I just found a news article regarding a law that passed in France allowing police to remotely activate GPS, camera, microphone on a user's device [0]. This was posted before on HN [1], but without traction, but I am not all that much interested in the civil aspects of it, I am more interested in the technical aspects of it. I'm curious if there is someone with know how about how such a thing would be achieved.
Would they base it on exploits? Would they have to require manufacturers to add police APIs on the devices? Would a remotely activated camera / microphone / location get the active camera / microphone / location indicator?
55 minute edit:
It seems like for simple stuff, like coarse location they can get it through the carrier; I assumed as much and it's relatively easy to get it done. For other stuff, rootkits and exploits are developed by some intelligence agencies which require manufacturing consent or physical interception. Then there's also groups that sell OS levels exploits such as the NSO group.
I'm guessing in the case of software exploits, the indicators would appear for camera / mic / gps. But maybe for hardware exploits they could bypass the circuitry? Seems like a lot of work for non-high-profile targets.
Later edit:
Keyword "baseband" seems to be the most likely attack vector
[0] https://apnews.com/article/france-surveillance-digital-devic...
[1] https://news.ycombinator.com/item?id=36779568
The baseband is an embedded computer inside the phone that controls the device’s sensors and radios. It runs off of its own OS and is separate from the consumer-facing OS. The phone’s OS then talks to this embedded system.
All phones do this, even the iPhone whose baseband OS was some variant of L4 Linux, IIRC.
Various Intelligence Community people and documents have made statements that they can remotely activate the baseband to interact with a target device.