer here, but why were the (highly classified, some marked "no foreign national viewing") GCHQ slide decks on NSA servers?
I also assume that their slides reference each others programs frequently. Maybe this is incorrect.
They obviously work together very closely. I'm just objecting to the idea that the UK spy agencies are just American outposts and that each agency is responsible for the mistakes/crimes of the others.
Maybe they are really pushed around by the US, but I'd have to see more than Snowden making unfounded statements about it. In the past, he's made some illogical leaps based on some of the information he took. It's very easy to do that when you expect the worst of someone/thing.
> I'm just objecting to the idea that the UK spy agencies are just American outposts and that each agency is responsible for the mistakes/crimes of the others.
The UK agencies aren't US outposts and the US agencies aren't UK outposts.
It's also possible that the documents outlining the closest collaborations are too sensitive for Greenwald et al. to publish. Snowden may be speaking generally based off of background which he has seen firsthand, but indicated to the journalists that it should be kept secret.
Hard to conjecture much farther without seeing everything. At this juncture, I'm going to continue assuming that the GCHQ equals the NSA.
My understanding may be dated, but I have often wondered if the battle for privacy is a lost cause in the mobile phone space. Even with a ground-up open platform for the phone and OS, current regulation requires blob of 'certified' hardware and software between you and the antenna/network. Short of using my phone to acoustically-couple a 2400baud cryto-stream (the call meta-data of which still being snitched), I'm really not sure if privacy is possible.
Not total privacy since the network knows who's on both ends, or at least that you're on one end, but as long as you can tunnel encrypted traffic over it via a hotspot, I'm not sure how that could be cracked.
One way that I've been wondering about is all these new keyboards coming on the market. Things like Swype, Swiftkey etc.
They have cloud storage for storing data to feed predictive algorithms, but it essentially becomes a cloud-based keystroke logger.
So you may be sending encrypted traffic via hotspot, but your keyboard process running in the background has the raw input data and is feeding that to a server.
I'd love to read a more detailed writeup on the security of such apps, which ones are trusted (ie. only using local encrypted storage, no phoning home), etc.
I would be surprised if Apple has let a vulnerability of "send text message, pwn phone" linger for very long. Article doesn't mention brands or versions, but it is quite important to fully understand.
Or does this work at a lower level? I've heard the radio chips themselves are untrustworthy, but how would they control the main OS on another chip?
Enter "the baseband". A dark, undocumented, hardly accessible, obfuscated piece of code that has access to your microphone, GPS, battery management and lots of other gimmicks.
That sure goes a long way toward showing how powerful Stingrays are, and why Harris and the government really, really don't want information about them getting out. I got a chuckle out of this near the end of the article:
> Whenever someone does dive into baseband software, many bugs and issues are found, which raises the question just how long this rather dubious situation can continue.
Well, the baseband software was written in the 90s, the article was written in 2013, and I'll bet nothing has changed in the last two years.
The implication here seems to be that at least Stagefright did, in fact, have software exploiting it in the wild. Perhaps there are similar exploits yet to be found publically, even on iOS, or perhaps this vector has "gone dark" now.
I'm not sure they could have resisted if they wanted to and if they had been force they would do what they can to manage the public perception, but I can't imagine the anxiety that must exist in Apple if they are being forced to provide such functionality considering all it would take is a single proof to come out for Apple's whole China market to collapse into a pile of rubble.
What about 3rd party keyboards like those that have recently made their way to iPhones and have been on Android for a while?
All of them (even Samsung's swype style keyboard) seem to have some sort of cloud-based storage for your data so it can remain equally predictive across your devices. Is there any good security research out there on how safe these keyboards are and which ones are the worst offenders? Seems like it is essentially a user-installed cloud-based keystroke logger ripe for abuse.
I love the functionality of some of them, but man do they terrify me.
I'm surprised HN readers don't already know this. It still astonishes me how so many so called "tech savvy" users are content with surrendering their privacy and freedoms to Google or Apple so that they can run the latest "apps".
This is why I'm backing the Neo900[1]. It might be a bit pricey and low spec'ed by today's market (a consequence of it catering for a niche market meaning it won't be mass produced) but in my opinion that's a small price to pay to actually own your phone (it's actually more akin to a mobile computer than a phone).
I don't think any one with even basic understanding of technology thought that an intelligence agency can't breach their cellphone.
You have a GPS receiver, a microphone, camera, and a data capable modem on you all the time this is pretty much a cold-war era dream come true to those agencies.
Heck the layman is probably more "aware" of this than people with better understanding of technology simply because they do not understand the technical difficulties that might be involved in remotely accessing a mobile device.
As for the Neo900, It's a nice project and it's has been posted on this site many time, but you should have serious doubts about it being any more NSA proof than a burner you pickup at the bargain bin at Walmart. Yes they have all their physical electronically resetable fuses that in theory will allow you to disconnect the modem, and they do some power usage analysis to ensure that the radio is actually off, but still they are using regulated off-the-shelf hardware, if the NSA wan't to break into that phone remotely they'll find a way if they won't have a way in straight of the bat to begin with which is also quite likely.
If the interconnections are limited to the extent said off-the-shelf hardware just can't have privileged access to the other parts of the system, it's safe. That said, it doesn't matter if modem is hacked if it can't do much.
Backdooring an MCU so it'd allow access on a secret code from anywhere is surely possible in theory, but it'll be hard to hide the cost of adding such backdoor.
The baseband can be compromised, the SOC can be compromised, the OS can be compromised, the SIM card can be compromised, and more importantly the base station it self can be lawfully and unlawfully accessed.
The safe part is in theory, there are only a handful of companies that could actually audit a mobile system in any effective matter pretty much all of them are also the vendors of various mobile interception, tracking, and exploitation solutions.
Dealing with any type of security requires you to identify and quantify your threat agents, if your threat agents are a foreign or a national intelligence service of any note i wouldn't bet anything on the N900 nor on any other cellphone.
If you ask anyone, layman or expert what is a secure device that the NSA could not hack the only thing that they might come up with is a brick, and i wouldn't even trust that[1].
At best the N900 might give you some reliability that when it's off and when the radio is turned off it's actually off, considering that sleep mode power consumption can vary by quite a bit in the same SOC based on conditions like temperature it wouldn't surprise me if you could fool that as well.
Everything in theory could be compromised, that's the story of computer security but that doesn't mean we should ignore any threats. That's like saying I might as well use dictionary words for all my passwords because they are easy to remember and there's no such thing as a secure system. The point is that the Neo900's baseband sandbox will provide significant protection that no other device can offer. _If_ a government agency decides they want to try to break the sandbox of a device owned by only 400 people, maybe they'll find a vulnerability that they can exploit, but it may take them many man hours to do so and even then there's no guarantee that they will find anything.
Accessing the base station controller (or any other part of the cellular infrastructure for that matter) lawfully or unlawfully, is indeed possible but that does very little to help an adversary take over your device. What it does help them to do is to read your communications. If you are paranoid about that, you can use your own encryption. If you are paranoid about your location being tracked then just turn off the modem or don't use a mobile phone. The difference between the Neo900 and everything else is that when turn off the modem, you know it actually is off.
Again with the "significant" protection, there is no evidence that the Neo900 or any other commercially available "secure" phone actually will provide any significant level of protection against state sponsored threats.
I look at this from another perspective if http://goldelico.com/ could create a phone which is NSA proof on any level from commercial over the shelf hardware than the NSA is a colossal failure, but they aren't.
The number of users that will use the phone is also irrelevant, because you look at this as only 400 people, the NSA looks at it as these are 400 people that intentionally attempt to evade our surveillance lets check it out.
Back to the phone part everything they've done might seem right, and might seem to be harder to break, but as it seems that not a single phone that is actually used by government agencies in the states is build that way, the NSA certifies certain devices, they do not allow any of them to be used to store or communicate secret information, but it's allowed to be used for confidential matters.
If the NSA could build a phone that they would think it secure, they would do, which again leads me to strongly believe that all of these measures are pointless, yes they might offer some additional level of protection against non-state agents or states without a sufficiently advanced intelligence services but even that might be doubtful because it's unlikely that we'll see this phone going head to head against commercial phone exploitation solutions.
It's not the Neo900's goal to be protected from high-profile targeted attacks. That's hardly feasible.
However, that doesn't make it pointless. Neo900 aims to protect as much as possible from fishnet style mash surveillance. On most devices you simply cannot protect yourself from that, since any E2E encryption you'd employ could be easily attacked by shared RAM access from the completely uncontrolled (and often known to be exploitable) modem firmware.
When you don't completely control your device, you cannot do anything to protect your privacy. When you do (and there are also other reasons to want it aside of privacy), you can start thinking about it. It won't help when you're specifically targeted by super secret agency, but it will in 99% of other, more common cases.
Everything can be backdoored, but what about costs?
If the interconnection between the baseband and SoC is restricted in a way baseband can't just do DMA requests and mess with the system, the compromised baseband has to talk to the the compromised SoC to compromise the OS.
NSA have to either develop a specific backdoor for a specific device (or, better say, schematically similar devices group) and hook into their supply chain (hmmmm...), or develop a quite cost-adding generic backdoor system.
They surely have resources to design anything and even beyond that, but added cost to the production just can't be easy to conceal. There must be some sane limit to NSA's possible omnipotence.
And then there are reverse engineers who love to peek what's done in silicon. NSA has to shut up not only original part vendor (easy for them, sure), but a bunch of engineers around the world, stealing designs for the chips so they'd make a clone. You know, some countries are famous for that stuff.
Add: as for base stations - they're outside the phone. We don't consider plaintext data outside to be secure. If you're about the voice calls - E2E-encrypted VoIP to the rescue.
The cost is irrelevant, the NSA doesn't calculate how much it would cost them to tap Bob's phone, but how much it would hypothetically cost them if they couldn't.
Considering from the NSA exploit catalog we've seen that they target very specific and niche devices I don't think they care about scale when it's not possible.
Yes the base band doesn't have DMA since it's connected over USB but it still wouldn't trust it if my life would depend on it in even the slightest of ways.
For all we know the baseband and all basebands are compromised to the point where the NSA can tap into them DMA or not, there might be some undocumented remote debugging interface that opens a serial connection to the baseband over cellular, there could be a 1000's other things. And while USB does not support DMA it still doesn't mean it's safe by any means, attack over USB can still happen.
As for NSA's omnipotence, yes there is a limit to it, but that limit won't be reached by a group of engineers building a phone with commercial off-the-shelf hardware and open source software. If the NSA's reach could be that easy to defeat than they would be very very bad at their jobs, in fact a simple commercial device like this that some how even remotely limits their ability to task their targets would be a reason to shake the NSA up completely and light a fire under their asses because they've been sleeping on the job.
But as we all know they aren't sleeping on their job, in fact they act like a bunch of hyper intelligent teenagers on adderall, the NSA and their counter parts shown us for the past 70 years that no system, no network, no form of communication device is safe from them, that's their job, doesn't mean that they should have the mandate to do it all the time, but if they can't they aren't fulfilling their role.
The cost of backdooring is put not on NSA but on hardware vendors. They have to add extra silicon and that stuff costs. And there is a huge market of reverse-engineered mostly-compatible clones, too.
My idea was that I'm practically sure that if I'd take a small-enough MCU or FPGA it'd be NSA-free. Just because putting a backdoor there (and that backdoor has to be quite smart and listen for signals on a lot of pins, while being discrete about that) would seriously increase complexity and cost of the device. And that would be noticeable. Just don't believe this would went unnoticed for any long.
As for SoCs - yes, they're complex enough and their interconnections are quite standardized. So, you're probably right.
The NSA doesn't have to tamper with hardware to backdoor it, they can just as easily find a hardware/microcode bug.
And as far tampering with the actual silicon goes, well if the device is complex enough to require substantial logic then you'll probably have room to plant a bug, a simple device won't need a complicated bug to begin with.
And silicon tampering doesn't require you to implement an entire bug in the silicon it self it can be as simple as intentionally added flaw that causes an error or an errata when say exposed to certain radio frequency which in conjunction with other external or internal attacks might lead to an effective backdoor.
Incorporating something like that into silicon won't be that expensive, and all that it needs to do is maybe short 2 pins that put the chip into debug mode and GL discovering that in a postmortem.
You're not accomplishing what you want to accomplish with this
> are content with surrendering their privacy and freedoms to Google or Apple so that they can run the latest "apps".
You have the choice of not running apps. Get a feature phone.
You can create a fake account on Google (or even better,
get an Amazon fire phone, or some Chinese one that is based
only on stock Android). Or just Ubuntu Phone/Cyanogen mod it
> it's actually more akin to a mobile computer than a phone
Based on the original N900 let me say it is going to be a much worse experience than your Average android phone, especially running Debian and having a resistive touchscreen.
And the phone company will still know your location
> You're not accomplishing what you want to accomplish with this
How do you know what it is that I want to accomplish? I will accomplish everything that I want to accomplish.
> You have the choice of not running apps. Get a feature phone.
Except that I do want to run and write my own software. With a feature phone I would have very little control over the operating system and other software, not to mention the baseband modem.
> You can create a fake account on Google
Do you suggest a Google account every task I undertake? One single fake Google account for everything I do would be pointless. Of course you've already made the assumption that I want to use Google services (which I don't).
> (or even better, get an Amazon fire phone, or some Chinese one that is based only on stock Android). Or just Ubuntu Phone/Cyanogen mod it
You continue to assume that I want to use an operating system designed to collect as much information as possible on me. Replicant would be a better choice than Cyanogenmod, however neither that nor Ubuntu Phone solve the closed hardware problem where the baseband modem is not isolated from the rest of the device.
> Based on the original N900 let me say it is going to be a much worse experience than your Average android phone, especially running Debian and having a resistive touchscreen.
That's your own opinion. I still use my N900 because there isn't a device that comes close to what it offers. As a Linux/Unix professional, I much prefer the experience over any Android phone. I run Debian natively which I can't do on any Android device. I much prefer the stylus precision of the resistive touchscreen than the fat-fingers capacitive mentality.
> And the phone company will still know your location
Not when you choose to switch off the modem they can't.
> Based on the original N900 let me say it is going to be a much worse experience than your Average android phone, especially running Debian and having a resistive touchscreen.
The N900s resistive touchscreen is more sensitive and accurate than any capacitive touchscreen I've ever used. Also, unlike capacitive screens, you can use it when your fingers are sweaty, wet, or gloved, and anything in arm's reach can be a stylus, rather than having to wait for Apple to grant you one.
Using a capacitive screen after getting used to the N900s resistive one feels like I'm navigating with my elbow. And that elbow had better be completely dry, and not a pencil eraser.
I have no idea how Apple managed to force the meme that capacitive screens are not shit compared to resistive ones. Maybe at some point there was a glut of cheap Chinese tablets and phones with crappy resistive screens?
Maybe because of the n900s form factor resistive screens were better
I remember other Nokia phones with resistive screens and they were passable at best, and not comparable with capacitive ones (at least most of them, I remember seeing a Motorola phone with an awful capacitive screen)
You don't need to wait for Apple for a stylus, really
Swiping on a resistive screen is a frustration as well
"This is why I'm backing the Neo900[1]. It might be a bit pricey and low spec'ed by today's market (a consequence of it catering for a niche market meaning it won't be mass produced) but in my opinion that's a small price to pay to actually own your phone (it's actually more akin to a mobile computer than a phone)."
You misunderstand.
neo900, while interesting in many ways, has a standard, off the shelf (closed) baseband, and that baseband has control over your processor and memory as deep as DMA.
Your carrier owns you. Your carrier can literally flip bits in your memory with silent OTA updates that you have no knowledge of, or control over. This is not to mention the other, third computer in your hand, which is the SIM card, which you also have no control over and which your carrier can upload arbitrary executables to, which run outside of your control.
"and that baseband has control over your processor and memory as deep as DMA"
No, that's false. The Neo900's baseband is connected to the main application processor by USB (and UART). Yes, it is closed, but it has exactly the same access to your memory as a USB dongle connected to your laptop.
Modem and SIM are the blackboxes outside of the user's control, that's right. That's why the rest of the system is designed with keeping that in mind.
Feel like this is begging the question a bit. While a phone is a massive attack vector it is pretty non obvious that from a text message a user can have a stealth rootkit installed and persisted to all their devices.
The firmware of the gsm-modem, called the baseband, can be updated by the service-providers at any-time. Triggering any kind of exploit of the user OS is trivial then. Heck, you don't even need to think as complicated as that, looking at the permissions granted to the most installed apps.
Absolutely. The article didn't provide much color on it, but I am thinking about a <$20 pay as you go phone that is turned off, with the known information of simply a cellphone number. While the gov't has crazy access to these telco companies, there is really zero friction if this is universal.
Scenario: If you infect 'target 0' you now have a seed to feed to your maliscious googleR00t bot, that just indexes a phone book and sends these root sms messages out. Possible/likely even to and from powered off phones. They could even do a badbios/thunderstrike-like attack on a laptop or otherwise airgapped computer. If you find one person who has that number in their phone, even if never turned on, when it does, it connects to the network. Broadcasts the location and data, and becomes a carrier of some pretty next-level malware.
Now, if you think critically I guess the OTA phone attack thing is a conclusion you could draw. However, 'the Government' is a huge organization. The capabilities are clearly staggering and somewhat known, but who has access? Imagine if Edward Snowden, or someone like him, got the exploitDB and all the source? Who would know? The gov't can't admit it has zero days to every piece of technology and have packaged up these payloads into something as easy to use as a rails API or SMS message. That hacker for sure wouldn't let the public know because unknown vulns === big money. So, who is to say this hasn't happened, won't happen, or even how many people are 'legally[0]' allowed to use this in Virginia.
As far as I'm aware, UMTS has not been hacked. You can tell the device to connect to UMTS only. Of course this doesn't stop carriers from giving government agencies direct access to communications. If secure communications is your concern then you should always encrypt your calls and data.
The Neo900 modem is sandboxed at hardware-level, monitors all activity and gives the user complete control over it so you will know if something fishy is being attempted and you will be able to prevent it. This makes it very difficult, if not impossible for an adversary to take over the device. Regular Linux (by that I mean not Android) can be installed so it is far less likely to contain any backdoors.
If triangulation of your location is a concern, just switch off the modem.
It still astonishes me how so many so called "tech savvy" users think they can do the technological equivalent of defending themselves from the military with a store-bought handgun.
Looking at the state of security in GSM and related technologies, it's not necessarily the military you may want to protect yourself from. I'd be rather worried about agencies doing mass surveillance and/or script kiddies.
When you're specifically targeted by big guys, you're screwed. Otherwise, you have plenty of ways to defend yourself. Many (me included) believe that it's still worth it.
Well, it's a sort of institutionalized resignation... I mean, if there's nothing you can do about it, what should you be doing? Switching to a blackphone? What if your organization doesn't support a truly secure option?
It's like hearing that Microsoft and the NSA had a backdoor 20 years ago - at the time I didn't have an option for my work machine, so I just grunted and went along.
"Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on."
Are they implying that all/most smartphones still communicate with cell towers when turned off? (obviously this isnt happening) - Or do they pwn the device before hand to have it fake that its turning off while remaining on?
I do know that both smartphones and feature phones can turn on while "off," if you set an alarm. However I doubt that they ping cell towers when off, as I've left them off for weeks/months with little battery drain.
I’m trying as good as I can to protect myself against such attacks. My android smartphone is permanently in airplane mode and I don’t use a sim card. Do you still see a security risk?
It wouldn't be totally surprising for an airplane mode phone to "phone home" after it has been, say, 72 hours in that mode. I can hardly imagine a trip that long.
Best thing is probably an iPod Touch or iPad Mini without cellular (I'm pro iOS vs. Android, mainly due to secure element and iOS > Android security; there's an argument you could use a secure element plus a new ROM on Android devices to surpass iOS), with a wifi or bt or usb link to an external wifi-4g modem or wifi-wifi router (mifi, portal, whatever).
I doubt removing the SIM makes any difference, it's only used by your carrier to identify you. If the NSA wants to target you specifically, it wouldn't stop them.
If a device is known it can be hacked. Anonymity is the key. Use roaming sim card (it will require some cooperation of the remote operator, so kinda makes it harder).
What to do to mitigate - no sim card. If have to use sim card - imei randomizer. Wifi mac address randomizer.
It seems strange to me that the Snowden is only now mentioning the "text message" attack vector, after everyone already knows about Stagefright. Is he out of things to leak? or did he mention it before and go unnoticed?
He handed all his confidential and sensitive documents to reporters before fleeing so, in a real sense, he is "out of things to leak." He seems to be transitioning to a role of explaining to the mainstream press, in short words they can understand, what is going on.
If you pull up a tear down of an iPhone 6 you will see the Qualcomm MDM9625M is clearly an entirely separate chip from the Apple A8, and is halfway across the circuit board.
Yes, he had mentioned it before. Of the top of my head, in "No Place to Hide" he discusses it, but I'm sure you could find a better source if necessary.
> Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.
Are there hardware GCHQ keys in the phone for verifying the encrypted text? I imagine there would have to be, otherwise anybody (with enough time and research) could construct one of these messages to gain control of the phone.
I suspect "encrypted text" is the result of a journalist mangling "text containing shellcode" or something like that. Obviously once they have malware in the phone itself, controlling it via encrypted / silent SMS would be a fine way to do things though.
That's doubtful, 'effective power' (incidentally that bit of the text was completely arbitrary) was (seemingly) a hard crash caused by an error in the text shortening for the banner notification pop down. Tom Scott has a good speculation video on what might be going on that seems pretty sound.
Top Comment Paraphrase: "I knew about this before it was cool."
When someone posts a new python/lua/lisp feature intro, no one says "I knew that already!" or "No new info here!" But if it's about security or privacy, the HN zeitgeist wants to denigrate it as "old news."
Nerds tend to operate in a sphere of "once I know something, nobody must ever tell me again."
So, they know something and, just by feelings, assume everybody else knows it too. They assume hearing repeated information wastes the time of everybody.
The truth is, average people don't even pick up on ideas until the 5th or 8th time they hear them.
Even the Snowden revelations weren't revelations per se. We knew about Carnivore before and about the AT&T splicing room and even in the 90s people would half joke half serious comment about how the government watched all online communications.
The Snowden documents just solidified the nerd fears. Plus, since the 90s, the Internet grew so big and so popular that people just kinda gave up on the idea that it could even be monitored or tapped en masse. The benefit of the Snowden dump was showing it is possible and it is happening (instead of just being conspiracy theories) and you can't do squat about it.
I see the mechanism you're talking about, but as I said, this doesn't seem to happen with technical information. For example, if some one writes an intro to AsyncIO, there are basically never comments like "this should be obvious to anyone who read the PEP," or "there's nothing here that you couldn't infer from the source." It seems to be something about privacy/security stories.
I think that it stems more from a nihilist-chic then a borderline autistic inability to understand that other minds contain other information.
Yeah, as this comment node pointed out, the whole "I knew about it first" force is in full effect here.
The other root cause here: when people have self-pride over the information they are sharing as if it were new, but you knew the new information a long time ago, and you just want to knock them down a few prideful rungs.
even in the 90s people would half joke half serious comment about how the government watched all online communications
The 90s actually had one of the most visible examples of NSA intervention, that of the Clipper chip.
They assume hearing repeated information wastes the time of everybody.
The issue isn't really repeating things, as much as the fact that it took up until Snowden for people to start being legitimately shocked, when they bluntly dismissed decades of prior art.
It is quite depressing. I remember conversations at school in the early 90's where other students would flat out refuse to accept e.g. CIA involvement in operations that former CIA directors had publicly accepted responsibility for, because there was this perception from certain circles that the US just couldn't possibly be behaving that way.
And that has persisted. What is not denied becomes implicitly accepted under the doctrine that if it's done, it must mean it's necessary, or what they should be doing.
What is new with Snowden is that a portion of people who previously refused to entertain this possibility have finally accepted it. And are now "shocked" despite having been told for a very long time.
I think a lot of people just don't get how deep the denial has run.
Important difference though: the point of "we shouldn't be surprised by this" isn't just "why is this here, it's uninteresting"; it's about redirecting the conversation toward the important underlying questions of government surveillance, etc. The very fact that these kind of surveillance tactics are unsurprising is itself a noteworthy topic that many here consider to be made more important and noteworthy with every new insight like this that gets released.
As much as I admire Mr. Snowden for what he did, he is not an expert outside of the documents he took with him. He isn't privy to anything happening now. He didn't build anything or code anything. All he did was steal from some idiots that should have known better how to secure information. This does not make him omniscient.
Personally, I did not remember this capability until I saw this article, and I've followed the whole deal a lot closer than my circle of friends. People either don't know or don't care and don't know that they should care.
In the presidential debates and primary campaigns, how many times did you see someone say that this is a major issue? I can definitely point to presidential hopefuls making the opposite point, however.
Have only skimmed your link, don't have time to read right now, but at a glance it seems to be entirely about passively spying on data being communicated, whereas this new claim is that they can actively take control of your phone remotely, which is pretty different.
Forgive me if more time reading would have made this comment irrelevant. Will be coming back to this thread later and reading more.
I read your article in full. It is mostly about the broad collection of data passively (e.g. from smartphone apps, or other leaky sources). It has two slides at the bottom hinting at phone plants, but that isn't really what the article is about and it doesn't spend a lot of time talking about them.
I'd agree with the above poster, your article is mostly irrelevant if otherwise interesting. I will say a lot has been said about phone plants previously, but your article isn't about that really.
He already told you the reason, he doesn't have time to read it right now.
Did you read the link you posted? Because I read it, and his skimming is 100% accurate. The article talks about Angry Birds, Facebook, google maps, and other social apps leaking personal data by transmitting it over the internet and being intercepted. Completely different from the new BBC article.
Edward Snowden is not a hero IMO, anyone who cared to look knew for years the government had vast surveillance powers. Is anyone else tired of seeing his headlines? The guy seems to really want to be a celebrity? Does he deserve that? I'm not trying to be rude, only suggesting we rethink our attention to him.
He gave up a cushy job in Hawaii and risked his entire life to make the government's surveillance a credible threat to everyone. Not just the people who would listen, but every single person in the world.
I agree, kill your heroes and all, but he's important and he brings up new information every time he's on the news.
He's the one who provided the evidence. Without evidence you're just a conspiracy theorist. (Note the theory part.)
And frankly he doesn't deserve the fame, and I don't particularly think he wants it either. But the data he provided (illegally, at continuing risk to himself) opened up a much-needed conversation.
I choose to think he's rolling out headlines, over time, in order to make sure this issue never fades away like so many other things do. The pace of our media and culture makes important items this NSA scandal become forgotten quickly.
Snowden isn't "rolling out headlines over time," media companies are.
Although it's obvious Edward Snowden is consciously trying to leverage media (and now social media - his Twitter account is obviously image-conscious) to his advantage in keeping the narrative alive, let's not act like he's actually running things. The linked article seems to be as much advertisement for Snowden-related BBC properties as it is an attempt at maintaining awareness of the subject of Snowden's revelations themselves.
Whilst the media is worrying about Apple iCloud and phone encryption, GCHQ are quietly delving into your base band and enjoying the smoke and mirrors.
To use analogy, we are worrying about the government looking under our clothes, whilst in fact they are peeling back or skin and skulls and peering into our humanity.