Edward Snowden performs radical surgery on a phone to make it "go black"

Source

11 Likes

I wonder if you could pick up audio using the accelerometer in the phone. The iPhone 6s accelerometer samples at 2 kHz and I imagine is quite sensitive.

A quick search shows that it using a accelerometer as an acoustic pickup has been done with a 3-axis accelerometer with a sensitivity comparable to the one in an iPhone 6 - though with far more bandwidth.

Edit: looks like it has been done. Too bad Snowden didn’t remove his.

7 Likes

But… what about the reports that you can use signal injection to take over a phone using wired headphones, from up to 16 feet away?

Need a phone that takes this approach: (the neo900 did not, but an interesting idea)

2 Likes

For Android phones, connect it to a debug monitor and log system events like camera and microphone use. That would let you know if someone is watching and when. A rootkit exploit could lie to the debugger, of course, but it raises the bar quite a bit. It’s also good for finding apps to tear out of the phone, like the unused Facebook app that still connects to the mothership every night.

3 Likes

Never mind the GPS, WiFi, and cell tower tracking your location… Wouldn’t it be far more easier and correct to put the phone in a cage?

10 Likes

They don’t mention Flexispy because Flexispy is just some product that happens to do those things too. There is more than one way to skin a cat. Even in some alternative universe where that product is the only method in existence to compromise a phone, even just that can be plenty dangerous to plenty of people, regardless of whether you personally are not one of those people.

Sounds like it’s actually you that is muddying the signal TBH.

4 Likes

No, the actual show is discussing FlexiSPY and the developers of FlexiSPY also confirmed it was their product being discussed…

And because of the nature of how FlexiSPY works, it’s not a real concern since you first have to disable every security feature on the target device to even install it.

It’s like when Dateline NBC attached explosives to a GM truck to claim the fuel tanks would suddenly explode in a collision. Since most people don’t put model rocket engines triggered by a remote device in/near their fuel tanks, it wasn’t a legitimate concern.

The points stand: The demonstrated technique works against more than just flexispy, and the fact that you do not consider yourself at risk of flexispy in no way means that others are not at risk.

3 Likes

How have they demonstrated it works with tools other than FlexiSPY when the program ONLY discussed that one tool?

Of course, for any such tool to work on iOS, you need to first disable all security on said iOS device by Jailbreaking it.

“Perhaps the most terrifying thing – if your phone’s been hacked, you’d never know.”

2 Likes

Because a phone having its audio components physically removed is a pretty solid way of ensuring that none of the malware on the phone is using those audio components.

4 Likes

Yes, but not getting malware by disabling security features is a much easier, cheaper, just as secure way to make sure malware doesn’t use the microphone than physically removing components…

1 Like

Part of Snowden’s whistleblowing was that this is simply not true. Removing a microphone is factually - and frankly, obviously - a higher level of security against that microphone being used by malware than simply trusting that default security features will have kept the phone invulnerable at all times, including when it was not in your possession, and including before it was purchased, and including before it was manufactured.

Your situation (where default security is fine and no states or spouses or others with access to your phone are investigating you) is not everyone’s situation. Risks that you do not consider pertain to you are not risks that pertain to no-one.

3 Likes

So long as you keep your iOS device up to date and don’t jailbreak it, it’s not a risk to anyone with an iOS device. You cannot jailbreak an iOS device running iOS 7 or later without the passcode either (because you need the passcode to unlock the device). To suggest say otherwise is just FUD to get viewers.

Nothing Snowden revealed said anything differently.

And seriously, you think you could physically remove a microphone in a way that would the NSA couldn’t add a brand new microphone to the device?!

Do you trust your spouse so much that you’d give them your passcode but also trust them so little you’d physically remove the microphone?!

Are you serious?!

Nevermind. Doesn’t matter. We’re done.

1 Like

Agreed, your hypotheticals are absolutely insane. “I gave my spouse my passcode but removed the microphone because I don’t trust them”

That’s nuts!

1 Like

Those protect against different things. I could keep my known phone utterly sanitary of anything that my spouse could object to and give up the password to alleviate suspicion, but still not want my spouse to be able to use it to listen to me when I’m away.

In that case, why not just have a second phone? If you had so little trust, why would you even bring it with you? After all, if you remove the microphone, why couldn’t they just add a microphone? How would you know if one was added? Not to mention every speaker can be easily fashioned into a microphone.

And it’s weird you think your spouse would be so daft to not notice the device lacks a microphone and you always have to use a headset to make calls. Hell, what would prevent them from attacking the headphones you use?

It’s also a bit bizarre you’d think they’d be smart enough to install a jailbreak on the device that gives them remote access to the microphone but not smart enough to test it even once to see if it works…

1 Like