Turns
out the Octopus, a reference to the NSA (National Security Agency) and the CIA
(Central Intelligence Agency), may have some seriously powerful communications
intercept capabilities.
For
one, the NSA can remotely shut down your smartphone and use it to spy on you, according
to ex-CIA and NSA contractor Edward Snowden as revealed in the article “How
the NSA can 'turn on' your phone remotely”, published June 6 2014 By Jose
Pagliery, CNN Money.
So
how can the NSA do this? Well, you know it’s all about that Baseband Processor.
Baseband Processor hack
by NSA - How the NSA can remotely turn on your cellphone to spy on you
Apparently
the hack relates to your baseband Processor in your smartphone, the secondary
DSP (Digital Signal Processor) that handles communication to the Cell Tower for
the Telecom Provider that your cellphone belong as noted in the article “Can
the NSA Remotely Turn On Your Mobile Phone?”, published MAY 30, 2014 12:36
PM ET BY JILL SCHARR, Discovery News.
The
other processor in your Smartphone actually controls the smartphone functionality
and mainly runs the OS and Apps; that goes off when you press the power button.
However, the Baseband Processor stays on, patiently listening out for commands
from the cell towers for you Telecom Providers. It is this fact about the
baseband Processor that is the basis for this hack which the CIA and NSA has
had the capability to do since 2004.
The
CIA (really the NSA) can use a femtocell or attocell in a hack similar to the
Baseband Hack used to gain access to a Blackberry as described in my blog article entitled
“How
to Hack ANY Blackberry or Smartphone - SGP Technologies survived in the Lion’s
Den as Blackphone Hack was cover for Blackberry Baseband Hack”.
The
NSA basically mimics a cell tower and your smartphone connects to that
femtocell or attocell. It then sends instructions to your cellphone to shutdown
but leave the microphone, camera or even the GPS running. This would allow the
NSA or CIA to track your location as well as keep listening to you and watching
you via your smartphone's camera.
However
it isn't totally foolproof. According to chief technology officer of the NSS
Labs security John Pirc, a cyberscurity research firm, the hacking method has a
warm giveaway, quote: “The only way you can tell is if your phone feels warm
when it's turned off. That means the baseband processor is still running”.
Malicious Apps to track
you – Trojan Viruses, Malicious updates make Apps into Remote Access Spies
Still,
there are better ways to track someone smartphones.
For
one, the hacker can use a malicious App with a Trojan Virus that can not only
track you but give them the option to remotely control your smartphone, as
described in my Geezam blog article
entitled “Google
Play Store Apps with AdWare threat to Android Security”.
Then
there is malicious App updates that exploit weaknesses in the API (Application
Interface) for older versions of Google Android smartphones as noted in my Geezam blog article entitled “Android
Browser Security unfixed as Google wants you to Upgrade to Lollipop”.
The
hacker can create malicious updates and place them on a server mimicking your App’s server. Then when your App accesses the server to download the latest
update, it will install on the phone and modify the App, giving the hacker access
to your smartphone.
This
is similar to how one can hack an Internet connected car via the Vehicle Entertainment
System which in most model cars is connected to the computer that control the
brakes and engine as described in my blog article
entitled “Automotive
Security Researchers tell CNN Money Vehicles are hackable - How Vehicle
Entertainment Systems are hacked”
Then
there is always the alternative of using a malicious App to steal information from
another App, as they all share and run in the same memory area on your
smartphone as stated in “Sneak
Attack: Android Apps Can Spy on Each Other”, published 21.08.2014 by NBCNews.
This was based on the
research of Qian and Qi Alfred Chen and Z. Morley Mao of the University of
Michigan who had presented their findings at the USENIX Security Symposium in
San Diego on Friday August 22nd 2014
in their paper entitled “Peeking
into Your App Without Actually Seeing It: UI State Inference and Novel Android
Attacks”.
Finally,
they might not even need to get inside of your phone at all; Researchers at
Stanford University and Israel’s defense research group Rafael have discovered that
it’s possible to track a cellphone using just the power levels as described in
the article “SPIES CAN TRACK
YOU JUST BY WATCHING YOUR PHONE’S POWER USE”, published 02.19.15 by ANDY
GREENBERG, Wired.
Their
technique, called PowerSpy, allows them to determine your location over a
period of time using an App installed on the Smartphone that tracks your power
usage from the Baseband Processor and thus determine which cell tower your connecting
to and your relative distance and angular orientation based on what sector of the
cell tower your smartphone is connecting.
Defense against the
Dark Arts – what to do to stop Malicious Apps spying on your smartphone
The
best way to stop Baseband Processor hacks is to really shut down the smartphone
by doing a battery pull. Not really possible as most Smartphone no longer allow
you to remove the battery in order to make the battery bigger, this is no longer
an option, even if you don't own an Apple iPhone.
Other
than that, the other options include placing your smartphone into Recovery Mode
or spending a lot of money on signal blocking smartphone cases.
I
recommend to not worry about this; the NSA and CIA are really hunting
terrorists. To gain FULL control of your Smartphone, they're also have to
install a malicious app on your smartphone to remotely control it from the
outside.
So
be careful of the Apps that you download and install, as some of the more innocent
ones are giving away your GPS location, which you can of course disable by following
the instructions in my blog article
entitled “The
Reason why I don't like Smartphones - Location Privacy and How to disable
Location Services on Android and iOS”.
Plus,
it's really the FBI you should be scared of if you're an American, as they are
more likely to hack the smartphones of civilians!
No comments:
Post a Comment
Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.