Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday July 23 2016, @04:49AM   Printer-friendly
from the they-are-always-listening dept.

From an article in the July 21, 2016 Business Insider:

Edward Snowden wants you to know at all times whether the NSA is keeping tabs on your iPhone.

Along with Andrew Huang, his coauthor and fellow hacker, Snowden presented his research on phone "hardware introspection" at MIT [PDF], which aims to give users the ability to see whether their phone is sending out secret signals to an intelligence agency.

In their paper, Snowden and Huang make it clear that what you see on your phone's screen is not always true.

If you turn off Bluetooth or cellular service, the phone's radios and other electronics can still be made to send signals, especially if they are compromised by a sophisticated intelligence agency or hackers. Even airplane mode isn't a defense, since the current version of Apple's iOS still keeps the GPS active while in that state.

"Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive," they write.

So instead of trusting the phone's software to tell the user if something is fishy, the pair proposes something else: A device that plugs into the hardware and constantly scans to see whether is transmitting.

Though they think their research can be applied to just about any phone, for right now they are building a device for the 4.7" Apple iPhone 6.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday July 23 2016, @05:49AM

    by Anonymous Coward on Saturday July 23 2016, @05:49AM (#378937)

    If even the manufacturer cannot be trusted, and the code can't be examined/verified, I fail to see how this could ever work.

    With stuff being compromised all the way down to ( and including ) silicon, its going to be very hard to detect which ones and zeros are legit and which ones are not.

    My take is to forget trying to encrypt beyond the public security provided, as doing so will raise more flags over you than anything else. Use steganography, and use whatever public channels exists. Only you and your communicant will know what to look for and what it means....

    In days past, public kiosks advertising stuff for sale/rooms for rent made pretty good stego exchange sites... as the message you needed to transfer looked to everyone else like an ad. No-one aroused suspicion by posting or removing an ad.

    Ideally, do not even try a private contact if its all that critical.... just the fact you tried to make contact in itself is valuable data.

  • (Score: 0) by Anonymous Coward on Saturday July 23 2016, @08:47AM

    by Anonymous Coward on Saturday July 23 2016, @08:47AM (#378971)

    Don't keep anything on your phone, have an app/rooted phone that supports tethering, and then use your choice of pi-like SBCs with a touchscreen and protected input device (ps2 serial keyboard data over GPIO with encryption, not USB if at all possible) tethered via usb to transmit and recieve protected data. While there is still the threat of your SBC being backdoored, most of them have fewer exploit surfaces, assuming the hardware USB stack isn't backdoored, and the software USB stack is suitably isolated from the rest of the system operations.

    That is the cheapest and fastest way to work around current cell phone security limitations, at least until RISC-V or the Hitachi SuperH clone J-series SoCs take off to replace ARM for 'end-user security' instead of 'security against end users' hardware that currently exists.

    For bonus points, build it into a bracer for that cyberpunk look :)