Spying on a smartphone remotely by the authorities: feasibility and operation(security.stackexchange.com) |
Spying on a smartphone remotely by the authorities: feasibility and operation(security.stackexchange.com) |
Say, a transcribed text of a conversation, for example's sake.
Is there a way to set up a phone so that typing a "special" password puts the phone in an alternate state with different apps and content, etc. (and possibly erase the regular content)?
- Investigators are not going to be typing your password into the running original device, they're going to be trying it against an offline clone of the encrypted storage. All that will happen is the decryption won't succeed and they'll tell you that it was the incorrect password and continue holding you until you give it up.
- This is hardly unique to France, US courts have jailed suspects for refusing to provide passwords in numerous cases. https://arstechnica.com/tech-policy/2017/03/man-jailed-indef...
Oh no, absolutely not. We're not talking about "investigators" here, just random cops in a random precinct who have zero infrastructure, zero knowledge about anything, and aren't pursuing any serious "investigation".
They will absolutely type your password into the running device. They're doing this all the time.
https://cdn.arstechnica.net/wp-content/uploads/2017/03/rawls...
I'll remind you that on previous MacOS versions (8 years ago?) researchers had discovered that the Mac laptop's integrated webcam could be turned on without the green LED turning on. So basically: the webcam turning on without the user knowing it. And way weirder: some random company somehow had the rights to sign code using that "feature".
The story got pretty much killed.
I'm sure if some digging had been done, you'd have found some three letter agency behind the shell company enjoying the very strange right to turn the webcam on on MacOS devices without the LED turning on.
For everybody out there: rest assured though, Apple are the good guys and there's no way they have the ability to turn on the webcam of your Mac laptop today without you knowing about it. [1]
[1] yes, this is sarcasm
> French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.
https://www.lemonde.fr/en/france/article/2023/07/06/france-s...
Why would anyone stir up the civil libertarians if the thing you are making legal is not possible?
Even if warrants are initially mandated for a specific search, couldn’t this erode into, ‘it’s just a quick scan’?
What if it’s ‘useful’ to ‘quick scan’ their own President? ‘Confirming their security’.
Could this evolve into a subtle shift in the balance of power? In other words, a political crisis?
Where the intelligence agencies have informational advantages over any elected office.
From information into knowledge, you could easily have behind the scenes figures who have unmatchable insight and ability to coordinate.
Suddenly every target has value…
This is a question with one short answer (at the time of my comment). It's hard to imagine why it made the top on its own merits.
I don't care much about Karma. I posted this specific topic since I find it kind of hilarious that police should now lawfully be able to do something they are almost surely not able to do. And I enjoy discussions to such topics here on HN, because most of the time the viewpoints mentioned here are at least of the same quality of the answers on stackexchange.
If it had a discussion or even a good answer, it would have made perfect sense.
I assumed the goal would be stack overflow karma, as that's actually valuable.
Do you know what other hardware your baseband processor has the ability to inspect?
Would the cell phone manufacturers (Apple, Samsung, Motorola, Nokia, Xiaomi, etc) say no when faced with the possibility of losing market share in France. Because of a law pushed through under the cover of security. Many a liberties have slipped under that blanket cover called security.
I think they will put in this feature if it's not already there.
If a foreign country wants to do it to someone on foreign soil (like the saudis to bezos did [1]) they exploit some vulnerability brought on the free market (like the whatsapp/video message exploit chain the saudis used, or exploits like the NSO zero-click iMessage exploit [2]).
If a foreign country wants to spy on its own citizens who protest the government, they could just use the local phone carriers capability to silently ping, update firmware or change system settings remotely, those are intentionally part of the mobile standards (including intentionally weak encryption) so governments can spy on its people.
[1] https://www.wired.com/story/bezos-phone-hack-mbs-saudi-arabi... [2] https://www.wired.com/story/apple-imessage-zero-click-hacks/
That probably doesn't surprise others. What isn't as known is that the government also intrudes into chats with other people on social media.
They don't just monitor, but actively interfere.
Edit: By the way, Nokias and other dumbphones (without physical off-switches -- the PinePhone has them, but good luck getting one) can also get their mic and GPS remotely activated. The partial solution is to get one with a removable battery and remove the battery whenever not in use.
iPhones can be hacked into through IMEI if you connect them, but are useful, encrypted offline-only PDAs if you don't install any app.
Also, if your electronics are being spied on by the government to this degree, chances are you are also being physically monitored.
https://www.lemonde.fr/en/france/article/2023/07/06/france-s...
I'm not french myself, so take it with a grain of salt.
Here's a link to Wikipedia's article on the leaks: https://en.wikipedia.org/wiki/Vault_7
The only one that mentions televisions is Weeping Angel (cool name) which attacks Samsung F Series Smart Televisions. Likely they can indeed target other devices but I'm not sure I'd go as far as saying that Vault 7 shows that they can target "virtually all smart devices".
Or am I missing something? Can anyone provide more concrete evidence?
That's what I love about HN and Reddit, and similar websites: All the helpful counterpoint, especially when someone criticizes the intelligence community. Thank you so much!
BUT sophisticated attackers like US or Israeli governments (and I assume Russian or Chinese but I don’t have direct experience with these) don’t need these backdoors, getting anywhere near your phone is enough to root it to allow installation of spyware, according to my CSO who worked in naval intelligence. There are simply too many vulnerabilities for there to be a hardened device in the consumer space. Some are better than others (Apple) but as Bruce Schneier says, if you are worried about this sort of thing you really have to be totally disconnected from the internet and exchange encrypted physical media.
Open basebands are not something we're anywhere close to having though, for many reasons.
One doesn't need to do any shady stuff with baseband or stockpile on zero day vulns.
The current mobile ecosystem is such that any supported device (recieving updates and such) sends its unique identifier to the manufacturer before recieving OTA updates. And devices by default check for updates on a regular bases. Basically the manufacturer can always target and track individual devices. And provision indivisualised signed updates. Not just at the country level but targeted to specific IMEI.
Coming to more concrete examples, Google is known to do AB testing with their Pixel line of devices, setting custom profiles for some users.
Xiomi had previously shown capability to actively disable devices that move outside of legal sale regions.
Samsung uses such capabilities for enterprise devices in Samsung's Enterprise/Knox platform. And consumer devices can be thought of as enterprise devices under the manufacturers domain.
---
So the government only simply needs to send these companies warrants to target, bug and track specific devices or registered customers.
Online platforms are already subjected to data requests from law enforcement which they must conform to (atleast those with supporting warrant).
Some try to recuse themselves from such compelled intrusion of their customers by employing end to end encryption (e2ee).
With this provision and manufacturer cooperation, they could get direct full control of the ends (personal devices). Obviating the need to "break" encryption.
Why deal with a dizzying cloud of services in wide range of jurisdictions when you can have full access to citizen devices with cooperation of a handful of manufacturers.
In summary, this is not just feasible, the elements for an organised remote control system are already present in current smartphone ecosystem. In form of signed updates by manufacturers that can target particular IMEI devices. One just needs this law to wade through the legality issues.
A solution to avoid such sweeping surveillance capability would be to convince manufacturers to not receive identifiable data before provisioning updates. And have a public ledger of officially signed image hashes, like those of of domain certificate transparency lists.
I know it is a valid threat, but even in the cases that set this precedent there was a team of 140 and they did not leverage a baseband exploit.
Another means: is it really infeasible for a nation state to intercept and modify devices that are being sent to a specific country/person?
Source: I was once a CALEA programmer.
Anyone who says otherwise is an idiot, a liar, or both.
Web sites that are frequently referenced are forced to censor the truth.
You can use any unlocked phone with any operator (assuming it can connect to EU cellular networks of course). Nothing in particular to do, just put in the SIM and it works.
I've never bought a phone from an operator, but I think it's also possible to switch operators without switching phones quite easily, no software update required.
This may no longer be the case right now as the primacy of the CPU has become increasingly obvious, but it should still be the default assumption since having the baseband in control lowers costs to the chip manufacturer which is their lifeblood.
An Ask HN with the same kind of question could have reached the front page.
Fundamentally you can't have a key and the data inside the same physical box and expect encryption to remain intact. Enclaves are just security through obscurity on steroids.
- Year 1: Terrorists.
- Year 2: Powerful gang leaders and drug kingpins
- Year 3: Run-of-the-mill murderers and kiddy diddlers
- Year 4: Deadbeat dads and unpaid parking tickets
- Year 5: Suspects who have encountered police and been released without being charged with a crime
Prime example: Civil forfeiture in the US. Was originally supposed to only be used on the worst of the worst drug cartel types, nowadays they'll use it to confiscate the life savings of some random black kid.
"That government governs best that governs least." You know, those limited government folks might be on to something...nah, they're all crypto grifters and crazy right wingers [/s]
I don't know what argument you're trying to make. Governments will research 0days because other governments are doing it, and it's best if you find them first and work out a defense. You know, in case you want to mess with someone's nuclear centrifuges and to avoid having yours screwed with.
Do you think that it should not be legal for the government to investigate a crime?
The system is made up of people, some of them may abuse their access. Other laws, in theory, will hold them to account.
In theory. The crux of the matter is whether there is significant abuse or not, and how well it is handled once uncovered. Based on history (PRISM, Five Eyes, etc.), I'm not at all optimistic.
If ((Assume it's stupidity) == (discount/ignore the risk)), then assuming it's stupidity is never the safer assumption, even if it's empirically more likely to be the correct assumption, no?
All boils down to an individual's threat model at the end of the day anyway, though.
Qualcomm SMMU: https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets...
Apple: https://support.apple.com/lt-lt/guide/security/seca4960c2b5/...
Samsung (vuln indicating it wasn’t configured correctly, but they still do have and use an IOMMU): https://nvd.nist.gov/vuln/detail/CVE-2022-39854
The main CPU/application processor/main CPU might be running better secured Unix/Linux and might be able to protect itself from peripheral CPUs, but that's not the point; a phone had always been a pair (minimum) of computers, traditionally referred to as Application Processor(AP) and Baseband Processor(BP), of only the slightly faster one is exposed to the user, and it's unclear what is going on inside the other one or how to handle it. That's the problem.
Encryption only helps if the endpoints that can get access to the plaintext are not compromised.
But yes, it is an interesting proposal (perspective) to "resist from tempting explanation and picking the less attractive first" - just like the grit in delayed gratification.
I’ve done this many times so I know how long it takes to power on my phone to a “usable” state on my iphone and android.
I can’t take my phone inside where I work and they have mobile phone detectors which set off alarms if you bring one near any door or the inner facility fence. I put my phones inside a foil cooler bag with ice packs so they won’t overheat inside the car.
My guess is that there was a cell site simulator and it was setup to take over any phone which comes in the area. I got the same result with my android and iphone. Phone boots, weird hang where all indicators appear but I cannot interact with the phone. Wait at least one minute then I can use the phone.
I think this is why governments don’t like China developed 5G technology. It doesn’t have their default back doors.
But it is also not evidence of the thing for which there is absence of evidence.
EDIT:
> especially when searching for evidence left behind by competent adversaries (e.g. NSA, GCHQ, etc) who have a strong motivation to remain undetected.
No, there is no “especially”; absence of evidence means no basis for any affirmative belief, period, equally for any fact proposition. Arguing for “especially... ” is exactly arguing for a case where absence of evidence is evidence for the thing for which there is an absence of evidence.
In risk management, you shouldn't ignore known unknowns like that, you should either adapt your threat model or risk accept, not simply consider that risk nonexistent until proven.
Why would you think that a bunch of people volunteering their time would be more motivated to look for security issues and even those that are found, how many would be disclosed responsibly instead of being sold to places like Pegasus?
• See the first half of my second sentence.
>Why would you think that a bunch of people volunteering their time would be more motivated to look for security issues
• So they're not harmed by the vulnerabilities. I'm on a big tech red team. I routinely look for (and report) vulns in open source software that I use - for my own selfish benefit.
>and even those that are found, how many would be disclosed responsibly instead of being sold to places like Pegasus?
• Not all of them, that's a fair point. But I'd rather have the ability to look for them in source than need to look for them in assembly.
• Keep in mind that the alternative you're proposing (that proprietary code can be more trustworthy than open source code) is pretty much immediately undermined by the fact that the entities who produce proprietary code are known to actively cooperate and collaborate with the adversary - look no further than PRISM for an example. Microsoft, for instance, didn't reluctantly accept - they were the first ones on board and had fully integrated years before the second service provider to join (yahoo, iirc).
• If you want to start a leaderboard for "most prolific distributor of vulnerable code", let's see how the Linux project stacks up against Adobe and Microsoft. I wouldn't even need to research that one to place a financial bet against "team proprietary".
I don't. I trust that bad actors are less motivated to insert malicious code, and I trust that transparency enforces good practices. All sufficiently complex code has unintended behavior, what matters to me is how you stop third parties from using my device beyond my control.
> and even those that are found, how many would be disclosed responsibly instead of being sold to places like Pegasus?
What do you think everyone else does with their no-click exploits? Send them to Santa?
Volunteers can make closed source software, massive corporations and governments can make FOSS.
As an aside, I wonder if there's a term for this kind of "nobody says...but some do" thing. Everyone sees their own reality, blah blah. I trust that you're speaking in good faith, but that doesn't account for everyone, and good faith doesn't magically resolve arguments.
Joseph Heller, Catch-22
And while you will often be able to identify «potential malicious incentives», you have to put those possibilities together with the rest of those which can complete the set.
Assessments must be complete.
--
Edit: oh, by the way, importantly: paranoia ("off-thought") means "delusionality", and in that sense the statement «And keeps you away from paranoia» was literal. "Be "cool" and exhaustive in assessment, and you will avoid getting stuck in alluring stories". The half joke was about the current use of the term (in the popular interpretation of the clinical state).
Still people.
> incompetence
It is not a matter of technical preparation.