Edward Snowden's New Research Aims To Keep Smartphones From Betraying Their Owners (theintercept.com) 107
Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.
is this useful? I think not. (Score:3, Interesting)
I'm not that concerned that my phone might transmit while in airplane mode. My phone usually isn't in airplane mode. It's far more concerning what's being transmitted while the phone is operating normally. I'd be far more interested to know, for example, whether my phone is secretly recording my conversations and acting as a bug.
Re: (Score:2)
Agreed. This issue have been my primary concern with tablets and smartphones.
Re: (Score:3)
What we really need rather than a smartphone is a computer that can fit in a 4"X6"X1/2" case with a touchscreen.
While you may think I'm being facetious, phones have a history of belonging to the carrier, while computers have a history of belonging to the owner, and the software involved has a similar history. Cellphones belong to carriers, computers belong to owners. That's unlikely to change (Windows 10 not withstanding).
Re: (Score:2)
Re: is this useful? I think not. (Score:3, Informative)
And you might never know. Most phones have a dedicated microcontroller which handles the GSM/CDMA stack and is directly interfaced to the cameras and the microphone. That is right, human: The application cores interface with that dedicated microcontroller core with an on-die highspeed serial bus. All the phone app does is send a command over that bus to start a phone call. The firmware in that microcontroller handles the radio and sets up the dsp to start sampling fron the microphone and output to the speak
Hardware Switch (Score:1)
Wouldn't a simple hardware switch that connects the phone to its antenna suffice ?
No antenna = no useful signal for the towers to pick up.
Re: (Score:2)
Re: (Score:2)
Taking the battery out is not an appropriate solution in this case. I think the underlying idea here is that certain functions of a smartphone are required in some situations, but the smartphone's tendency to "call home" under those situations may be undesirable. Removing the battery defeats both: sure, the smartphone can no longer call home but, with no battery, I am also unable to take notes, use the calculator or view documents previously saved to the smartphone's memory.
Re: (Score:2)
Take the damned battery out! Hasn't anybody seen NCIS!
Unfortunately for alot of newer phones, that isn't an option. That and no SD slot were my only gripes about my latest phone.
Finally, a use for that tinfoil hat I wear..... (Score:1)
Take the damned battery out! Hasn't anybody seen NCIS!
power off device completely. Remove battery (if possible). Remove tinfoil hat and wrap phone. That should pretty much solve the problem unless I am missing something, and it gets that goofy tinfoil hat off your head so people stop looking at you strangely.
Re: (Score:1)
Yes, but that requires the cooperation of manufacturers, which are not going to do this because it costs money, increases the size of the phone, and makes it generally more unreliable resulting in higher warranty and support costs.
Our problem nowadays is that everything is designed from the ground up to take control away from the customer and put it in the hand of the manufacturer.
Literally everything. From the most basic ideas, concepts, standards and protocols upwards.
That is why the only feasible defense
Re: (Score:2)
A competent techie should be able to take the board, solder a couple of wires on a strategic place and attach a switch to it. Flipping the switch could disconnect the antenna, short some component or do whatever it takes to mess with the radio.
Once we know what to do, the procedure shouldn't cost the user more than $100 or so.
Re:Hardware Switch (Score:5, Insightful)
In an NSA/corporation controlled world, we must be mindful of what smartphone manufacturers define as "hardware switch". By definition, such a switch would use physical/mechanical hardware to completely deactivate the hardware itself (in this case, the radio). However, I can tell you now that if smartphone manufacturers have any say, any hardware switch" would merely trigger a software action that would put the phone into Airplane mode. Thus, we end up needing Snowden's device to make sure the radio is truly deactivated.
Re: (Score:2, Informative)
Re: Hardware Switch (Score:2, Interesting)
Simply disconnecting the antenna on a functioning transmitter usually doesn't end well for the transmitter's final power amplifier.
How smart is Snowden, exactly? (Score:2, Insightful)
I thought he was just a pretty average govt. tech employee that decided to leak a bunch of documents. Now he seems to be treated like a leading expert on security? Is there something I missed here? Is his research something beyond a Google search?
Re:How smart is Snowden, exactly? (Score:5, Interesting)
Well, unlike everyone else, he puts the issue into the spotlight for everyone to see.
Since he has some privileged insights on how our intelligence agencies like to do things, this makes his opinion a bit more useful than the folks who merely theorized at what our government was doing.
One of my greatest interests lie in those documents we've never seen made public. What information did he obtain that he thought was extremely relevant, but has never been released to the public by those he trusted with that very task ? Of the thousands of documents he had access to, we've seen what a dozen or so ?
What and why would they still withhold that information ?
Re: (Score:1)
Well, unlike everyone else, he puts the issue into the spotlight for everyone to see.
Since he has some privileged insights on how our intelligence agencies like to do things, this makes his opinion a bit more useful than the folks who merely theorized at what our government was doing.
It's like he's qualified for a high level government policy position [slashdot.org].
Re: (Score:2)
And he is in Russia as a guest of the government. Russia a nation of with a long history of respecting privacy and an individuals freedom.
Sorry but does anyone not know that even your PC and your car uses a soft switch?
Re:How smart is Snowden, exactly? (Score:5, Insightful)
The NSA is one of the world's leading secret agencies, what should you expect?
Probably lots of NSA employees are experts on security. Being experts is their job. Even if you aren't one if you start at NSA, their training will make you an expert, at least if compared to what the public knows about these things.
Re: How smart is Snowden, exactly? (Score:5, Informative)
If you actually read the page you linked:
Snowden instructed top officials and military officers on how to defend their networks from Chinese hackers. During his four years with Dell, he rose [..] to working as what his résumé termed a "cyberstrategist" and an "expert in cyber counterintelligence" at several U.S. locations.
He wasn't just hired as security expert, he was hired for doing counterintelligence. Which is what he does now as well.
Re:How smart is Snowden, exactly? (Score:5, Insightful)
I thought he was just a pretty average govt. tech employee that decided to leak a bunch of documents. Now he seems to be treated like a leading expert on security? Is there something I missed here? Is his research something beyond a Google search?
How does one become an expert on security? Spend lots of time reading, thinking and studying. What else do you think Snowden has been doing for the last three years? He may not have been a security expert before collecting and leaking the documents, but he's clearly a pretty smart guy, and very motivated to care about security and privacy issues. He's been trying to use the pulpit his fame has given him to highlight those issues, and he's also clearly been doing his homework.
Aside from all of that, though, what's the point in questioning his expertise? If what he's saying doesn't make sense, say so. Your post isn't "insightful", it's just a variation of the argument from authority fallacy... in this case trying to discredit his ideas by citing his lack of authority, rather than addressing the ideas themselves.
Re: (Score:2)
Do average staff members get a placement e.g. a US fly over state site and then get tested/trusted with interna
Re:Trump knows Snowden is a traitor (Score:4, Informative)
He was also too scared to sign a pardon for him. Which is what should happen. What Snowden did was a service for the public.
Re: (Score:2)
Re: (Score:2)
In above post, I've meant obama, not trump. If trump becomes president, it won't look well for snowden.
Has he told his friends at the FSB yet? (Score:2)
They won't be happy. He'll might have his ration of Borsch withdrawn.
Re: (Score:1)
Who do you think wrote this article?
. . . is necessary in part because most common way . . .
. . . looking similar to a smartphone with an extra bulky battery . . .
. . . and possibly to also come equipped with . . .
That article was either originally in Russian, or translated by someone for whom, let's say, English is a second language.
Snowden (Score:5, Insightful)
Prolific, savior of humanity.
Re: (Score:2)
I bow to your 2-digit ID.
Re: (Score:2)
inb4 "he bought it on ebay" ;)
Won't do anything (Score:4, Informative)
This won't do anything. It's not like people are only using their phones to make an outgoing calls and then turning them off. People use smart phones to DO things. Whether that's accessing the internet or communicating with people via text or voice, the phone NEEDS radio signals to do that. "Man in the middle" systems exploit that for tracking. What Snowden and Huang are recommending isn't going to change that at all.
Re: (Score:1)
It won't change that for *most* people.
Us tinfoil-hatters would love more hard switches on phones, better firewall / understanding of incoming/outgoing data, etc.
I'm all for it.
Re: (Score:2)
The NSA, Australia, Canada, NZ and GCHQ get the origin, destination, number and content of the call via their shared collection sites globally.
The call will get the same amount of interest as any call. If the caller recipient of the call or any of their contacts ( a few hops i.e. friends of friends) are listed as been of interest, even more value will be placed on collecting that communication.
That occurs on the national and international pipes and i
Re: (Score:2)
Its better than nothing I suppose, but a better step might be to get manufacturers to build in hardware based cut offs of the transmission hardware and maybe hardwired LEDs showing when the mic/camera is active.
Forget LED's. Put in hardware disconnects for:
* mic(s)
* camera(s)
* bt/wifi
* cell
* gps
* NFC
It'd be an entirely different phone, but it's not that crazy a thought. Push to talk was in widespread use by nextel folks for a long time, and also in CB and radio forever. I already start out every conference call I'm on by hitting mute... just make it easier to do that with a real button that actually ties to a circuit (maybe a slide, so I can slide it on/off). The others could also be put on one hardware airplane m
Re: (Score:1)
This. The comments suggesting just disconnecting or disabling the radio are missing that the phone could record stuff & transmit it later when re-enabled. An RF sensor will not stop such recording, either.
Sensors could have small, redundant backups, so hardware input switches might only get a false sense of security. For that matter, even removing the battery is in principle possible to work around (using an extra battery or a capacitor—the power needed to record from a microphone is not very high
Cellular communication is tainted in the USA (Score:3)
So, if you're some kind of political dissident, or you're trying to escape an abusive person who has access to the telecoms' data*, it's probably best to not even use cellular communication at all. Use Tails. If you have no other choice but to use cellular transmissions, then it's probably better to have some kind of hotspot where you can communicate everything with end-to-end encryption from a trusted computer, rather than using the radio that comes in your phone and could potentially blabber about everything connected to it.
*You might think this unlikely, but once I was listening to an FM radio show (the Kane Show, for those in the Washington DC area). This show has a segment where people who know their significant other is cheating on them get revenge in various ways. Now, this might've been entirely staged or a hoax, but one woman told the hosts that she knew her boyfriend was cheating on her because she worked for Verizon (which was his provider) and monitored everything he did on his phone through 4G. Maybe the boyfriend had it coming in this particular case, but imagine some violent, stalkerish man doing this to women...
Re: (Score:1)
"surrendering your privacy when presented with warrants"
Warrants? That's the problem, government doesn't want to go through all of the hassle of getting warrants anymore even though they are practically rubber stamped these days. Most record requests are in the form of subpoenas, which have NO judicial oversight unless the party receiving it goes through the hassle/cost to fight it. They're even trying to get away from using subpoenas as even with gag orders (NSLs) they leave a paper trail that can event
Re: (Score:2)
Who owns our phones? (Score:5, Insightful)
The difficulty seems to be that they're trying to hack privacy onto phones that are not really designed for it.
The vast majority of phones seem to be designed around the idea of apps, particularly social apps.
The hardware on these phones are typically black boxes and the software is designed in the interests of the vendors.
It's not difficult to make your computer private. You can build it from component pieces and put an open source OS on it.
In contrast, I've found a little information on building your own phone.
https://www.raspberrypi.org/bl... [raspberrypi.org]
That's the best I could find and it's a long way from being a practical phone.
For starters I can't find any CDMA circuit boards so you can't use it with Verizon. As bad as they are they have the best network in the US.
But ultimately being able to really own our phones is the only way to insure privacy on them.
Re: (Score:1)
The difficulty seems to be that they're trying to hack privacy onto phones that are not really designed for it.
Sure, but just having a physical switch for the radios/batteries/mic/camera could go a long way in helping someone feel like they actually control their phone. There's no way to be sure that a phone isn't bugged, but being able to break the circuit when desired is better than nothing at all. As you pointed out, actually having privacy while using it is an entirely different matter.
Re: (Score:2)
being able to break the circuit when desired is better than nothing at all.
Not much.
If you assume that your phone has been compromised to the point that you can't trust the indicator that says that you're radio is turned off then it would be trivial to just log your route and upload it whenever you turn the physical circuit back on.
Re: (Score:1)
If you assume that your phone has been compromised to the point that you can't trust the indicator that says that you're radio is turned off then it would be trivial to just log your route and upload it whenever you turn the physical circuit back on.
In the Vice news interview [youtu.be], Snowden demonstrates physically removing the cameras and mics from the phone. My point was rather than have to go to this extreme, the next best thing would be mods to be able to toggle those features or radios without having to trust the phone's OS. Even just a switch instead of having to pull the battery would be a big improvement.
This vs Faraday cage (Score:3, Insightful)
Scenario 1
You are one of the subversives. You wish to prevent your phone from leaking your location or the curently open document. You attach one of these detectors, turn airplane mode on. In about 20 minutes since you left home, as if on a timer, your detector beeps and you see RF activity. You scramble to turn it off, wondering if it leaked your location and / or open document.
Scenario 2
You are one of the subversives. You pull the battery out. You write with a pen on paper.
Scenario 3
You are one of the subversives. You place the phone in a makeshift Faraday cage. You write with a pen on paper.
I don't really understand the first scenario. Are we talking about sensitive enough info ? Then why risk using the phone ? What app (with no network access required) would be absolutely vital to a subversive meeting ?
Also, would it beep if it got excited by other RF, possibly emitted by those looking for subversives ?
I appreciate privacy but this device seems to give a false sense of security. If a person doesn't have the discipline to enforce a "battery out" or "leave phone home" policy, would they have the discipline to randomly test this device, to keep it charged, to inspect it for rogue electronics, etc ?
I should be paranoid about my phone, but not about this device ? Also, it seems a bit narrow in scope. Does it check for inaudible sounds from the phone's speaker ? Does it check for CPU load that modifies the phone's thermal print ? Does it check for blitz pulses ? Does it check for the phone quietly recording everyhing ? Does it check for.. uhh, I'll stop.
Data exfiltration (wooo...) isn't just a real time problem.
Doesn't help much (Score:2)
How about a pool of shared virtual SIM cards? (Score:5, Interesting)
I've thought about this a bit. Consider a consortium of like-minded privacy-concerned people that has a pool of virtual SIM cards (exceeding the user base by perhaps 2x or more). The group pays for the whole pool of SIM cards (end users pay the group, perhaps through bitcoin). Participating phones check out random virtual SIM cards (using some kind of cryptographic signature perhaps similar to blockchains to assure anonymity) periodically in order to ensure apparently random distribution. All transactions flow over a VPN to a common network and the phone itself is disabled (use VoIP). Web access runs through Privoxy or similar filtering to ensure there are no traceable bits. This should be fine until you start installing other apps.
This probably requires special hardware in order to "spoof" the consortium's SIM cards and swap between them with minimal downtime.
'Tracking' (Score:2)
But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location.
Which is close to the top of the list of reasons why I really don't want one at all.
Now, if I could get an OS and drivers for the GSM hardware that were all open-source, and I could examine and compile it all myself, and load it onto the phone, then maybe, but as is? They've got more security holes than your average kitchen colander.
Re: (Score:2)
I'd be fine my phone leaking my location as long as the GPS didn't keep dropping signal every time I try using it for navigation.
Re: 'Tracking' (Score:2)
Re: (Score:1)
Re: (Score:2, Insightful)
His 15 minutes are up, so he's trying to make a living in his field of expertise: counterintelligence. What's wrong with that, and what in the world do you think he's supposed to do to make money while in exile?
Re: (Score:2)
Mini StingRay? (Score:1)
The Neo900 is good in this area (Score:3)
The currently-in-development Neo900 project (which hit a few snags because PayPal are scumbags and withheld large chunks of project funding but seems to have recovered now that PayPal has released the money) has some features that will help with this.
It contains physical hardware level off switches for phone radios/antennas (including a separate disconnect for the GPS antenna to prevent it from being able to do GPS location unless you enable it) but more importantly the design of the hardware means the baseband radios (including the cellular baseband module) have NO access to the main application processor or its RAM or Flash storage. All audio goes through the main application processor as well (meaning the baseband has no access to the microphone in the phone at all)
As far as I am aware it will be possible to run the Neo900 and use its features (make calls, access the internet etc etc) using only open source software on the main application processor (so no blobs that could contain backdoors).
No its not an iPhone or an Android device, no its not super-thin and super-light, no its not packing the latest super-powerful CPU and no it wont run Pokemon Go or Netflix but it will prevent bad actors (whoever they may be) from remotely activating your phones microphone and recording everything you say without your knowledge.
Potential market for upscale Faraday cages. (Score:2)
The more ostentatious, the better. It should be about the size and beauty of a fine humidor. Some would be gold, silver or platinum plated. But, you could also have ones that appeared to be mahogany, rosewood or teak. Market it as "The Privacy Box", or perhaps just pBox. You pitch it as a critical accessory for the upwardly mobile. When you absolutely need privacy, just put the phone in the "Pbox".
E
Re: (Score:2)
and fleeing prosecution to "frenemy" nations made you a genius security researcher as well. Maybe there's some kind of cause-effect relationship there that I don't understand. I look forward to Edward Snowden's future cure for cancer because apparently he is some kind of super genius who can achieve anything he wants.
Do you suppose he snatched all that intel and escaped unnoticed to Hong Kong using magic pixie dust?
Re: (Score:3)
NSA whistleblower Edward Snowden
s/b
USA national hero Edward Snowden
FTFY