Thursday, January 02, 2014

When Your Phone Is Not Your Friend

Gadzooks!  They've cracked the iPhone!?

Newly leaked documents from the National Security Agency highlight Dropout Jeep, a piece of software that could target one of the country's most popular devices -- the iPhone. 

According to documents published by the German news website Spiegel Online and dated Oct. 1, 2008, Dropout Jeep would give the NSA the ability to retrieve contact information, read through text messages, listen to voicemails and even turn on the iPhone camera and microphone.

The document goes on to say that while Drop Jeep was currently limited to installation through "close access methods," the NSA would research ways to install the program remotely in future versions. 

If you're wondering how the NSA developed this fiendish capability, fingers are being pointed at Apple, but a trip through the Wayback machine suggests another possible culprit:

From a 2011 article by Mark Elgan at Computerworld:

Cellphone users say they want more privacy, and app makers are listening.

No, they're not listening to user requests. They're literally listening to the sounds in your office, kitchen, living room and bedroom.

A new class of smartphone app has emerged that uses the microphone built into your phone as a covert listening device -- a "bug," in common parlance.

...
The issue was brought to the world's attention recently on a podcast called This Week in Tech. Host Leo Laporte and his panel shocked listeners by unmasking three popular apps that activate your phone's microphone to collect sound patterns from inside your home, meeting, office or wherever you are.
...
The new apps are often sneakier about it [than older apps, which were activated by users in order to identify a song that was playing, etc.--CH]. The vast majority of people who use the Color app, for example, have no idea that their microphones are being activated to gather sounds.

Welcome to the future.

...
[M]arketers love cellphones, which are viewed as universal sensors for conducting highly granular, real-time market research.

Of course, lots of apps transmit all kinds of private data back to the app maker. Some send back each phone's Unique Device Identification (UDI), the number assigned to each mobile phone, which can be used to positively identify it. Other apps tell the servers the phone's location. Many apps actually snoop around on your phone, gathering up personal information, such as gender, age and ZIP code, and zapping it back to the company over your phone's data connection.

Methinks it would behoove consumers wondering how the NSA might get into their iPhones to hie themselves to their local App Store.

A little further back in the Wayback machine brings us to the analog era, my favorite, when all that was needed to turn your home phone into a microphone was some fiddling at the telco switch.  From Bloomberg in 1999:

It's hardly a secret that phone taps are a favorite ploy of industrial spies as well as law-enforcement agencies. What isn't well-known is that the phone doesn't even have to be off the hook to be tapped. It's possible to activate a hung-up phone remotely and use it to eavesdrop. This techno-trick recently came to light as a result of a drug dealer's court case in the Netherlands--but it is said that the technique will work on virtually any phone anywhere.

I remember reading somewhere that this was a much-cherished technology for various British intelligence outfits working through British Telecom and its previous incarnation, Post Office Telecommunications.

And from Mark Bowden's book on the US-assisted manhunt for Pablo Escobar in the early 1990s, Killing Pablo, here is a nugget from the analog cell phone era which, I expect, still applies today:

There was another nifty secret feature to Centra Spike's capability [a US Army sigint outfit that, unlike the NSA, was tasked with providing tactical intelligence to special operations--CH].  So long as their target left the battery in his cell phone, Centra Spike could remotely turn it on whenever they wished.  Without triggering the phone's lights or beeper, the phone could be activated so that it emitted a low-intensity signal, enough for the unit to get a fix on its general location...
With this background, the extravagant cybercaution of Brookings China wonk Kenneth Lieberthal is understandable:

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "the Chinese are very good at installing key-logging software on your laptop."
 I have a feeling that Mr. Lieberthal's countermeasures are informed both by awareness of PRC perfidy, and knowledge of the immense penetration and surveillance capabilities the industrial-security partnership has brought to the telecom and networking game around the world.

If you're in China--or anywhere else--that phone in your pocket: it's not your friend.



No comments: