The recent news of a savvy UAE-based activist thwarting an attempt to compromise his iPhone raises the important issue of state-based surveillance actors and their private sector contractors having sophisticated and effective ways of intercepting communication and using their targets’ own devices against them. One problem with modern mobile computing technology is that it’s been built around expansive and convenient features, with security and privacy as an afterthought. On the same day I learned about the iPhone exploit, I happened to listen to a re-run of a 2014 Planet Money podcast in which an NPR journalist volunteered to fall victim to his unencrypted internet traffic being captured and analyzed by experts, and what they were able to learn about him, and specifically about the sources and topics of a story he was working on, was alarming.
As the podcast mentions, mobile OS vendors and online services are getting a lot better at encrypting traffic and obscuring metadata, and one of the primary reasons for this was Edward Snowden’s revelations about the ubiquity and sophistication of the NSA’s surveillance, and by extension, the dangers of surveillance from other state agencies, black hat hackers, and legions of scammers. The Snowden revelations hit Silicon Valley right in the pocketbook, so that did impel a vast new rollout of encryption and bug fixing, but there’s still a long way to go.
As a way of both highlighting and trying to fix some of the inherent vulnerabilities of smartphones in particular, Ed Snowden teamed up with famed hardware hacker Bunny Huang have been working on a hardware tool, specifically, a mobile phone case, that monitors the radio signals from a device and reports to the user what’s really being transmitted. They explain their project in a fascinating article at PubPub.
Mobile phones provide a wide attack surface, since their multitude of apps are sharing data with the network at all times, and even if the core data is encrypted, a lot can be gleaned from metadata and snippets of unencrypted data that leak through. Journalists and activists generally know this, and often use Airplane Mode when they’re worried their location may be tracked. Problem is, when agencies are using spearphishing attacks to remotely jailbreak iPhones and install tracking software, and there are even fears that OS vendors themselves might be cooperating with authorities, Snowden and Huang set out to allow users to monitor their devices in a way that doesn’t implicitly trust the device’s user interface, which may be hiding the fact that it’s transmitting data when it says it’s not. The article goes into great detail about the options they considered, and the specific design they’ve worked down to, and it looks terrific.
…I take it as a fine example of NOT having to be at the bottom of the stack in order to execute a little of reliable oversight
The physical world -fortunately- follows HIGHER rules.
That Bunny/Snowden device is problematic if you actually have something to hide – because in a non-tolerant regime, just carrying that is grounds for retaliation. Much better was the approach pioneered by Blackphone, which looked like an iPhone, and fit inside an original Apple iPhone case, so that it just looked like any old phone. The BP itself was problematic for other reasons, but the thinking behind the industrial design was solid.
If you have to design a separate device, then it would likely be helpful if they concealed it in something else that would not normally flag itself as something to be concerned about. A battery case is an excellent example: it has reason to have embedded circuitry, it has a power supply, and it has a plausible reason to have external lights.
But beyond that, fundamentally, keep in mind the applications processor is subservient to the baseband processor (as http://www.osnews.com/story/27416/The_second_operating_system_hidin… ) and as long as that remains the case, there will never be a way to carry a truly secure device that you can carry.
Edited 2016-08-26 19:38 UTC
Correct, that’s a good approach, as it requires much deeper inspection in order to find out what it really does.
“…Smartphones are too smart. People do not control them. Manufacturers do. (And just ask yourself: Who controls manufacturers?)…”
And nothing but smarter, future wise, Doc. ‘Dumbness’ is going to be simulated, merchandised -even could be prosecuted.
[From always convinced that a pure ‘data carrier’ business is a very pity one].
Every Actor presume to be that little ‘bell boy’ carrying the letter in his rusty bicycle…
“…data to internal storage and send it later on…”
Guessing that mesh networking by proximity and burst x modes are not there only for the user convenience.
The fact that they had to spear phish in order to try and break in that dude’s phone gives me the impression that they don’t (yet) have the ability to do it without the user having to disregard common sense security practices.
Granted, your average techno-weenie will have no clue about such security practices, but 99.99% of these people will be of no interest to said state agencies anyway.
If you really want to protect said techno-weenies, you’re going to have to make security automatic such that they don’t have to think about it. Hence, even more locked down devices.
Edited 2016-08-26 21:50 UTC
There^aEURTMs no public evidence (yet) of a ^aEURoezero-click^aEUR vector attack for iOS in the wild. NSO Group claims to have one though.
Turn your phone off when it isn’t being used (remove the battery if possible).
keep it in a Faraday cage.
Always use encrypted communication apps via open public WiFi networks.
Use the phone ONCE for critical messages and physically destroy it afterwards
Buy cheep and/or second hand devices and dispose it, together with sim, after each use. Documents should be saved (printed) on paper only.
Edited 2016-08-27 09:17 UTC
Those type of things only really help if everyone does it:
“Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior ^aEUR” using disposable cellphones and switching them on only long enough to make brief calls ^aEUR” marks a user for special scrutiny. CO-TRAVELER takes note, for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time.”
Lennie,
As you hinted, co-travelers can be tracked very effectively using statistical means even with no device breaches. We already know this is happening, like how the NSA uses its indiscriminate data collection. Even phones that have no call records between them can be linked by these events. You’re probably better off keeping a unique phone for each location and turning them off during travel. Or better yet leaving them behind and keeping them on. It’s not very practical, but having expectations of privacy on cellular networks is not realistic – it was never designed for privacy. The networks explicitly identify cell phones with a static IME.
To the extent that one is able to, ditching cellular networks and using wifi+secure voip instead could help defeat tracking. However even if everything is encrypted and there’s no leaking of identifiable metadata, the very act of using specific encrypted protocols is a traceable event – you aren’t going to be very anonymous if your group is the only one using the encryption. Anonymity requires thousands and millions of people using the same endpoints and protocols as you.
Edited 2016-08-29 17:23 UTC
Agreed, something like this would help:
https://en.wikipedia.org/wiki/Wireless_mesh_network
Something without centralization.
Maybe something like https://en.wikipedia.org/wiki/Namecoin ?
https://en.wikipedia.org/wiki/Cjdns
To grow it might need to be an ‘all in one’ solution to take away the complexity:
https://www.youtube.com/watch?v=QOEMv0S8AcA
http://freedomboxfoundation.org/
Lennie,
While a lot of it should be technologically feasible, the trouble is always that market penetration is pathetic. The popular companies who are in the best position to promote these things aren’t interested in decentralized technology that undermines user dependency on them.
That’s the thing, I always enjoy talking about the tech and how it could work. But tech really isn’t the barrier, it’s corporate conflicts of interest.
The saddest part about the lack of support for mesh networking though is that it really isn’t a hardware issue. Pretty much anything that can run as a wireless repeater or use WiFi direct has hardware support for operating in 802.11s mode. The same generally applies to operating as a wireless repeater or a WDS unit too, most cheap routers don’t support either, but they don’t support it because of the firmware, not the hardware.
Most of the tech industry, like most businesses in general, is built on maximizing profit margins. Laptops are another great example, it’s not unusual to pay hundreds of dollars more for a higher resolution screen that only costs the manufacturer at most 25 bucks extra. There’s a reason I build my own computers, and actively look for systems that support end-user firmware updates when looking at embedded devices.
“…Anonymity requires thousands and millions of people using the same endpoints and protocols as you.”
You’re right, Alfman. Privacy requires only a properly encrypted protocol and trusted media. [By the way, don’t think people at large would be in the mood to play ‘007’. Not interested on trashing the Planet with disposable phones].
Besides, Anonymity is generally unachievable. [Maybe some people with multiple personality psyche]. We all have a profile, down to to the order we use to place words together.
That’s the reason PRIVACY is hugely relevant to any democratically driven Nation.
is to NOT use any form of social media.
don’t use Facebook, Twitter, WhatsApp etc etc etc.
don’t post anything on YouTube.
The less there is about you and who you know out there, the harder it is for anyone to snoop on your life and everything.
Plus, don’t use a Credit Card for everything. Yes, I know that contactless is easy but youy are leaving a trail of crumbs for the snoopers to follow.
Pay with cash for your everyday pruchases. Then they’ll have to work harder to follow you rather than you giving them everything on a plate.