The NSA can tap into Android systems

31 replies [Last post]
Fernando_Negro
Offline
Joined: 06/17/2012

The *NSA can tap into Android systems(!)* (and also other, non-Linux, mobile devices).

There's an initial report here: http://rt.com/news/nsa-smart-phones-spying-563/

And, I'll probably post some more links about the Android part (that most interests me) once I find some more information about this.

In the meantime, everyone else feel free to add more information about this...

andrew
Offline
Joined: 04/19/2012

On 08/09/13 12:30, Fernando Negro wrote:
> The *NSA can tap into Android systems(!)* (and also other,
> non-Linux, mobile devices).
>
> There's an initial report here:
> http://rt.com/news/nsa-smart-phones-spying-563/
>
> And, I'll probably post some more links about the Android part (that
> most interests me) once I find some more information about this.
>
> In the meantime, everyone else feel free to add more information
> about this...

Also, firmware is a major problem. For example, this appears to be the
problem here:

http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/

Contact lists, SMS traffic etc. isn't really surprising. To my
knowledge, anything on the SIM card is up for grabs on most mobile phones.

I was rather intrigued when my father told me he did a complete SIM
backup of my brick/dumbphone across the internet, without my knowledge
(my parents have the password, since they set it up) and while my phone
was off. Apparently the backup feature was advertised as being useful
for backing up contacts etc. I'm guessing my provider must somehow get a
copy of it when I turn on my phone and store it.

It wasn't really too worrying for me, because I take the battery out of
it when I'm not using it (and I only turn it on 1-2 times per week to
check for messages).

Chris

I am a member!

Offline
Joined: 04/23/2011

What phone do you use? Does it run Replicant?

I'd be curious as to how that works. Where is the code for that? Is it in the modem firmware or part of the OS firmware?

andrew
Offline
Joined: 04/19/2012

On 08/09/13 15:57, Chris wrote:
> What phone do you use? Does it run Replicant?
>
> I'd be curious as to how that works. Where is the code for that? Is
> it in the modem firmware or part of the OS firmware?

It's not Replicant, or even a smartphone. It's an ancient Nokia phone,
actually.

I'm not really sure if the SIM card is handled by the firmware or OS.
Any mobile phone experts here? :-)

Andrew.

dudeski

I am a member!

Offline
Joined: 07/03/2013

SIM card is handled by the modem firmware. So far as the OS is concerned it's a black box circuit.
At least that's my understanding of it.. =x

dudeski

I am a member!

Offline
Joined: 07/03/2013

...The SIM card? Since when was any of that on the SIM card.. To my recollection phones starting using their internal memory around ten years ago. So unless you have a Nokia 1610... ..In which case, I salute you, that was a great phone for bludgeoning people.. =x

Obiously anything that goes through the carrier is automatically up for grabs.

Lots of carriers offer contact backup, usually through SyncML or some other simple sync protocol. Although as far as I know, no phone these days uses the SIM card to store contacts.

andrew
Offline
Joined: 04/19/2012

On 08/09/13 20:01, erikthorsen wrote:
> ...The SIM card? Since when was any of that on the SIM card.. To my
> recollection phones starting using their internal memory around ten
> years ago. So unless you have a Nokia 1610... ..In which case, I
> salute you, that was a great phone for bludgeoning people.. =x
>
> Obiously anything that goes through the carrier is automatically up
> for grabs.

Is all of the SIM card supposed to go through the carrier?

>
> Lots of carriers offer contact backup, usually through SyncML or
> some other simple sync protocol. Although as far as I know, no phone
> these days uses the SIM card to store contacts.

It's a Nokia 1208 which was apparently released in 2007. I recall
switching the SIM card into another phone one time and the contacts were
immediately available on it. When my sister got her new phone her
contacts were definitely available straight away as well. I'll have to
try it again sometime.

Also some interesting stuff on the subject at Wikipedia (but I don't
think it really answers any of these questions):
https://en.wikipedia.org/wiki/Subscriber_identity_module

Andrew.

dudeski

I am a member!

Offline
Joined: 07/03/2013

Hmm.. Maybe I should have said any modern phone. x)
Suppose those dirt cheap plastic nokias might still use the SIM card for contacts. And it would be fair to assume the carriers could get hold of that.

Chris

I am a member!

Offline
Joined: 04/23/2011

This shouldn't come as a surprise to anyone for a number of reasons. First off the encryption used in GSM phones was broken long ago. Now that in and of itself doesn't mean they have access to the phone itself.

Here is one article from 2009 on it:

http://www.pcworld.com/article/185552/GSM_Encryption_Cracked_Showing_Its_Age.html

The next issue is that we don't know what is in the modem firmware. It's proprietary. We can assume it does more although already know that by design it makes your phone a tracking device.

RMS is always talking about it, in part, because he is a rarity today in that he does not carry a cell phone:

http://stallman.org/rms-lifestyle.html

Next we have people from the Replicant project (whom have created a free software version of Android) stating that modems (in many cases at least) can access your data:

http://replicant.us/2012/04/nexus-sgalaxy-s-privacy-issues/

It is pretty apparent how remote access to these devices can be achieved. A remote firmware or modem firmware update can be sent with the help of a phone company or possibly by becoming a fake phone company (you might need a signature from somebody or the phone may reject the update). Even if you can prevent the firmware from being updated normally a modem firmware update is likely going to be able to do anything it wants as far as spying on you goes (that is your data, as it already spys on you as far as your location, etc is concerned, and possibly as a listening device too).

dudeski

I am a member!

Offline
Joined: 07/03/2013

Well, it IS ancient encryption designed for low-power devices with almost no resources, that's true legacy software for you. =p

If by "tracking device" you mean that it connects to cell towers and thus inherently gives away your rough position.. Eh... Yeah? That's how phones work. As for backdoors, yes, there probably are some, at least it has been vaguely documented in earlier years.

So essentially.. If I mighty paraphrase here. No real point in running Replicant, you're screwed by default regardless, might as well enjoy all them cool games and stuff on them cool app stores.

..What? If you're gonna get tracked like a dog anyway, might as well get some amusement out of it. x)

andrew
Offline
Joined: 04/19/2012

On 08/09/13 20:10, erikthorsen wrote:
> So essentially.. If I mighty paraphrase here. No real point in
> running Replicant, you're screwed by default regardless, might as
> well enjoy all them cool games and stuff on them cool app stores.

Well for a while I was thinking that it might be possible to power down
the modem part of the mobile phone to prevent that sort of tracking.
Like computers, mobile phones (or at least some) do that for other types
of hardware, such as Wi-Fi, when not in use.

I asked at the Replicant forums, and this is not something that
Replicant can do at the moment. So basically yes, if you carry a mobile
phone with the battery in then you're probably screwed.

So I'll just keep carrying around my phone with the battery out, as it
is easy to take out and put back in. Not sure if that's the case for
smartphones. Maybe this will be my last mobile phone then.

Amdrew.

Fernando_Negro
Offline
Joined: 06/17/2012

I know of at least one modern-day smartphone (that is considered one of the best around, and that uses Android), that lets you (easily) take off the battery, like with an old-day mobile phone: http://www.youtube.com/watch?v=xBIEkbjs8Ms

It has a pretty good price/quality relationship. And, because of that option (of letting us take off the battery, when we don't want to be tracked and listened to), I've even considered buying one, myself.

But, with cameras on the front and the back (and me not knowing if someone might be taking a peek), it's too much for me... ;)

dudeski

I am a member!

Offline
Joined: 07/03/2013

Well you know, the North Koreans have a completely connectivity-free android tablet. Maybe you should look into that.

jxself
Offline
Joined: 09/13/2010

> If by "tracking device" you mean that it connects to cell towers and thus
> inherently gives away your rough position

Your knowledge is a bit dated. E911 has been mandated for a number of years. Your location can be pinpointed with far greater accuracy, usually to within a few feet.

jxself
Offline
Joined: 09/13/2010

I should tack on: And based on the demand of the carrier. Ostensibly so that your location can be provided to a 911 operator but it doesn't really have to be limited to just that, since the infrastructure is in place regardless.

dudeski

I am a member!

Offline
Joined: 07/03/2013

So? If we're talking only about what things are SUPPOSED to do I see nothing wrong with getting a GPS lock when someone calls 911.
Ofc, if we're talking remote backdoors, obviously they're gonna have location access... Not entirely sure I see what your point is here?

muhammed
Offline
Joined: 04/13/2013

I would be happy for 911 operators to have access to my GPS location info, for 911 responders. Especially if the phone informs the user, and asks for consent, as part of phone's set-up process.

I don't know much about this topic so please correct me if I've misunderstood.

Companies like Apple an Google keep a running log of their phones' GPS location info. They do this without informing users, and without asking for cosnent. This sounds like an extended (or maybe even complete) record, and not just recent data that might be useful for 911 responders.

http://news.cnet.com/8301-31921_3-20056344-281.html

It sounds helpful for law enforcement because police don't need to suspect a person immediaetly after an offense happens. Even if they suspect someone months or maybe years later, they can ask Apple/Google/MS(?) for his GPS logs.

I have to think about how not informing the user about GPS logging compares to store surveillance cameras, how it affects the accused's right not to incriminate himself, and maybe a few other things. Any thoughts?

Fernando_Negro
Offline
Joined: 06/17/2012

I respond to that with something that Richard Stallman said in one of his great lectures.

"The threat of non-democratic government is far more dangerous than any of the threats that they /claim/ to be trying to protect us from, with the surveillance."
--- (@10m18s) http://vimeo.com/28195912

To give such an immense surveillance capability to corporations and governments is an *immense* risk that you're taking...

Imagine that those same corporations and governments are (behind the scenes) dangerous criminal organizations... Would you want the world's most powerful and dangerous criminal organizations to know were you are, all the time?

(Concerning the West... What I've said, is no mere hypotheses. It's something that I know for a fact to be true, after investigating such organizations - http://www.prisonplanet.com/articles/may2008/050108_elitist_blueprint.htm)

Imagine also, that (as it happened, several times, before, in the West) the democracies we have turn into dictatorships... How would you, then, prevent the newly-installed dictators from accessing your personal data?

(What I've said, is also something that I know, for a fact, that is in the plans of some of the world's governments and corporations - http://www.prisonplanet.com/financial-times-editorial-admits-agenda-for-dictatorial-world-government.html)

If it was something that a person would *choose*, and something that would *only* be used by emergency services, that would be one thing... But, as we all know, that's not the case for any of these two factors...

And, with the kind of society that we have, nowadays... Even if that was the agreement... As closed to the public as corporations and governments are, how would you know if they were telling you the truth?

(Don't the Snowden revelations prove that the "privacy agreements" that people have with corporations are just a joke?)

Fernando_Negro
Offline
Joined: 06/17/2012

You might want to hear the whole (great) lecture, that I mentioned, given by Richard Stallman:

http://vimeo.com/28195912

jxself
Offline
Joined: 09/13/2010

> Not entirely sure I see what your point is here?

That the information you were presenting:

> If by "tracking device" you mean that it connects to cell towers and thus
> inherently gives away your rough position.. Eh... Yeah? That's how phones work.

Was trying to downplay it. It's far more accurate.

jxself
Offline
Joined: 09/13/2010

> I see nothing wrong with getting a GPS lock when someone calls 911.

The point I was trying to make it that said GPS lock can be obtained on command of the carrier at any time and for any reason. It's not as you were presenting/downplaying as connecting to cell sites "and thus inherently gives away your ***rough*** position." There is nothing rough about it.

Fernando_Negro
Offline
Joined: 06/17/2012

(Responding to both andrew's and Chris' comments above...)

The phone companies can access people's mobile phones, even when they are (apparently) turned off, and turn on the microphone in it, at least (and, therefore, turn them into listening devices). (Besides the fact that every mobile phone is a tracking device, as everyone already knows.)

http://www.youtube.com/watch?v=0G1fNjK9SXg

Of this, I already knew, for many years. And I've always suspected that it must be some parallel circuits that are built into mobile phones, that bypass the normal circuits.

(And, from what I know, I've always assumed that the phones are built in a way that lets the companies remotely read a person's SIM card, also.)

But, from what I read now (about accessing "notes" and "data", and running "scripts" on iPhones) it seems that they can access the drives(?) of modern-day smartphones also(?)*. And, if that's the case, I suspect it must have to be done with the help of some *firmware*.

And it's the latter part that I'm most interested in. Because, if that's the case, it's a very good example of what happens when you start adding proprietary firmware/blobs (to Linux)... It compromises the security of the equipment.

Anyway... We'll have to wait for the details. The original source (http://www.spiegel.de/international/world/a-920971.html) says: "Visit SPIEGEL ONLINE International on Monday for the full article."

---
* (I've never used a smartphone, so I don't know if one can keep "notes" and "data" on a SIM card, and run "scripts" on them(?)...)

andrew
Offline
Joined: 04/19/2012

On 09/09/13 00:57, Fernando Negro wrote:
> (Responding to both andrew's and Chris' comments above...)
>
> The phone companies can access people's mobile phones, even when
> they are (apparently) turned off, and turn on the microphone in it,
> at least (and, therefore, turn them into listening devices). (Besides
> the fact that every mobile phone is a tracking device, as everyone
> already knows.)
>
> http://www.youtube.com/watch?v=0G1fNjK9SXg

Indeed. I think that must be related to this news story from 2006:
http://news.cnet.com/2100-1029-6140191.html

Evidence of this has been around for at least a decade.

> I know of at least one modern-day smartphone (that is considered one
> of the best around, and that uses Android), that lets you (easily)
> take off the battery, like with an old-day mobile phone:
> http://www.youtube.com/watch?v=xBIEkbjs8Ms

Interesting, thanks for the link. Maybe when my dumbphone dies I'll
consider getting one of those, keeping in mind the camera problem. I
guess I could always cover up the cameras with a sticker, but that might
make me look paranoid. :-)

Andrew.

Fernando_Negro
Offline
Joined: 06/17/2012

That's one thing I also thought of, when considering buying the PMP equivalent (smartphone without the "phone" part) of this model - covering the cameras with dark and thick stickers, or with something I could easily remove, when I wanted to.

I've even considered opening the phone and removing the cameras completely. (And you can find, on the web, disassembly instructions for this specific model...)

But, to spend that much money, to then remove components... I didn't think it was worth it. (So, I've decided to keep my old PMP device instead...)

(Who cares what other - ignorant and alienated - people think?) ;)

If your future problem is the phone's battery, and it's a recent enough model, you may still find compatible batteries (of the same family)...

Fernando_Negro
Offline
Joined: 06/17/2012

(And, because I know that some people who come here are involved in activist collectives...)

In case you're wondering, the authorities and secret services *do* listen to conversations held near activists' cell phones (who are not even being investigated for any crimes).

That's even how I first learned about this possibility. (After hearing about the consequences of this.)

And why I researched about this, and found evidences - already, 10 years ago - that corroborate what's said in the YouTube video I linked to.

Chris

I am a member!

Offline
Joined: 04/23/2011

It may be possible to remotely turn the phone on via the modem. However, if the modem is actually in an off-state (which is what I'm talking about) it shouldn't be possible to turn on remotely.

If the modem is on I'd agree with you in that it can access CPU, memory, etc most likely. From what I have read though it appears to differ from phone to phone and there is a possibility that with the right phone it may be possible to prevent a phone's modem from accessing the memory / CPU.

I have inquired before and been told it isn't possible to do what I'm imagining. However I believe that was a slightly different idea in that you would have a one-way receiver to inform you of incoming calls at which point you could connect to the network and pick up or not. I realize that idea would have required a system where there was a server which took the actual call, told the person on the other end that the person was trying to be reached, and then have had the cellular user receive a one way page, with the question “should I connect to the network, (would then identify ones location), and then dial the phone number of the server”. That appears to not be feasible because of the way all technology works. There is no such thing as a one-way receiver. Apparently pagers were always two way technically or the ones which were no longer work (since the move to digital).

However I'm not firmly convinced something couldn't be done. I suspect it may simply require a lot more investigation and time and somebody whom truly understands what the objectives are.

The objective are not to eliminate the ability of providers to track users at all. The goal is to make detailed tracking much more difficult.

If the modem on/off thing is possible and the separation of CPU/memory from the modem's memory/CPU then you could possibly prevent the modem from spying on the user. You'd still be locatable at any point in which the modem was on. However if you only turn the modem on at certain intervals and pull email it would not be possible to get a detailed map of the location of an individual at any given time, unless it was constantly being turned on/off (defeating the purpose of the on/off feature). However you could simply use the device over wireless first, and then via a GSM modem (data), and if the phone is not attached to you (as in registered with the phone company using a real name/address/etc), via Tor, thus preventing the phone company from knowing who you are. They would only know where you are when you allow them to discover your location (ie you tell your phone to turn the modem on and check your email, and you'd never be able to use it for voice in this scenario). So ideally you would never check your mail from the same place twice. And such a system would not work well (or at all) with voice. Well, it might, but that would be a lot trickier. It would probably require a custom version of Tor that had its own high speed onion network that was run off only high speed nodes with unusually low latency to one another.

A purposely designed low latency network of nodes using multiple paid parties might actually work for voice. The problem with Tor as it is is that it explicitly uses nodes around the world and given the speed of light results in significant increased latency. Using low latency connections would probably further reduce the benefits of such a network (where the network's goal is to keep users anonymous). If you restrict it to low latency connections it would probably result in only using nodes in the United States and assuming an all powerful government can tap every connection in the United States the network would fail to keep its users anonymous. However- I don't know for a fact if there are low latency connections between major points in different regions. If there are the idea might still work.

Fernando_Negro
Offline
Joined: 06/17/2012

Well... The "Der Spiegel" article has already been translated, but it doesn't go into details, concerning Android devices...

(http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html)

The closest thing they talk about, is iOS devices. And, concerning those, I read:

"One of the US agents' tools is the use of backup files established by smartphones.", and

"The department merely needs to infiltrate the target's computer, with which the smartphone is synchronized, in advance."

So, I can't know if they're (also) able to get *inside* the iPhones, and the likes, themselves (that is, the data drives - and through the mobile network) - or not.

Do Android devices also "synchronize" with other computers?

(If anyone can make a better analysis, go ahead...)

One most interesting paragraph in the article:

"In three consecutive transparencies, the authors of the presentation draw a comparison with '1984,' George Orwell's classic novel about a surveillance state, revealing the agency's current view of smartphones and their users. 'Who knew in 1984 that this would be Big Brother...' the authors ask, in reference to a photo of Apple co-founder Steve Jobs. And commenting on photos of enthusiastic Apple customers and iPhone users, the NSA writes: '...and the zombies would be paying customers?'"

(I just /love it/, when I have proofs of what these people think of us...)

Fernando_Negro
Offline
Joined: 06/17/2012

For everyone to "connect the dots" as they see fit:

(from the mentioned article)

"the NSA writes: '...and the zombies would be paying customers?'"

(from TheFreeDictionary.com)

zom·bie (n.) one who looks or behaves like an automaton

an·droid (n.) an automaton in the form of a human being

(from Wikipedia)

Android (operating system) - initially developed by Android, Inc., which Google backed financially and later bought in 2005

(from an alternative media website)

http://www.infowars.com/group-calls-for-hearings-into-googles-ties-to-cia-and-nsa/

Fernando_Negro
Offline
Joined: 06/17/2012
Armworm
Offline
Joined: 01/23/2013

I'm using Replicant on my phone. Since GPS doesn't work under that OS, am I traceable?

lembas
Offline
Joined: 05/13/2010

Unfortunately you still definitely are.

https://en.wikipedia.org/wiki/Mobile_phone_tracking

Fernando_Negro
Offline
Joined: 06/17/2012

Even if you used a first generation (brick) cell phone, you would be traceable...

https://trisquel.info/en/forum/phone-without-gps#comment-42705