Smurfs vs. phones: GCHQ's secret smartphone malware that can take pics and listen in even when your phone is off


#1

[Read the post]


#2

Y’know, I’m kinda getting a little tired of being asked by my acquaintances not to spout such paranoid nonsense and a few years later reading a verifying headline. Some of them have just given up acknowledging reality and remain camped out in a just-world fantasy but I do receive the odd apology.

Now if only I could get some traction with my ‘conspiracy theories’ on tectonic plate manipulation via satellite.


#3

Frustrating, isn’t it? I’ve often brought it up and i’ll get something like “ooh that sounds a bit conspiracy theory to me”. No it’s not! The evidence is right there! The conspiracy theorists were just paying attention! :rage:

I wouldn’t even attempt to bring up the stuff jacob applebaum talks about, you might very well be sectioned.


#4

Cricket just forced me to buy a new phone, because something something network. I bought the $15 special. It’s so dumb it can barely text. I wonder if it’s capeable of running any malware more sophisticated than Frogger.

My company also issued me an iPhone, so I guess I’d better leave that home when discussing my plans with co-conspirators.


#5

Yeah, it could probably be pwned.

What are you hiding?


#6

I’m not too worried. For that hack, you’d pretty much need my phone on a bench, and if you’ve got that you’ve probably already got the thing in my trunk.


#7

But now I know it’s in your trunk.

#Bwahahahaha!


#8

any specifics?


#9

It’s pretty easy stuff to find. Mostly Google, Apple, etc are spying on you on behalf of three-letter agencies, and the power of those agencies is vastly out of hand.

…Normal stuff you hear on bOING. (And not necessarily crazy…)


#10

I assumed there was some specific craziness of which I was not aware. I was assuming it was something to do with behavioural prediction crossed with photo access and blackmail… or something.

Well, if it’s going to get you sectioned…


#11

Exaggerated for effect but only very slightly! His protect and infect presentation was pretty mind blowing. Try bringing some of that stuff up and you really will be laughed at, especially the slide around the 56 minute mark. Ok, maybe not sectioned.

Link


#12

I thought the whole intersecting carrier waves thing was a normal anti-speech tool employed to disorientate public speakers? Just beam hypersonic carrier soundwaves carrying regular frequency gibberish into the resonant cavity that is the speakers skull and it sounds to them that they are ‘hearing voices’… or whatever other sound you choose.

Data exfiltration via radar sounds interesting I guess, although I always thought the 3d mapping technology via wifi signal was more impressive…

The whole 3d networked microphone thing distributed across a city, which can pinpoint a mouse farting in your wall seems scarier.

Video exfiltration via radar seems… difficult, aren’t the waves too big?

Keyboard retroreflection sounds most new and interesting to me… will have to watch that bit…

And really? location tracking is new?

But that was cool, ta.


#13

Well, eavesdropping on information via van eck radiation is nothing new but now it appears to me part of the 3 letter acronym’s grab bag of goodies. But you should watch the whole thing, it’s a really tour de force of research and sheer buttock clenching terror about what we’re up against. Can we trust ANY of our hardware? Not really!

Oh, i should say that this is from 2013 so location tracking with drones and cell signals was newer then i suppose.


#14

even when turned off

I’m assuming this means “even when ‘asleep’”.

Pretty sinister, but Motorola introduced some of this as a “feature” with their Moto X a couple of years ago…


#15

Some computers have the wakeup-via-RTC feature. This may be a trick included to the power-off sequence - set it to wake up silently.

Could be interesting to get a sample of the smurf to dissect, run it on a phone, and do power analysis on the battery. Could lead to hardware-based countermeasures - Arduino-class chip and a power monitor, attached to the battery and alerting if power consumption profile does not match being asleep or not communicating.

The added hardware dongle is likely a transmitter, the radar telling it just to power on or off. Or to intermodulate the data to the incoming signal.

This can be done via DIY. See my project (now delayed due to other priorities, grrr) of GPS-synced microphone.

It’s not paranoia. It’s awareness.


#16

From the perspective of my un-aware friends it sounds like paranoia. When they ask me not to spout such nonsense, I am attributing to them the state of holding such an opinion.

English is weird.


#17

No, this means when, from your point of view, it is turned “off.” Unless you remove the battery, a phone is basically never off.


#18

Thought. Transistors on the silicon chips tend to emit near-IR when they switch.

What about decapping all the chips on the phone board, and watch what is happening where?

Any chance for this malware (or other with comparable functionality) to leak out for independent examination by multiple hackers? So supervision/detection systems can be devised?

Power analysis, both the juice drawn from the battery itself and on different points of the phone’s power buses, could be quite enlightening, too.


#19

I just wanted to point out how much more enjoyable the headline could have been with the word “Smurves”.


#20

It’s what Tolkien would have wanted.