If you think that your phone may have been hacked so that your
adversaries can watch you through the cameras and listen through the
mics, one way to solve the problem is to remove the cameras and
microphones, and only use the phone with a headset that you unplug when
it’s not in use.
Yeah that’s BS. The FBI can and have required telco’s to load software onto people’s phones without their knowledge so they can be used as listening devices.
The U.S. Commerce Department’s security office warns that “a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone.” An article in the Financial Times last year said mobile providers can “remotely install a piece of software on to any handset, without the owner’s knowledge, which will activate the microphone even when its owner is not making a call.” https://web.archive.org/web/20140112133850/https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html
Sigh, somebody needs a beginner’s lesson in security…
…for now, as far as you know.
…for now, as far as you know.
…for now, as far as you know.
…for now, as far as you know.
…for now, as far as you know and as long as the FBI doesn’t flick a few dollars at an unidentified contractor.
I remember before Snowden introduced himself to the world, people would have been calling this crazy because “the government using your phone as a bug is paranoid horseshit”. Assuming that exploits you haven’t heard of don’t exist is about the most fundamental security mistake anyone can make.
Is any of that correct? I did some digging and as far as I could tell if the FBI has a warrant for wire tapping they can do it. Is FlexiSpy the software they used for that drug case a few years back?
Me, I have no idea. I’m sure a warrant would grant legal authority to do so (which, incidentally, seems reasonable to me), but that still leaves a question about technical capability.
According to the wiki that’s been tested in court and it does. Sources for the wiki state that the FBI can order a telco to download and install software on any users phone without their knowledge that will allow the microphone to be covertly activated even if the phone is turned off.
It’s a broad statement without any qualifications about OS or rooted handsets.
Interesting. Still there’s the question, to what extent do telcos have that sort of capability? The law seems to only have a passing interest in what’s possible when it comes to technology.
Well it’s been done. I don’t know if handsets have been made more secure, and it’s harder to do now, but I’d say the situation is pretty opaque, and it’s safer to assume that every network connected device is a potential bug for government agencies.
And malware and under-handed app developers and telcos and snoopy bosses and snoopy parents and snoopy schools, and, and, and the list really doesn’t end because it’s a capability with myriad uses and abuses.
[quote=“ChuckV, post:44, topic:78693, full:true”]My phone is stained by original sin?!?!?!?!?
[/quote]
Heh hopefully not, but it’s also not impossible. These days there are subsystems and components that contain firmware, which is sometimes enough for malware to be able to enter upstream of a device’s manufacturer, not just downstream. (Hence it’s not something that default security settings can reliably protect against.)
And just a few articles down from this one Boing Boing mentioned this proof-of-concept attack which happens before a chip is even fabbed. That’s even deeper and darker than firmware - it’s a structure hidden in the physical silicon.
Fifty years comprising millions of hours of intensive R&D by countless individuals and collectives in computer science and hardware design, all summarized and condensed to a 143-gram object—and only a few months for someone to set it on fire.
While it is true that iOS devices(recent ones, that is) have a pretty good track record against malware; it’s worth mentioning the whole “Feds attempting to coerce Apple into signing their malware for them” issue. We know that the FBI’s public attempt didn’t work; but it’s probably not the last round of that game; and we’d never know if a ‘National Security Letter’(or just an NSA mole working as an Apple employee) has succeeded or when it succeeds.at some point in the future.
And if you have the vendor signing keys, autoupdate is little more than any atypically well QAed malware injection system.
It’s obviously true that rummaging around the guts of a phone and permanently neutralizing parts of it is a bit drastic; but trusting software is a bit naive.