If you think that your phone may have been hacked so that your
adversaries can watch you through the cameras and listen through the
mics, one way to solve the problem is to remove the cameras and
microphones, and only use the phone with a headset that you unplug when
it’s not in use.
I just wear an aluminum hat. Works beautifully.
Yeah that’s BS. The FBI can and have required telco’s to load software onto people’s phones without their knowledge so they can be used as listening devices.
The U.S. Commerce Department’s security office warns that “a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone.” An article in the Financial Times last year said mobile providers can “remotely install a piece of software on to any handset, without the owner’s knowledge, which will activate the microphone even when its owner is not making a call.”
https://web.archive.org/web/20140112133850/https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html
Sigh, somebody needs a beginner’s lesson in security…
…for now, as far as you know.
…for now, as far as you know.
…for now, as far as you know.
…for now, as far as you know.
…for now, as far as you know and as long as the FBI doesn’t flick a few dollars at an unidentified contractor.
I remember before Snowden introduced himself to the world, people would have been calling this crazy because “the government using your phone as a bug is paranoid horseshit”. Assuming that exploits you haven’t heard of don’t exist is about the most fundamental security mistake anyone can make.
My phone is stained by original sin?!?!?!?!?
Just a reminder ios/android/windows/etc is not the only os on the phone
Is any of that correct? I did some digging and as far as I could tell if the FBI has a warrant for wire tapping they can do it. Is FlexiSpy the software they used for that drug case a few years back?
As far as @Rosyna knows…
Me, I have no idea. I’m sure a warrant would grant legal authority to do so (which, incidentally, seems reasonable to me), but that still leaves a question about technical capability.
According to the wiki that’s been tested in court and it does. Sources for the wiki state that the FBI can order a telco to download and install software on any users phone without their knowledge that will allow the microphone to be covertly activated even if the phone is turned off.
It’s a broad statement without any qualifications about OS or rooted handsets.
Interesting. Still there’s the question, to what extent do telcos have that sort of capability? The law seems to only have a passing interest in what’s possible when it comes to technology.
Well it’s been done. I don’t know if handsets have been made more secure, and it’s harder to do now, but I’d say the situation is pretty opaque, and it’s safer to assume that every network connected device is a potential bug for government agencies.
One of those arms race type situations I guess. At least until security patches are outlawed.
And malware and under-handed app developers and telcos and snoopy bosses and snoopy parents and snoopy schools, and, and, and the list really doesn’t end because it’s a capability with myriad uses and abuses.
[quote=“ChuckV, post:44, topic:78693, full:true”]My phone is stained by original sin?!?!?!?!?
[/quote]
Heh 
hopefully not, but it’s also not impossible. These days there are subsystems and components that contain firmware, which is sometimes enough for malware to be able to enter upstream of a device’s manufacturer, not just downstream. (Hence it’s not something that default security settings can reliably protect against.)
And just a few articles down from this one Boing Boing mentioned this proof-of-concept attack which happens before a chip is even fabbed. That’s even deeper and darker than firmware - it’s a structure hidden in the physical silicon. 
So you’re saying once you go black, you’ll never go back.
I can’t watch the video.
“The uploader did not make this video available in your country”
It seems like they want to force me to become more like Snowden and install a vpn. Stupid geo-restrictions…
Edit: this took me way too long, so maybe I’ll save someone some time? If you are geo-restricted, watch the video here:
Fifty years comprising millions of hours of intensive R&D by countless individuals and collectives in computer science and hardware design, all summarized and condensed to a 143-gram object—and only a few months for someone to set it on fire.
[something something] late-stage affluenza.
While it is true that iOS devices(recent ones, that is) have a pretty good track record against malware; it’s worth mentioning the whole “Feds attempting to coerce Apple into signing their malware for them” issue. We know that the FBI’s public attempt didn’t work; but it’s probably not the last round of that game; and we’d never know if a ‘National Security Letter’(or just an NSA mole working as an Apple employee) has succeeded or when it succeeds.at some point in the future.
And if you have the vendor signing keys, autoupdate is little more than any atypically well QAed malware injection system.
It’s obviously true that rummaging around the guts of a phone and permanently neutralizing parts of it is a bit drastic; but trusting software is a bit naive.
Umm make sure you buy a phone with a removable battery?
/Just a thought
You should drop the mic now and walk off stage. Well played. Well played.
