Forgot your password?
typodupeerror
Privacy Cellphones Government

NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data 144

Posted by samzenpus
from the always-watching dept.
schwit1 writes "New leaked NSA documents shed a new light on the agency's assault on the data controls of smartphone apps. Using app data permissions as a jumping off point, the documents show agency staffers building huge quantities of data, including 'intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.' One slide lists capabilities for 'hot mic' recording, high precision geotracking, and file retrieval which would reach any content stored locally on the phone, including text messages, emails and calendar entries. As the slide notes in a parenthetical aside, 'if it's on the phone, we can get it.'"
This discussion has been archived. No new comments can be posted.

NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data

Comments Filter:
  • by Anonymous Coward on Monday January 27, 2014 @05:23PM (#46085217)

    what those birds are so angry about

  • Can you hear me now? (Score:5, Interesting)

    by RotateLeftByte (797477) on Monday January 27, 2014 @05:25PM (#46085235)

    Why are you listening?
    Do you understand me now?
    Why are you still listening?
    Do you think I have something to hide?
    Remember, I'm on your side
    So bugger off like a good man
    and snoop on the Taleban

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      To be clear, it's the Obama Administration that is doing this. After all, he is responsible for the actions of this and other Federal Agencies.

    • by SirGarlon (845873) on Monday January 27, 2014 @05:51PM (#46085561)

      Remember, I'm on your side

      Correction: I'm on the side you *claim to be on*.

  • Smurftastic! (Score:5, Informative)

    by GPLDAN (732269) on Monday January 27, 2014 @05:28PM (#46085279)
    The NSA has all the actual slides from the internal presentation:
    http://www.theguardian.com/wor... [theguardian.com]

    From what I gather, TRACKER SMURF module of the WARRIOR PRIDE rootkit for both IOS and Android sort of grabs pin positions of places you search for in Google Maps as well as where you actually ARE. What's interesting is the seeming fascination with sexual orientation and clubs. I guess if there is dirt to be had on an operative or a politician, it might be if they are secretly a wild and crazy guy, or perhaps visiting a mistress in South America instead of being lost on the Appalachian trail.

    I know it's fashionable to be angry and all that, but the more of these slides they release, the more you understand how good these guys are at spycraft. It's a solid rootkit base with modules for various device driver interaction, it's pulling back info to be sorted in databases specifically at dossier building on targets, etc etc. It's a well organized program of information gathering, actually.
    • Re:Smurftastic! (Score:5, Insightful)

      by MightyMartian (840721) on Monday January 27, 2014 @05:34PM (#46085359) Journal

      And a police officer has the technical capacity to walk into my house and shoot me dead. That I can appreciate his likely skill with a service revolver doesn't mean he gets to shoot me dead at a whim.

      The same applies to the NSA. That it has some bright brains who have some impressive technical capabilities does not mean that they should be permitted to wantonly do it without proper civilian oversight, including the requirement that no US citizen's data be collected without an explicit and accurate warrant.

      In other words; capacity is only part of the equation.

      • by sycodon (149926)

        The police do that more often than you think.

      • by Zordak (123132)

        That I can appreciate his likely skill with a service revolver

        Cops don't carry those anymore. They carry Glocks. 9mm, 17+1 capacity. Yes, it's a technical nit to pick, but it means that the cop has 3x more bullets than you think he has if you think he's carrying a service revolver*. Also, he's probably carrying one or two spare magazines. In other words, Rain Man [xkcd.com] is screwed. Not only can he shoot you dead. He can shoot you very dead.

        *I'm not saying this is always a bad thing. Cops deal with some seriously bad people sometimes, and I'm all for them being able to defen

      • The United States government was designed, by The People, cognizant of past abuses inevitably and always leading to the downfall of freedom, with the guiding principle that this "technical capability" will be abused, and thus should only be used with warrant from a judge.

        Even forgetting the sophistry that warrants are not needed, that the technical ability exists where a warrant is just a checkbox on a sheet which can be skipped at will, or at abuse, is the problem. There should be uncorruptible access log

      • Very eloquent post ! Government has failed the first lesson about technology:

        "Just because you can, doesn't mean you should."

        And if you can't that does NOT imply to wantonly ignore the rules, nor does it mean simply change them to suit your fancy.

      • And a police officer has the technical capacity to walk into my house and shoot me dead. That I can appreciate his likely skill with a service revolver doesn't mean he gets to shoot me dead at a whim.

        Right but you accept the fact that the police need to have the capability to shoot people, right? Because if you were an armed robber or something they'd need to be able to do that to stop you.

        Similarly the NSA needs to have the capability to spy on people - terrorists, Russian or Chinese spies, or - if WWIII starts - Russian or Chinese soldiers are all people the NSA needs to be able to spy on. In fact it's highly irritating when people who tweet their every thought and bowel movement whine about this. The

    • Jawohl mein herr, ein fery efficient program.
      Vi hafe ways of knowing vat you fink! Trust us, vi only hafe the best interest of the nation in mind...

      • by GPLDAN (732269)
        Mister President, we must not allow a mine shaft gap!
      • by Cryacin (657549)
        The NSA seems to be only a few short steps away from the gas chambers and crematoriums.
        • Re:Smurftastic! (Score:4, Insightful)

          by bob_super (3391281) on Monday January 27, 2014 @06:14PM (#46085785)

          While that's a bit of an exaggeration since NSA is only collecting (once the data comes up/who cares where the hammer falls down/it's not my department/says NSA von braun), it fits in a more worrisome pattern.

          There was never a doubt in the European's mind that waterboarding is torture, because that's what was used by the Reich on the resistance. When you add a KGB/Stasi-on-steroids NSA, that makes for a nasty vibe.

          • by whoever57 (658626)

            There was never a doubt in the European's mind that waterboarding is torture, because that's what was used by the Reich on the resistance.

            And by the Spanish Inquisition, who documented it amongst their methods of torture.

          • by fritsd (924429)
            There is precedent in the Amsterdam city archive keeping track of what religion everyone had. That was also only data collection, with only beneficial purpose. Then the government ahem "changed", and they sent a group of SSers over to write down where all the Jews lived.
    • It seems like time to revisit virtualization within smartphones. Set up a VM with a bogus profile, and use that as a walled sandbox to run any questionable games or apps. If necessary, direct that VM's network traffic through an Internet proxy.

      • Even if you could setup a VM-like environment, you are wasting your time. First, you can't hack the 2nd cpu in the phone, which is the one that does the cell-tower comms, and how the backdoors can be loaded into the phone, and secondly, they don't really need to do the backdoor route because your data traffic is what reveals most of the info they are looking for. The only way to secure a cell phone is to place it in a faraday cage, embedded in concrete, and deep-sixed in the ocean.
    • I guess this means the Angry Birds tie in with The Smurfs and James Bond are not going to happen.

    • by coofercat (719737)

      > the more you understand how good these guys are at spycraft

      Actually, I disagree - they're not targeting very well at all. If they were going after specific individuals, whom had been selected by some proper surveillance and intelligence gathering then I'd say they were really good. As it is, they're just a very large version of 'grep'.

      I'll bet I can find a terrorist if you give me every email and text message ever written and the details of every Angry Birds game ever played. The only difference betwee

  • So what. (Score:3, Insightful)

    by RightSaidFred99 (874576) on Monday January 27, 2014 @05:30PM (#46085303)

    People seem to be freaking out that all these capabilities exist when anyone with half a wit or more knew that this was all possible.

    The question is regarding the set of controls over how and when this is done.

    I mean, by golly, did you know that 5 years ago they could listen in on your phone conversations and even determine where you were located when you were making the phone call?!

    Carrying on about these capabilities (as opposed to the way they are used) is going to look as quaint to people in 20 years as the above concern about land-line phone calls looks now.

    • But but... Hollywood keeps telling me I have 59 seconds before they can complete the trace?

    • Re:So what. (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Monday January 27, 2014 @05:50PM (#46085545) Journal
      "The question is regarding the set of controls over how and when this is done."

      Yes, about those... The secret ones, that you'd need access to secret information to verify compliance with, based on a classified interpretation of a massive hodgepodge of assorted laws, executive orders, and precedents, as interpreted by a secret court that doesn't release opinions and hears only testimony from the state agents requesting authorization? Those ones... Forgive me if I'm... less than 100% reassured.

      Internal regulation and discipline can't even keep the officers of Hickville PD from periodic abuses that end up drawing big civil suits, and those guys are both nearly powerless and highly vulnerable to 3rd party scrutiny. Why would anyone expect 'controls' on an agency that can just stamp 'Double Top Secret' on anything embarassing and bury it forever to be more than a joke for the break room?
      • by Eskarel (565631)

        They can't stop the officers of Hickville PD mostly because the community doesn't really have a problem with the abuses of Hickville PD.

        You see, the citizens of Hickville don't much like African Americans or other minorities very much, they wouldn't say that to your face, but it the cops are hassling people, well they're probably criminals. Because they're in Hickville, the residents of Hickville are the only people who regularly see what they're doing and since those same residents actually approve of what

  • by gurps_npc (621217) on Monday January 27, 2014 @05:31PM (#46085317) Homepage
    I, May of 2000, President Clinton unscrambled GPS for civilian usage.

    I always wondered why he did this. To create the GPS industry? I don't think so. Instead I think it was with the full knowledge that in a short time, the NSA could track people using it.

    • by Kardos (1348077)

      What? GPS receivers don't transmit. How do you track a GPS receiver?

      • by fuzzyfuzzyfungus (1223518) on Monday January 27, 2014 @05:53PM (#46085571) Journal

        What? GPS receivers don't transmit. How do you track a GPS receiver?

        You don't(well, somebody with an indistinguishable-from-magic antenna array and a truck full of DSPs might be able to pick up some effect of your antenna and RF circuitry against background; but it'd be dubiously practical at best); but a great many GPS receivers are connected to cellphones that are delightfully cooperative about providing those data for you. Now, even without GPS, cell tower triangulation would provide rough data; but GPS neatens it up nicely.

        • by Jody Bruchon (3404363) on Monday January 27, 2014 @06:57PM (#46086241)
          This is why the FIRMWARE of phone radio CPUs needs to be fully open-sourced. Until they are, there is no way to audit them for privacy concerns nor modify them to close such loopholes.
          • by swillden (191260)

            This is why the FIRMWARE of phone radio CPUs needs to be fully open-sourced. Until they are, there is no way to audit them for privacy concerns nor modify them to close such loopholes.

            Either the firmware didn't have spyware built in or the NSA's slides are misinformation, describing rootkits they didn't actually need to create in order to keep us from worrying about bugged firmware. Oh, and they must have planted this misinformation expecting that Snowden (or someone like him) would leak it.

            I'm not discounting your concern, firmware is a nice vector for such spyware. But this particular data release is fairly strong evidence against it being a real problem, at least in the recent past.

            • I suspect that (particularly when dealing with foreign subjects; but in general because they don't have many field agents) the NSA prefers full-featured rootkits; but agencies with more boots and fewer nerds are known to have taken advantage of the weaknesses of cellular firmware.

              In this case [wired.com], for instance, (atypically well documented, because of the court spat; but probably also occurs more quietly elsewhere), the FBI set up a stingray, then had verizon do a silent PRL push that reconfigured the target'
              • by swillden (191260)
                Very interesting. Having open source firmware is irrelevant if the authorities can simply and silently replace it at will.
                • The PRL isn't the firmware itself, it's a configuration file that instructs the firmware what towers to use (and a suitably paranoid OSS firmware would presumably at least tell you about the PRL push, and ideally apply heuristics to warn you about salient details, like "Hey, you just got a PRL push, and the PRL includes a tower that didn't exist at all last week. Isn't that interesting?", in sort of the same way that various SSL bandaid techniques try to warn you about SSL certs changing when they shouldn't
          • This is why the FIRMWARE of phone radio CPUs needs to be fully open-sourced. Until they are, there is no way to audit them for privacy concerns nor modify them to close such loopholes.

            "Fully open sourced" means at best you get the source code for what is claimed to be the firmware. The question is whether an open source or close source implementation makes it harder for an attacker to insert malicious code. Obviously assuming that the attack code would be in the source code that you get is more than naÃve.

          • by Reziac (43301) *

            And unless you yourself compile and put that firmware on your phone's CPU, how do you know the source that's released is the same program as comes with your phone??

            • You don't, but then again this applies to every piece of equipment that has any kind of computer code running on it, from NIC firmware to entire operating systems and software suites (TrueCrypt came under fire for precisely this line of reasoning, and comments on /. TrueCrypt posts go into great depth about it.) What this does allow you to do is to check the compiled code already in firmware against the source code and see if there are discrepancies between them that should set off red flags. If you find an
      • by csumpi (2258986)
        uhhmmm. yeah. the gps receiver doesn't transmit. but your phone, hooked to a gps receiver, does. now go back and read the article again.
      • by Anonymous Coward

        What? GPS receivers don't transmit. How do you track a GPS receiver?

        People keep saying this, but even putting aside cellphones (which obviously transmit this information frequently), unless you're very careful with the (often repetitive) privacy questions, your car GPS (which is what most people think of as a "gps") will transmit history every time you plug it in to update it.

      • by jddeluxe (965655)
        While they don't transmit, per se, if GPS is enabled (and sometimes even if disabled) the most recent GPS fix is typically stored in memory.
      • by thelexx (237096)

        While I don't agree with the op's premise, if you encourage civilian devices to use it while knowing you can tap or otherwise access all the logs of the receiving devices (vehicles/OnStar, phones), then...?

    • It was because it was largely useless to use selective availability at the time as the only people who were punished were those using low grade GPS receivers. Military wasn't subject to it and golf courses, surveyors, and our enemies could get around it via base stations.I'm sure this is intentionally paranoid but a GPS is essentially nothing more than a clock, with more expensive GPS being better clocks.
    • by Baloroth (2370816)

      I, May of 2000, President Clinton unscrambled GPS for civilian usage.

      I always wondered why he did this. To create the GPS industry? I don't think so. Instead I think it was with the full knowledge that in a short time, the NSA could track people using it.

      Not exactly. GPS was always available for public usage, they just turn off "selective availability", which increased the accuracy of civilian GPS (from the ~50 meter accuracy down to meter or sub-meter accuracy).

  • by Anonymous Coward

    Don't use their products. The move away from US technology has only just begun.

  • One article I read phrased this as the NSA spying on Angry Birds use. Come to think of it, it makes sense! You are launching projectiles (birds) at "buildings" (the pigs' structures) to cause casualties (pigs). The black bird's even a bomb that blows himself up. The Angry Birds are terrorists!!!

    • I approve the part about the pigs being the target.

      • by fritsd (924429)
        Because they're "capitalist pigs", or because they're haram?
        Never mind either case, you're on the watchlist now, Bob.--Meat packaging lobbyist group of America
  • Does this feature [androidcentral.com] have any ability to secure a phone?

    I take no small pleasure in doing this to Facebook.

    • You need to think of the NSA as the "Eye of Sauron" Sauron had immense power, but without focus it was spread weakly across the world. But when the Eye was pointed your way, whoa unto you. You can't secure your phone against the NSA. If you get their attention they will have everything. This is the way it will be until the evil is destroyed.

    • Security theatre. It will help with privacy from the perspective of not giving away lots of info to a particular app maker, but it will do nothing to stop what NSA/GCHQ is doing.
    • I would specifically like to see this gain the ability to spoof or randomly generate phone ID data for that "read phone identity and number" permission. That'd be pretty fun.
  • now can we encrypt all traffic by default?

    • by Burz (138833)

      There is one way... http://geti2p.net/ [geti2p.net]

      They have an android version in alpha, too, but its mainly a PC/server networking layer.

      The thing to remember about plain encryption is that it still shows a lot of metadata: the Who, When, and Where of all your communications. It should be paired with an anonymizing network layer like I2P if you want to minimize leakage of that info.

    • Re: (Score:1, Insightful)

      by Anonymous Coward
      If you're rooted, encrypting does nothing but give a false sense of security.
  • by Anachragnome (1008495) on Monday January 27, 2014 @06:13PM (#46085767)

    From the following linked article:
    "During a recent interview session I had with Mikko Hypponen, the chief research officer for digital security company F-Secure Corp, he shared that he was friends with the men behind Rovio, the creators behind another massive success story--Angry Birds."

    http://www.thestar.com.my/stor... [thestar.com.my]

    A couple of years ago I tried, in earnest, to inform Mikko Hypponen of evidence I had acquired (first-hand) that proved that Sony Entertainment was gathering data from computers that had Sony software installed, after being referred to him by Mark Russinovich (of Microsoft/Sysinternals fame). I was stone-walled completely, even after providing crash-dumps that held all the evidence he needed to go public-- now, I know why.

    • Wow. As much as I liked the TED talks the guy gave that put him firmly in the anti-NSA camp, I wonder what his scruples say about this potential conflict of interest (considering how much info Angry Birds sends back to the mothership...). If you weren't already at +5 I would mod you up.
    • The folks behind the tracking...

      According to Rovio's own site, they use Flurry for data acquisition:

      "In addition to the information covered above, we use Flurry Analytics in most games to collect gameplay-related information and technical data. This is a common analytics component, used widely in mobile gaming - for more information see www.flurry.com."

      From the Flurry site, one will find the following code used by "Angry Birds" to track users:

      http://support.flurry.com/sdkd... [flurry.com]

      Above code is part of larger cac

      • I think someone at Rovio is pissed...

        At the bottom of this page at the Rovio website...

        http://www.rovio.com/en/news/b... [rovio.com] ...are four links to further information regarding privacy policies and FAQs, including a link to The New York Times privacy policy page...WTF?

        http://www.nytimes.com/content... [nytimes.com]

        If you'll scroll down the section titled "Analytics Technologies", you'll see that The New York Times uses Flurry to track their users, just like Rovio does.

        "We use Localytics and Flurry to track and report on the

        • Apparently, The Guardian uses Flurry as well.

          http://www.theguardian.com/hel... [theguardian.com]

          "Please visit audiencescience.com/privacy.asp, quantcast.com/privacy and flurry.com/privacy-policy.html for the privacy policy of our online behavioural targeting technology providers."(again, my emphasis)

          A quick look at the Propublica privacy policy shows that they use Google, for what that's worth.

  • The shame of it is, if I felt that the NSA was obeying the law, not watching people but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized, I would favor this capability.

    Though let me be clear here; by "probable cause", I mean that a substantial percentage of the people who pass the probable cause bar wind up being found guilty. The notion that anyone crossing the border is subject to search, for example, doesn'

    • by Eskarel (565631)

      Of course people crossing a border pass that test. US Customs was created and empowered to search people crossing the borders by the people who actually created the constitution. Searching people and objects entering your country is something that law enforcement is empowered to do in every single country on earth and has always been empowered to do in every single country on earth.

      • by Bob9113 (14996)

        >> Though let me be clear here; by "probable cause", I mean that a substantial percentage of the people who pass the probable cause bar wind up being found guilty. The notion that anyone crossing the border is subject to search, for example, doesn't pass the test.

        > Searching people and objects entering your country is something that law enforcement is empowered to do in every single country on earth and has always been empowered to do in every single country on earth.

        I wasn't very clear. I was sayi

  • If those Powerpoint slides are legit, then someone inside the NSA is seriously negligent in proper portion marking of classified documents. That's a security violation right there.
  • Surely the existence of these abilities is a useful power in meaningful intelligence activity, so its revelation does make the NSA less effective in its legitimate work. The whole debate is always sailing close to this line; to me these revelations are over the line, unlike a lot of the earlier ones.
  • by Trax3001BBS (2368736) on Monday January 27, 2014 @08:03PM (#46086777) Homepage Journal

    The file "Computer_Forensics_for_Prosecutors_(2013)_Part_1".pdf has this gem in it.

    "Users of mobile devices and cloud storage sign off on their rights to data scanning, There is no opt-out option."

    This file showed up when a question of True Crypt being back doored came up, as out of the blue it mentions it is; if not set up correctly I would tend to agree.

    Page 16 http://www.techarp.com/article... [techarp.com]
    article lies about Phil ZImermann but the only place I could find the file.

    • "Page 16 http://www.techarp.com/article [techarp.com]..."

      Mod up Informative, please.

  • by UnanimousCoward (9841) on Monday January 27, 2014 @08:27PM (#46086955) Homepage Journal

    I often type in and drive to strip clubs and card rooms just to throw the NSA off since those searches are in complete contradiction of my choir boy profile.

    • by Anonymous Coward

      you sly devil, I do the same exact same thing, except i actually enter the bars

  • by Greyfox (87712) on Monday January 27, 2014 @10:55PM (#46087823) Homepage Journal
    Just to get a picture of my dong. They could have just asked, I mean, if it was for national security and all that...
  • "If it's on the phone..."
    Oh yeah? Not if I don't have a smart phone with data, you can't.

    Still not gonna give in.

  • playing Angry Birds, mayhaps enraging you (?); you have nobody to blame but yourself. Ok, NSA shouldn't be grabbing your www.Rivo.com (Angry Bird)
    data, but the truth is they are just double dipping what Rivo.com has already collected. The reason Angry Birds is mentioned is it's ToS. Do yourself a favor and read it, You'll find it at www.rovio.com.

    When I say ToS, I mean everything; Privacy Policy, EULA and any other practice of using your private info - to me the phrase "ToS" covers it all.

    I read ToS's and i

    • I use www.rovio.com as a poster child of what a bad ToS reads like, Rovio uses the www.nytimes.com's privacy policy :} - to show it's "in fine company, or they aren't the only ones doing it. http://www.rovio.com/en/news/b... [rovio.com] bottom of the list. www.rovio.com also taught me of Flurry.com - one thing about www.rovio.com they covered everybody in the chain, very helpful editing one's HOSTS file. Missing of course: "overseas".

      After reading Rovio's ToS - to opt out is done by cookies, you can never remove anothe

This login session: $13.76, but for you $11.88.

Working...