In early 2012, Marie Colvin, an acclaimed international journalist from New York, entered the besieged city of Homs, Syria, while reporting for London’s Sunday Times. She wrote of a difficult journey involving “a smugglers’ route, which I promised not to reveal, climbing over walls in the dark and slipping into muddy trenches.” Despite the covert approach, Syrian forces still managed to get to Colvin; under orders to “kill any journalist that set foot on Syrian soil,” they bombed the makeshift media center she was working in, killing her and one other journalist and injuring two others.
Syrian forces may have found Colvin by tracing her phone, according to a lawsuit filed by Colvin’s family this month. Syrian military intelligence used “signal interception devices to monitor satellite dish and cellphone communications and trace journalists’ locations,” the suit says.
In dangerous environments like war-torn Syria, smartphones become indispensable tools for journalists, human rights workers, and activists. But at the same time, they become especially potent tracking devices that can put users in mortal danger by leaking their location.
National Security Agency whistleblower Edward Snowden has been working with prominent hardware hacker Andrew “Bunnie” Huang to solve this problem. The pair are developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. They argue that a smartphone’s user interface can’t be relied on to tell you the truth about that state of its radios. Their initial prototyping work uses an iPhone 6.
“We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don’t,” Snowden told me in a video interview. “It’s basically to make the phone work for you, how you want it, when you want it, but only when.”
Huang made a name for himself by using a technique known as reverse engineering to hack into Microsoft’s Xbox and other hardware devices locked down using various forms of encryption, and Snowden said he’s been an invaluable research partner.
“When I worked at the NSA, I worked with some incredibly talented people,” Snowden said, “but I’ve never worked with anybody who had such an incredible outpouring of expertise than I have with Bunnie.”
Snowden and Huang presented their findings in a talk at MIT Media Lab’s Forbidden Research event today and published a detailed paper.
Location Privacy and Smartphones
Smartphones come with a variety of different types of radio transmitters and receivers: cellular modems (for phone calls, SMS messages, and mobile data), wifi, bluetooth, and others. But using any of these radios could leak your physical location to an adversary who is watching the airwaves.
Journalists and activists use their phones to communicate with sources and colleagues, post updates and livestream to social media, and accomplish countless other networked tasks. If they need to keep their location secret, for example in a war zone, they need to turn off all of the radios within their phones. Even so, phones can still be vital tools even when offline; internet access is not needed to take photographs, record video or audio, take notes, use certain maps, or manage schedules.
Snowden and Huang have been researching if it’s possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that “a phone can and will be compromised.” After all, journalists and activists are often under-resourced and face off against well-funded intelligence services. They also, necessarily, use their phones to talk to, and open documents from, a wide variety of sources, leaving them especially vulnerable to targeted phishing, or “spearphishing,” attacks, where an attacker baits a victim into opening an enticing document that actually contains an exploit.
The research is necessary in part because the most common way to try to silence a phone’s radio — turning on airplane mode — can’t be relied on to squelch your phone’s radio traffic. “Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface,” Snowden and Huang explain in their blog post. “Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”
Concept art for the Introspection Engine.
Image: Andrew Huang
Introspection Engine
Since a smartphone can essentially be made to lie about that state of its radios, the goal of Snowden and Huang’s research, according to their post, is to “provide field-ready tools that enable a reporter to observe and investigate the status of the phone’s radios directly and independently of the phone’s native hardware.” In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it’s being dishonest about its radio emissions.
Snowden and Haung are calling this device an “introspection engine” because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to be able to sound an audible alarm and possibly also to come equipped with a “kill switch” that can shut off power to the phone if any radio signals are detected. “The core principle is simple,” they wrote in the blog post. “If the reporter expects radios to be off, alert the user when they are turned on.”
The introspection engine also must fit a number of design goals, including: It should be entirely open source, with open hardware, to make it easy for experts to inspect; it should operate in a separate “security domain” than the phone. Basically, the introspection engine should work even if the phone is hacked and actively lying to you; it should have a simple and intuitive user interface and require no special training to use; it should be usable on a daily basis with minimal impact on workflow.
Introspection engines don’t exist yet, and the research Snowden and Huang presented today is only the beginning. In order to begin work on a prototype, the pair needed to pick a specific model of smartphone to target. They chose the 4.7-inch iPhone 6, based on their understanding of “the current preferences and tastes of reporters.” However, introspection engines could be designed for any model phone.
Jacking Into the iPhone
Huang, an American who currently lives in Singapore, traveled to the metropolis of Shenzhen, China to explore the electronics markets of Hua Qiang, which he described as “ground zero for the trade and practice of iPhone repair.” While there, he bought spare parts and repair manuals that contained detailed blueprints of the target device.
Testing the electrical signals from the iPhone 6.
Photo: Andrew Huang
Snowden and Huang discovered 12 test points that could be used to monitor the status of the cellular radios, the GPS radio, and the wifi and bluetooth radios. While they didn’t find a test point to monitor the Near Field Communication chip, the part that makes Apple Pay possible, they discovered that they could disconnect its antenna, vastly reducing its range.
They don’t think that modifying an iPhone 6 to install an introspection device could be done by just anyone, but “any technician with modest soldering skills can be trained to perform these operations reliably in about 1-2 days of practice on scrap motherboards.”
Supply Chain
The next step is to develop a working prototype, which Snowden and Bunnie hope to complete over the next year. Their blog post says that the project is currently operating on a “shoestring budget” and “donated time.”
If it proves successful, they may seek funding through the Freedom of the Press Foundation to develop and maintain a supply chain. The nonprofit, of which both Snowden and I are board members, could then distribute iPhones that have been modified to include introspection devices to journalists who work in dangerous environments to use in the field.
No one has explicitly mentioned that there is lots of pre-era “analog” sh!t still in used by police
http://www.realclear.com/living/2016/01/04/real_life_spy_gadgets_12618.html
It is very easy to bug someone’s shoe with an RF transmitter with a piezoelectric component, so that it doesn’t even need a battery (you charge it as you walk)
USG has been also inserting RF transmitters in people’s root canals and ribs and using microscopic metallic dust as EM beacons, which are nearly impossible to notice to the naked eye but track your whereabouts as easily as a cellphone
Here is a use case proving that even placing your cell phone in a Faraday cage may not be safe. I remember that I got anxious when I heard Laura Poitras say that they put all their cell phones in the fridge after & when they arrived at that place where they were meeting Snowden …
I think it is better to educate the proles out there about using their own devices. That “we surely know best how to do this and use that” … we base our assumptions on is dangerous on a number of counts. Still, if “foreign journalists”, can’t think, sh!t or pee without their cellphones:
1) use a totally encrypted cell phone like device without an antenna (hw) and without networking (sw) to record stuff and talk in your own thoughts
2) once in a while go to a relatively safe place (a very crowded area, your embassy a fancy local building), select and upload the material you need to a secure server
3) never write down your finding and thoughts explicitly (always keep important parts to connect the dots in your mind)
4) do not stand out in any way
5) don’t make yourself predictable, change your modus operandi
Also, if you check in a Hotel you know you will be assigned to a certain room …
RCL
I know this is not “legal” (“how could we even think of messing with our cow marks!?!”), but given the options: you either break the law and live enough to tell stories by yourself or get killed for being a law-abiding, trustful, … individual
Have you thought of jailbreaking, rooting, unlocking, … ultimately owning your smart phone and install and encrypted and more reliable version of Linux?
http://www.tomsguide.com/us/jailbreak-root-unlock-phone-faq,news-17935.html
People could image whatever cr@p they get from Apple or google and keep it to sync it back later if they so choose. When they want to go “incommunicado” they would take out the SIM card and use the safe, no GPS emitting one.
The OS in that other SIM card would not even have networking sw and related service sensors sw interfaces in it. That cell phone could be used for recording, taking pictures, etc.
RCL
Snowden called this the “holy grail of surveillance” …
https://www.theguardian.com/environment/2016/jul/26/solar-impulse-plane-makes-history-completing-round-the-world-trip
and will, of course, get better (and/or worse depending on how you see those “technical progress”)
RCL
https://ipsoscustodes.wordpress.com/2016/07/26/snowden-and-huang-aim-to-keep-smart-phones-from-betraying-their-owners/
RCL
$ date
Tue Jul 26 02:52:35 EDT 2016
one day inevitably we would pay for it with some politicians “writing ‘secret’ laws which interpretations are ‘secret’ …”
RCL
“Despite the covert approach” you said? Well, I will assume you are not being sarcastic, since there is no funny or ridiculing juice anyone with a sense of morality could extract from such fatal incidents, which are way too common among people who have never heard and, most probably, will never hear of the Sundays Times.
I wonder what is the point of that Hollywood line about “smugglers’ routes, climbing over walls in the dark and slipping into muddy trenches” when you are carrying a cellphone, which, let me put it crassly for regular non-technical folks out there to get it at once, constantly send a code saying “Here, here (with centimetric precision about your whereabouts) … kill me, kill me, … here I am”?
I find amazing that people (even those working for the Sundays Times!) are still getting killed for carrying a cellphone? Or, is that really the reason? Moreover, they are now into “‘self-driving’ cars (even steered by google!)”. By the way guys those so-called “‘self-driving’ cars” are not driven by those forest little dwarfs from Germanic fairy tails that would come at night and do your work for you (lazy @ss those Germanic people), who for some truly vexing reasons seemed to have hated Michael Hastings to murderous extents.
https://en.wikipedia.org/wiki/Michael_Hastings_(journalist)
// __ Hours Before His Death Michael Hastings Contacted Wikileaks Attorney Said FBI Was Investigating Him
youtube.com/watch?v=n0XSV1ETzwE
~
and to “military intelligence” as well … as you pointed out first. Also, we all choose to breakpoint reality in our own ways or the way some other people do for us (most of us aren’t even conscious of it). Why has Syria been a war-torn country for such a long time? and, by the way, smart phones are NOT “indispensable tools”. They will never beat a notebook and pencil aiding by a conscious, critical mind staked on a lively brain.
Ha! I somehow smelled the introduction of this latest story of Lee’s technical saga would lead there.
Some of the most profound tenets of Buddhism and the Franciscan creed (I don’t know much about Islam, but I would bet there is some of it there too), is keeping a safe distance to one’s own ego.
to “monitor”? … “potentially compromising” radio transmissions?
When I was a kid I thought that I had to f#ck every p#ssy I could smell within 5 miles. I quickly realized it was more like the other way around. I also thought that I was going to find the chemical compound to cure cancer, that you could “rationally convince” the Israeli government to stop the occupation and that I had discovered a deep link between topology and measurement theory in the stretch-rotate relation of vectors under linear, affine transformations (as simply expressed through matrices). I don’t know about Huang, but Snowden is not a naive, enthusiastic kid at all anymore to be talking like that.
If you haven’t still gotten my point for what it means and really, really would risk your life and ditch all your efforts after going “smugglers’ routes”, there is this thing called a Faraday cage:
https://theintercept.com/2015/05/08/u-s-government-designated-prominent-al-jazeera-journalist-al-qaeda-member-put-watch-list/?comments=1#comment-131280
~
// __ I fear the chilling effect of NSA surveillance on the open internet
https://www.theguardian.com/commentisfree/2013/jun/17/chilling-effect-nsa-surveillance-internet#comment-24402623
~
which would be the closest to not carrying a phone in addition and being:
a) 100% reassuring: yes, as we technical people say: “you can’t patch stupid(ity)”, but they, neither the NSA or Syrian “military intelligence”, nor the Russian mafia, nor script kiddies can do sh!t about Physics;
b) safe to you and the functioning of the phone itself: what do you think will happen if the “‘intelligence’ services” find you with one of those devices courtesy from Mr. Snowden and Mr. Huang? Also, it would be on them becoming paranoid about it, you would not put in evidence yourself by simply placing the phone inside your metallic “lunch box” or one of those large Altoids candy pill boxes (which a long time we discovered to be more prophylactic). Nothing will whatsoever will happen to the phone. It would be like when you drive through a metal bridge;
c) it is dirt simply and you can safely test it: simply put your cellphone inside of a generic metallic encasing and place a call to it, you will see that what Physical EM waves concern your phone doesn’t exist at all, not right there inside of where you put it nor in the galaxy farthest away GN-z11. Isn’t that great!
which, amazingly indeed!, will still set us free and is not in the details, but, Ed, stop kidding people. Would you, please? Let’s concentrate on those so profitable truths out there and making sure people can have it and eat it, too!
Huang I would have trusted you as a real player if you had found all those “detailed blueprints” of cell phones on wikileaks.
IMHO, the best parts of that article are when they say and paraphrase that: “cellphones of any platform regardless of its relative security can and will be compromised by state-level adversaries”.
Metaphors, especially those about trust, tend to be amusing. Aren’t you trusting yourself too much in your endeavor?
Wait, you are talking business now! So, you just discovered that any kind of software-based device can essentially be made to lie about anything?
Last time theoretical Physicist niggah me checked, Maxwell Equations (the most beautiful one liners ever scripted coming out of Physics (relativistically invariant even before “Relativity”)) didn’t say a damn thing about “dishonesty” in radio emissions. They have no sense whatsoever of being used “honestly” and “responsibly” by freedom lovers or by Syrian “terroristic” “military intelligence”
Using intellectually sounding funny names will not change the fact that once you use words (software) someone will come up with the great and simple idea of lying. We started being (somewhat) civilized people when we agreed on a common understanding of what justice should look like which we had to write as a common code of law for everyone to refer to and ponder about … one day inevitably we would pay for it with some politicians “writing laws which interpretations are ‘secret’ …”
You would not be able however to lie about the fact that:
Somewhat irrational, but still good intentions. Something alchemically good may come out of the implementation issues. I find amazing that someone like Snowden would believe that he and his buddy working on a shoestring budget and standing on a hardware and software platform they don’t own, based on “their understanding of the current preferences and tastes of reporters” will beat at playing cat and mouse with them, USG and all NSA affiliated corporations working for them funded by tax payers
Have they given any thoughts to the fact that, regardless of how good the soldering may be, an in-built control logic can be added to the hardware and software to detect the intruding connection based on the Physics and logic of the circuitry?
Are we truly talking about a new thing under the sun or you mean the name of the thing.
Oh, thank you very much Huang and, by the way, of course, we very well knew about those test points, since we put them in by design …
Whereas anyone can put their phone in a metallic encasing and easily test by oneself if thing works
There is a lot that can be done in this age to protect oneself, but we need to tell apart physical reality (the only “God” we can trust in our days) from everything else.
Now, let me be positive. I think, we all, “journalists” and “techies” should do a better effort at understanding ourselves. We could spend more time on apps for cell phones that record with instant connections to our own servers, police and government do monitor us, but they will have a harder time being attentive to every form of ephemeral happening out there while trying to at the same time entertain illusions about “freedom” and that thing they used to call “privacy”.
As it happened with Eric Garner’s unnecessary fatal run in with police even his not being able to breathe was recorded; Philando Castile’s lady streamed the data of her man being killed point blank by police officer Jeronimo Yanez for no reason whatsoever as it happened to facebook and even if “they had glitches” the world at large saw what happened first hand:
// __ Did police remove the Facebook Live video of Philando Castile being shot?
http://www.telegraph.co.uk/technology/2016/07/08/did-police-remove-the-facebook-live-video-of-philando-castile-be/
~
A friend of mine sent this to me the other day (which except for Mona ;-)) is rampant in the US right now
// __ POLICE GANG STALKING: HIERARCHY, OPERATIVES, DISPOSITION MATRIX, GREENSBORO, NC
youtube.com/watch?v=MLTSR6Q6l9Y
~
hacking the USB port of a cell phone to service a usb splitter for continuous video streaming, recording from various locations in a car is not hard at all. The same could be used to record all those snitches and gang stalkers used by police to harass people out there. There are spy glasses but they are too obvious
This is all it takes:
a) using the phone directional gyroscope to undeniably (in addition to the view itself) the relative direction pointing to by each of the camera eyes
b) with a time stamp
c) just recording changes in view
camouflaging mini video cameras in a car or your clothing isn’t hard at all. That is dirt cheap; a USB splitter with 4 ports cost $7 and a SPY Button Mini USB Camera are being overpriced from $10++
// __ SPY Button Mini USB Camera connected to mobile phone RMD-N4031 RMM-N4031
youtube.com/watch?v=DMlD2wYavso
~
We the people do have the ways and means to monitor government and so-called intelligence agencies as well, they don’t live in a separate exclusive physical or ethical reality. That way people will clearly see that it is that Pro-Russia Putin responsible for all freedom-hating things happening in the Universe.
truth and peace and love,
RCL
“We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don’t,”
That should be “We have to ensure that journalists can investigate and find the truth, ESPECIALLY in areas where governments prefer they don’t,”
Problem is if you remove the main battery, there’s still a second watch size battery on every phone that could power up the radio, GPS, microphone or camera and report your location:
http://security.stackexchange.com/a/65455
If you’re an at risk person using this new device to detect if your radio is snitching on you, then when you detect this happened then it’s already too late, it already reported your current location and either government goons are on their way or a hellfire missile has already hit you.
A far better option is 3 layers of tinfoil around the phone to act as a faraday cage. Cheap and effective. Though test this for yourself to make sure you covered it properly: ring the phone in question. If you can’t reach it, then the radio is cut off. You could also test the effectiveness of this for cutting off NFC, WiFi etc e.g. start a data upload to a simple web server, if the upload is cut off then the tinfoil is effective. You can also test the effectiveness of faraday bags this way. Probably they are not all they are cracked up to be.
Also worth testing: putting your phone in the fridge or freezer. Hint: it doesn’t do anything. The microphone on your phone is extremely powerful and can pick up audio from rooms away. Also it doesn’t block the radio signal because it’s not a faraday cage.
Things that might be worth testing: putting your phone in the microwave, because that is a faraday cage. However it may not block all the radio frequencies. Also audio can still be captured, stored and transmitted without you knowing it at a later date.
For preventing your phone from secretly recording audio and transmitting that when it reconnects the radio that’s a hard problem. Ideally the phone should be nowhere near anywhere a private conversation is taking place.
That’s a very hypothetical scenario, that the coin battery might be used to power primary systems in a smartphone. In any motherboard I’ve ever seen, those batteries are only ever directly connected to real-time clocks, possibly “non-volatile” SRAM, and, if of the rechargeable variety, a charging circuit. To power a transmission with those tiny batteries would not be practical, and manufacturers would need to go out of their way to support such a backdoor…not that corporate/snooper cooperation is unheard of – just not as such an overt, inexplicably unnecessary hardware addition having no plausible deniability.
Also…are cell mics really that sensitive? I dunno, but yeah, don’t give your phone freezer burn.
I don’t think that Bob is talking about microphones but cell phones various antennas.
Even if you don’t “hear” or “see” them, we are surrounded by a sea of EM radio waves zipping around the globe five times in a second while bouncing on the outer layers of the atmosphere, some created by our devices, some coming from outer space.
Radio telescopes can detect truly spurious soundless farts on the other side of the galaxy.
RCL
…Yes, if by “the microphone on your phone”, Bob actually meant “various antennas”. Wait, wut?!
Also, “spurious soundless farts”??? You might consider posting in your native tongue so at least SOMEONE might understand what you’re trying to say. Martian, is it? Or do you prefer to speak in soundless fart?
I’m sure Putin doesn’t know anything about this.
If anyone is deserving of remuneration for selfless service for the common good of Humanity, surely Edward Snowden is a fine candidate.
For some, the most practically relevant information Snowden revealed to the US Public (and the world at large) was not the digital documents (“secret”, sensitive or otherwise) themselves but rather that there was finally irrefutable confirmation regarding the breadth and depth to which technology has rendered the entirety of the Earth and her inhabitants physically obvious and metaphorically transparent.
Unless this phone protector somehow rewrites or nullifies the legislation that abrogated “individual privacy rights” to this point in time when and where the very concept is a functional relic, I am incredulous about the product. In as much as there is a market for this essentially useless product (based on Snowden’s own assertion that “The Surveillance State” is ubiquitous and omni-present), it’s value amounts to little more than providing a purely psychological figment that there is even a chance of glimpsing anything resembling that which approaches autonomous privacy.
https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/?comments=1#comment-225547
RCL
It’s sooo much easier.
Just use one of the little $12 TV tuner dongles, they cover the entire spectrum being tested for with the exception of the 5Ghz WiFi range which can easily be down converted, and add an FPGA and a USB chip and done.
Monitor the emissions directly from the phone itself, no connections required. Make is so it has to be in contact range to work so it won’t pick up the guys phone next to you, shield it in all directions except that of the tested phone..
Job done, effectively, unhackably and cheaply and would work with ANY phone that it can be clipped to.
Interesting idea. One major problem: RTL-SDR & DVB-T tuners cannot provide coverage beyond a smidge over 1.7 GHz, while Wi-Fi/BT and many GSM/UMTS/LTE bands exceed the receiving range. You can’t see those signals w/o either a second receiver or L/S/C-band downconverters. As a less expensive and bulky alternative, you could add a Wi-Fi chip to the mix, but then you also require a second interface or some really complicated integration. Also, what are the FPGA and USB (transceiver?) chips meant for?
In the end, how is this system any cheaper or more effective? It’s certainly not simpler, nor reliable. Besides, you might as well buy a handheld spectrum analyzer at that point…
This is a wonderful way to help stop our phones, and other devices, from spying on us. It needs to be developed.
> [The Freedom of the Press Foundation] could then distribute iPhones that have been modified to include introspection devices to journalists who work in dangerous environments to use in the field.
Why not distribute an open-hardware phone (e.g., Fairphone[1]) or at least a phone with open-source software[2]? Apple already has plenty of money [3].
[1]:https://en.wikipedia.org/wiki/Fairphone
[2]: https://en.wikipedia.org/wiki/List_of_open-source_mobile_phones
[3]: http://arstechnica.com/business/2015/10/apple-google-microsoft-hold-more-than-336b-overseas-via-legal-tax-loopholes/
Seems like too much work – why not just build a faraday cage case with <1.4cm gaps? That would provide HUGE signal attenuation and there are two ways to make it still usable – a, install the forward faraday cage beneath the cell phone screen or b, use a low-profile conductive material directly overlayed on the touchscreen. Super cheap and simply removing the phone from the case allows you to use it for all normal wireless connections. For <<$50 per phone case.
This project is a huge waste of money and time.
Yes, of course a Faraday Cage is a more straightforward solution, but only if the sole aim is to ensure signal attenuation…or you could just REMOVE THE PHONE’S BATTERY and forgo the purchase of some unnecessary, over-priced conductive bag. Nor is it a necessarily reliable method. (Incidentally, 1.4 cm mesh size is FAR too large – by at least an order of magnitude.)
It seems to me, the goal of the project was to not only to evade detection but to determine when and how data is being transmitted. That way, the user might be able to catch the phone’s OS and software lying about radio status or activating radios explicitly disabled.
It also seems to me that it’s always those disparaging concepts like this are most desperate to con an audience into buying into their authority and bogus expertise. I happen to like this idea and appreciate that there are people with a technical interest in the topic of privacy protection even more. In my book, any progress in favor of protecting journalists is a step in the right direction.
[My apologies if this double-posts.]
Yes, of course a Faraday Cage is a more straightforward solution, but only if the sole aim is to ensure signal attenuation…or you could just REMOVE THE PHONE’S BATTERY and forgo the purchase of some unnecessary, over-priced conductive bag. Nor is it a necessarily reliable method. (Incidentally, 1.4 cm mesh size is FAR too large – by at least an order of magnitude.)
It seems to me, the goal of the project was to not only to evade detection but to determine when and how data is being transmitted. That way, the user might be able to catch the phone’s OS and software lying about radio status or activating radios explicitly disabled.
It also seems to me that it’s always those disparaging concepts like this are most desperate to con an audience into buying into their authority and bogus expertise. I happen to like this idea and appreciate that there are people with a technical interest in the topic of privacy protection even more. In my book, any progress in favor of protecting journalists is a step in the right direction.
While we were fixated on Trump…
http://www.hollywoodreporter.com/news/oliver-stone-snowden-at-comic-913221
Ever wonder when and where your digital cell was born?
In the early to mid 90s, I was a production/R&D technician at HP, while studying engineering, on the team that developed and produced the HP 894XX systems which were the first pieces of equipment to implement digital signal modulation/demodulation technology – 2 really smart, humble, guys literally said, “what if we invent digital mod/demod?” at HP in tiny Lake Stevens, WA – and they did.
Our prototypes went to Motorola, Hitachi, and the NSA. This technology ushered in digital broadcast communication and provided unprecedented measurement and analysis capabilities (full-spectrum, to 2+ GHz, power plots with one button!). This is also when the NSA had a wet dream because they could now fingerprint any radio transmitter in the world with one of these toys.
When the spooks were given a demo by the field engineer, everybody got out of their seats and left immediately after the presentation. The proud engineer was crushed – not a single question or comment! – and then his handler explained how everyone in the room just had an orgasm and now they had to go talk about it, without letting you know it.
“Snowden”, the movie, September 16:
https://snowdenfilm.com/
Did O. Stone spend a lot of face-time with the characters? It seems so difficult to relate to actors when the events were so recent (and still unfolding).
Yeah! Why do we need movies when reality is so rich and exhilarating?
RCL
This article elides the possibility that the reporter had been tagged with a tracer/transmitter. It would be nice to have a general bug scanner/ spectrum analyzer that attaches to your iphone with a micro usb adapter and an app.
The photo is interesting. Looks like a nice oscilloscope, a high end Tektronix, probably over $10,000.
And that’s without the floppy eared bunny option.
Tech toys are fun. https://www.youtube.com/watch?v=W2qdtQkBKhc
What about using a vpn, orbot and orfox to circumnavigate the spying? Wouldn’t that do the job…That’s what I use…
The work in this piece is about disabling geolocation aka geotracking, not content monitoring. For this, one needs a way to disable transmission, not encrypt them.
The Thing is that the corrupt establishment is infiltrating any microchip or software possible. The first thing to check is that there be no backdoors to get accessinto any microchip processing. There must be a way to offset the corrupt establishment spying on anyone by sending them a “proxy data or signals” in order to offset the coordinates. At any rate the best way is to encrypt and locked any software and microchip in order for the corrupt hidden hands not to have access without the consent, awareness of the mobile user/owner period.
Well done Edward Snowden, and raise a delicious gourmet non-gmo pizza(natural organic wheat the way God the creator made/created it) and some delicious natural organic water (without the poison of hydrofluorosilicic acid that is added to all kinds of drinks in the usa which is basically poisoning the masses).
I’m not a techi…at all. But when reading this and the comments I had a thought…and googled it to see if it existed. [Encrypted frequencies]
http://columbiadailyherald.com/news/local-news/scanners-go-silent-columbia-police-use-new-digital-frequency
Also I was recently educated on cloud storage…so what about Snowden & Co. designing , owning, and managing a similar system just for journalists, to include the above encrypted frequencies that would be needed to operate like the CIA and/or police dept’s do?
ps…please don’t reply with high tech…cause I won’t understand it.
The work in this piece is about disabling geolocation aka geotracking, not content monitoring. For this, one needs a way to *disable* transmission, not encrypt it.
I want a pop-open farraday shield/keyboard/easel/battery backup with monitoring software able to alert on any wireless data transmission and report it’s details.
I would remove the batter from the phone and rely on a switched battery backup.
Worry Points:
1] It is 1943 Technology to track a receiver –from a back EMF
2] Switches are not enough: Mirco chips “resonate” and more than one chips narrow down resonators to a few “fone numbers” + area scanning
3] Any I-fone can have more than one number
4] A programed micro circuit can have more-than-one-thought
The Telegraph article you linked to includes a number of questionable sources.
Including ‘activist’ Abu Abdu al-Homsi.
In an interview with CBC News, al-Homsi was asked about recent terrorist attacks
in Damascus: around one hundred civilians died, or were wounded, after car bombs
detonated outside the aviation intelligence department and the criminal security
department buildings.
al-Homsi’s response: “We are peaceful protesters all around Syria […].”
“The Syrian government made so many explosions all around in Syria and different
cities, in Damascus and in Aleppo. And then they bring bodies, which are prisoners,
killed by the regime, bring them to the place where the explosion happened, and
then they say, okay, these are terrorists[…].”
Think about what he is saying. He is saying that the bombings aren’t the result of
anti-government militants, but of a government conspiracy. A conspiracy, in which
political prisoners are dragged out of their jail cells, executed, and left at the
blast site of government-detonated bombs.
Photos and videos of the bombings are readily available; al-Homsi offers no proof
of his claim, nor is there any evidence to support it. So why would he say that?
Likely for the same reason Nayirah al-?aba? lied about the Iraqi army: propaganda.
(youtube.com/watch?v=LmfVs3WaE9Y).
al-Homsi is willing to lie about the perpetrator of, and motive for, a series of bombings,
in order to soil his enemy’s (Syrian gov.) reputation.
Yet he is portrayed as a reliable source.
You have some legitimate points but I think the author of this piece was simply looking for an example of how the Snowden-Huang device could protect journalists in any war zone. This story fits that bill. However, it is true that much of the western media reporting on events in Syria from late 2011 onwards was highly suspect (none more so than the chemical weapons attack story, which had great similiarites to the 2002-2003 Iraqi WMD story).
The most incisive analysis I’ve been able to find of how the Arab Spring of 2011 turned into a debacle in most countries, particularly Syria is here, from early 2012:
http://www.japantimes.co.jp/opinion/2012/02/20/commentary/how-the-arab-spring-was-hijacked/
I think there is great reluctance among many Democrats to admit that far from promoting democracy, the Obama Administration did everything in its power to help the theocratic oil dictatorships crush Arab Spring movements that threatened their rule, as well as to hijack the movements in Syria and Libya in an effort to control the outcomes by installing western-friendly puppet dictators. Here, Brahma Chellaney nails it:
That’s how ISIS and the Al-Nusra Front were initially established, funded and armed in Syria; a massive debacle that resulted in ISIS gaining global prominence by 2015 and moving on to launch terror attacks in Europe and around the world.
So no, Libya was not Obama’s biggest mistake . . .
I don’t get it. Are Syrian government officials and military terrorists or freedom-lovers?
RCL
I guess as a matter of course the Pentagon, the CIA, and the NSA — but also the counterpart agencies of other nations — will want to hijack and [mis]appropriate the projected invention of Snowden and Bunnie for use both in espionage and in battle. If only for that reason, I would urge them both to ensure they secure intellectual copyright on their apparatus so they can then sue the arse off governments — well, at least in the USA — for patent infringement, or such. Btw, maybe they’d do well to invite Kim Dotcom to join them in this venture. He’s truly righteous, and (thanks in part to Larry Lessig) very well up on copyright issues.
Nice reporting, Micah. Adversarial journalism doesn’t have to be loaded with bias, opinion and twitter.
I’m waiting for the Ubuntu phone.
http://www.cnet.com/news/first-ubuntu-phone-will-be-sold-in-a-limited-run-flash-sale/#!
I’m not going to pretend I know what you’re talking about, but thanks to all involved for making reporters’ ability to evade the establishment more possible.
Why not work on reviving/modifying/upgrading the the already existing architecture in an old n900 that already has separation b/t chips & radios or assist the struggling neo900 guys? As soon as you start using the Apple/Google/MS devices on a network all your mitigations are lost to *big corp whore* and all their “trusted partners” anyway.
I’m guessing it is because they want to target a device that people actually use, so that real people in the real world can benefit from it.
I have an n900. Don’t get me wrong, I want to se more dev on it. But Snowden and Bunny (as clearly stated in the article) are targeting devices that journalists use. “Just use this dead tech instead that doesn’t support 80% of what you want to do with it” isn’t reasonable.
“Despite the covert approach, Syrian forces still managed to get to Colvin; under orders to ‘kill any journalist that set foot on Syrian soil,’ they bombed the makeshift media center she was working in, killing her and one other journalist and injuring two others.”
*Allegedly.
The Syrian Army’s role in the death of Marie Colvin has not been established.
As a journalist, you should not over state the evidence.
Anyone who wants to comment on the choice of method adopted by AB and ES should read the paper (link in the article) first. I suspect that most of the commenters have not.
+1
I read it. Frankly, it’s fundamentally silly, an exercise in unnecessary complexity by very bright tech geeks who are enchanted by technology and can’t get out of the mindset.
A curious statement that offers no substantive critique whatsoever.
As a mostly non-technical description of what they were trying to accomplish, I found the paper to be readable, relatively brief and to-the-point and importantly – understandable; even for a non-tech like me.
“. . .an exercise in unnecessary complexity. . .”
That’s the core substance of the critique. For details, see my other posts in this thread.
I was a techie for decades. I know how addicting technology is. And I know how silly (and blinkered and blinded) addicts can be as a result of attachment to their favorite highs.
“I was a techie for decades. ”
Self-taught, obviously …
I won’t bother to post my bonafidesfor the like of you, you nasty piece of shit.
Suffice it to say that I don’t post unless I know what I’m talking about — and I only call other posters nasty pieces of shit when they have demonstrated that’s what they are, consistently and repeatedly.
BTW, autodidacts are some of the most impressive people on the planet. If you had half a brain, as we know you do not, you wouldn’t toss “self-taught” about as an insult. If it were true, I’d consider it a real achievement.
“Suffice it to say that I don’t post unless I know what I’m talking about”
… Unless you think you know what you are talking about.
You trashed the concept of an investigative device which would alert the user that their phone was being deceptive. Knowing you are being monitored is a good thing. (Yes, we know having no cell phone is the best way to not be detected but the goal is to allow you the use of a very powerful tool while minimizing your risk)
Thanks for the reply, Doug. Your substantive critique wasn’t available when I posted earlier.
That said, Snowden, et .al being “silly (and blinkered and blinded) addicts” remains unpersuasive to me.
“I read it. Frankly, it’s fundamentally silly, ”
Your ignorance can be stunning.
Why do you feel the need to put it on display?
I think if there is a basic point it is that the Snowden-Huang device relies on detecting the flow of electricity (aka, electrons) at a specific physical point on the phone’s circuitry. Here’s perhaps the key passage:
So if there’s a flow of current to any radio transmitter on the phone, it is directly detectable; no need to rely on any software instructions that could be overwritten. The rest is details, i.e. would the phone be able to detect the detection system, and so on. Seems like a very solid approach to the problem.
I was just online reading up on Side Channel Analysis when my house shook from 2 lowflying fighter jets. Coincidence?
spy vs spy
USG and agency intrusions are getting worse all the time. It appears that govs and agencies have declared WAR ON THE PUBLIC. Do not kid yourself for one moment. DISHONEST THIRD PARTY GOV EAVESDROPPERS CAN SELL YOUR BUSINESS & PERSONAL INFO. The temptation for corruption is too great for these sneaks and liars to handle – just look at what they’re up to now-
Ever hear of Amazon Echo?
http://www.zdnet.com/article/alexa-have-you-been-wiretapped-by-the-fbi
Wallstreet hates competition, steals from the public, lies to everyone, pays Hillary, and wants to rule the planet with their hillarious TPP. If you are a creator, inventor, deal maker, broker, or researcher, you will get robbed.
Fascinating, but of doubtful value — and an overly-complicated approach that reflects the modern tendency to overlook simple solutions.
Put your phone in a Faraday bag and use a small tablet to do the offline stuff. If you need the WiFi, install a physical switch to control the radio. If not, kill it.
As for all the reasons why an “introspection engine” is exceedingly unlikely to escape detection and compromise . . . well, it’s not worth going into, because the idea itself is fundamentally flawed.
Good try, but don’t give people wrong advice, at least in this thread. They will die because of your ignorance, mistaking it for expert advice. Elsewhere it doesn’t really matter.
Moron.
Really curious to hear those reasons this device would or even could be either detected or compromised… So long as it’s directly tapping the transmitters’ power supply or data lines, I don’t see how it can be tricked into giving false readings. I see two possible design flaws that could theoretically allow for detection, but I can also conceive of two solutions to mitigate those issues nearly entirely.
Rather than answer that question, let’s adopt the Socratic method:
How would it make you safer to know that your phone is now transmitting without your permission?
Oops.
Doug, as you so often do, I strongly suspect you’re talking out of your ass. I caught you doing so, and lacking any real understanding of the topic yourself, you flip the question around. Note that I’ve already answered the very question you’re avoiding, but I can play along and go into a bit more detail for anyone interested.
If you opt to check digital input to the radio alone, then you can only be certain that no information from the CPU or sensors are being transmitted, but it’s always possible, in theory anyway, for on-board firmware to contain embedded instructions to fall back upon and broadcast a ping packet, which may be ID’d and triangulated.
If you tap a transmitter IC’s power trace, you can be almost absolutely certain whether it’s off – not functional. Technically, a transmitter can (and does) store a very limited amount of charge, but it would be exceedingly impractical to implement a chip than could sustain even a sub-milliwatt signal sans power for more than a brief moment.
Similarly, the output pin can be monitored to determine when signals are being sent; then, you even know if the chip itself is being sneaky. There’s also the possibility of a passive tank circuit being installed in the phone so that a radio in the area and sufficiently tuned to it can give a none-functioning phone an RF signature, and you could be tracked down. (The KGB has been known to use this trick since it’s essentially a passive bug that’s very difficult to detect.) Still, the latter two methods are virtually fool-proof.
An even more reliable option to avoid or detect inadvertent transmission is to act as a gatekeeper to the antennas. You do that, and there’s no way you’re broadcasting beyond a very, very limited radius, and it’s extremely unlikely that even an unknown tuned tank circuit would be able to give you away. If you’re within range at that point, it’s probably because you’re already captured and tied up at the bad guys’ feet.
When you use a Faraday bag, you’re getting the same basic effect as antenna cut-off. A properly designed Faraday cage can be super effective. It’s certainly a simple, viable option.
Now, it’s possible that Snowden and Huang designed it more because they could than because it’s the patently “best” solution. That is what hackers do, after all. But to disparage this “introspection engine” you clearly have no grasp of – dismissing it as “fundamentally flawed” – is a bit much.
The idea is fundamentally flawed partly because it is exceedingly difficult to monitor current in circuits without affecting the circuit in one or more ways that are relatively-easily detectable.
The concept, in and of itself, is fundamentally flawed because it is overly-complex — a fatal flaw in all life-safety engineering and design — and because it starts with the assumption that the best approach to security is to attempt to modify what is probably the most-easily traceable device on the planet — and keep using it in hostile environments. That, in layman’s terms, is dumb as a sack of hammers.
What I see here, above and below the line, as well as in young Snowden’s efforts, is an attachment to advanced technology so irrational as to blind participants and observers to much simpler and saner approaches. It’s an affliction so common, now, as to be a pandemic personality disorder.
You, for instance, have demonstrated that you understand circuit design, at the same time you have overlooked or rejected the possibility that fancy circuitry isn’t a sensible approach to the problem. Snowden and Co. have done the same and Micah, ATL, has fallen in step. Circuit-level thinking doesn’t solve systems-level problems.
You, collectively, remind me of the humans of every description I see, daily and hourly, so absorbed in mobile devices that they are oblivious to the world around them. It’s an addictive disorder, I’m pretty sure.
And just a quick note for you and the other rude jerks who have accused me of “talking out my ass” and tossed around other insults: among other things, I was senior or chief engineer in the construction and/or operation of about 40 of the first cellular systems built in the US and have been involved in high-tech systems engineering long before that and long since, although I prefer much simpler devices these days.
I doubt those “Faraday bags” are all they’re claimed to be. Are they actually thoroughly tested? They might work for passive RFID chips (which act basically as low-power frequency reflectors) but probably not for the full range of cellphone transmission frequencies. A little research turns up this:
http://physics.stackexchange.com/questions/89584/how-can-electromagnetic-waves-reach-a-cell-phone-in-faraday-cage
And don’t all tablets have wifi and bluetooth that are just as susceptible to being compromised as phones? The whole point is, you may think you are offline but are not; or you may have malware like a keystroke logger that records and transmits everything you type (and records sound and video) when you do go online.
Take a look at how the U.S. government obsesses over the issue of portable electronic devices, for example. . . from Federation of American Scientists, a reliable organization, but it is a pdf, so it might have some malware exploit attached. Google:
Portable Electronic Devices in Sensitive Compartmented Information Facilities
I just assume all devices may be compromised. The ability to do things like live-stream video to a remote server (as in the Diamond Reynolds case, where her boyfriend was killed and the police seized her phone) more than makes up for it. But then, this is not an active war zone. . . yet.
Also I don’t really see how an “introspection engine” of the kind described would be compromised; the idea seems basically valid.
Already manufactured items that are modified with the engine can be prevented from being compromised. However, expect changes to the hardware in future phones that will prevent terrorists and other undesirable elements from installing any introspection engines.
If you are a journalist then you should not follow anybody’s advice except Micah Lee’s. There are lots of experts here who will mislead you into doing stuff that will expose you to the enemies of our country.
Faraday bags work, they have been around for decades and tested extensively. They are used across many sectors of the economy. Back in the 90’s I did computer work for a small company in Sarasota that made anti-static and faraday devices for the movie industry. You more than likely have several inside you home that you did not know about in electronic devices.
They work and they’ve been tested, repeatedly, since 1836.
Nonsense. A Faraday cage or bag or shield properly designed and fabricated to block transmission of the frequencies used by the radios in a cellphone will block those transmissions.
Yup, that’s why I suggested hardware switches for those radios, or removal or destruction if you don’t need them.
Anyway, this whole discussion is silly. There are all sorts of ways to record audio, text and imaging with devices that don’t have any transmitting components at all. If you’re worried about being traced or tracked via RF signals, don’t use RF-transmitting devices.
It’s hardly silly; journalists need to avoid being tracked in today’s world. And as far as these Faraday cage claims, from the link I posted above:
Don’t confuse a cell phone (a relatively powerful emitter of electromagnetic RF radiation ) with an RFID tag (usually a passive device that absorbs an external RF signal and ‘rebounds’ it back to a nearby receiver); the Faraday bag claims are for passive RFIDs, I think. And they have have powered RFID’s these days, too, i.e. with batteries to amplify the signal.
After all why do you think government agencies build those big SCIF chambers to prevent eavesdropping?
Got “doubtful value” down pat, eh Doug? Cuz if you think an Fbag is gonna save the day I’d remind you of your utter lack of comprehension regarding all things Physics …
The game is afoot.
What is thwarting the manufacture of smart phones that offer a hardware switch to a shielded dummy load for each and every tranceiver it contains?
Who or what is thwarting the OEM production of smart phones that offer a hardware switch to a shielded dummy load for each and every tranceiver it contains?
One problem with battery removal for silence is the possibility of an autonomous ping function using ambient RF energy, with passive components, to trickle-charge a cap and ping regularly once the battery is removed. A collapsing tank circuit will leak all over the place and be easy to spot. It certainly could be used for short range location and even long range if the antenna is functional.
A Faraday bag may not afford complete protection against a non-modulated Rf burst.
Something simple like the passive tags used in retail clothing. This could be an issue in an industrialized area where you could have sensors for picking up the short range passive RF signals but in most of the world you would not have the infrastructure to receive such a short range signal.
A short range system is of little value to someone who wants to find journalists out in the field. A practical detection system needs to have the range of a phone., allowing it to take advantage of the legitimate network.
“A short range system is of little value ”
if they are in your neighborhood a short range system could rat you out.
Generally, there are limited places that adversaries really don’t want journos.
your opinion as to the vulnerability that businesses have with devices concerning possible theft of information is seriously welcome. tyia
But how do we keep the NSA from intercepting our brain waves. That’s the ultimate theft of privacy!
https://www.youtube.com/watch?v=r6dk0MCOur8
To read “brain waves” you need to be inside the skull, but no fear, DARPA (the Defense Advanced Research Projects Agency in the Pentagon, overseen by the Defense Science Board) has been busy working on this:
http://fusion.net/story/204316/darpa-is-implanting-chips-in-soldiers-brains/
In the coming Brave New World, government contractors like Snowden will have wireless-linked chips embedded in their brains to detect ‘bad thoughts’ before they can engage in any whistleblowing activity. . . only ‘chipped’ humans will be allowed government security clearances.
That’s going to make Kim Jong Un very happy. Hacking and re-programming individuals will be a lot easier compared to NSA servers.
One of the (many) funny things about North Korea is just how small their Internet is – they’re completely invulnerable to, say, hacking their electricity system, because nothing’s connected:
This is probably very frustrating for the NSA. The Stone Age defense is impenetrable.
Our sanctions have hurt our ability to sell them the stuff. Maybe we should just lift all sanctions like we have done for Iran, except that we don’t pay them also $150B.
You can read only energy amounts but NOT MEANING, EVER. Indulgence in such matters is a con job on the public to pick pockets. Useless mad science by loose screws.
If however anyone doubts the accuracy of my statements, there are faraday hats available or, you can construct your own with tin foil and a very long thin copper grounding wire.
Don’t you worry, Anonomous / Anonymous lives in a Faraday Cage.
The eyes are the windows to the brain. A trained technician with some help from water-boarding can read the brain quite well, especially if it belongs to terrorists and their supporters.
All that accomplishes is the technician projecting their own conclusions onto “the terrorist”, who will work overtime to figure out and say what the technician wants to hear, in order to get him to stop the torture.
It’s good for preparing prisoners for show trials, though, which is what Stalin used it for. Or for getting false confessions about links between Iraq and Al Qaeda, which is what Bush used it for in 2002.
Granted the info on TV programs is often unreliable, but I did see one where they could view the areas of the brain light up when someone saw, read or heard something they were familiar with. This could be used to indicate who has certain undesirable thoughts or an awareness of prohibited ideas. Gets pretty close to reading meaning, I’d say.
This is awesome.
There’s a big problem with it though. What happens when the introspection engine is hacked? Presumably it can be hacked while interacting with a phone and then manipulated to present false results. Thus becoming a part of the problem.
It seems to me that digital security solutions have an infinite regression problem – they can all be hacked once they are connected. The only fail-safe solution is to go off the grid.
Anyone dispute this conclusion? I’m interested if there’s an argument to refute it.
J
Worse still is when Apple changes the hardware with a transmitter inside that no one knows exists, and which just waits for an external signal to wake up. Considering that Apples are made in China, who is to say they are safe?
The only potential solution I would feel safe with is a solution that need not rely on a direct link to The Device.
Either a signal scrambler of some kind or a compartment or case that would block the signal.
yeah. spy vs spy
an endless chain of counteractive ware
We are suffering the symptoms of a competitive operating environment derived from a criminal minded currency system which has the nation (&usd everywhere) in hock to wallstreet thieves.
Snowden and Huang explicitly defend against this, it’s design goal #2:
Not only will the phone’s CPU and operating system be physically separate from the introspection engine’s, but they also want the phone to not be able to detect the presence of an introspection engine, which is design goal #6:
Check out the paper they wrote: https://www.pubpub.org/pub/direct-radio-introspection
Not relying on Android operating system and it’s controlling modules is an excellent start.
Increased or abnormal power consumption and battery heat are also good indicators of unwanted activities occurring still occurring within the device.
Thanks Micah.
I think they are good design ideas, but here’s my issues with them:
1. No matter the execution domain, so long as information is being exchanged between devices/programs, there is an opportunity to hack them. This could take the form of a virus pretending to be the CPU and operating in substitution for the actual CPU within the separated execution domain, thus empowering it to transfer compromised data to the introspection engine.
2. This “passive”/stealth design is a simple thing to hack. All a hacker would have to do is assume that all devices have an associated introspection engine – hence skipping over the task of detecting an engine before further execution.
What do you think?
J
There will be no information exchanged between apps or the OS running on the phone and the introspection engine. Basically, it will detect if electricity is traveling through the wires that power the radios. If the electrons are flowing when they shouldn’t be, the introspection device will trigger the alarm. There’s no data transfer from the phone involved, so there’s no way that a hacked phone could hack the introspection engine.
The reason why an attacker would want to detect the presence of an introspection engine is to decide whether or not to risk turning on the radios when they should be off. If malware is running on your phone, it can turn on the radios when airplane mode is enabled. With an introspection engine, this means the malware risks getting caught though, so smart malware would only want to turn on the radios if it concludes that there’s no introspection engine. That’s why this is a design goal: to increase the risk of attackers getting caught.
Why don’t make it simple?
What about mechanical switches for all threatening functions?
One mechanical switch for mic and cameras, another for radios, etc. Even in different combinations.
No electronic solution will ever give the security and peace of mind of an unplugged cord :-)
I have always complained that computer webcams do not have a mechanical switch to allow users to disable them physically. A lack of such feature is an intentional design flaw in my opinion.
Hasta la vista !!
Masking tape.
Ok for the camera but not for the mic which is also very dangerous.
Well, here you are talking about building a cell phone from scratch, I think, which would be a much more challenging endeavor than building a small piece of hardware that monitors an existing cell phone’s transmissions.
Until this Snowden-Huang device is available, however, journalists in war zones (or talking to whistleblowers) might be best off using cameras, video recorders and sound recorders with no communication capabilities at all. Of course they’d probably still want to have their cell phone on hand, so a reliable Faraday cage signal blocking phone case would be needed. I’d guess that many of such “Faraday cages” on offer via Internet dealers are not very reliable. . .
This could all be somewhat academic, however, if the kind of technology described in Annie Jacobsen’s recent book (highly recommended), The Pentagon’s Brain, about DARPA’s “Combat Zones That See” programs (and many other subjects) become widespread. This involves thousands of micro-cameras and other sensors scattered through cities connected to data-crunching computers that can essentially track everything that moves through their ‘combat space’, using face-recognition and other software.
Put that together with the increase in drone warfare, including autonomous human-killing robots linked into such as system (which DARPA is currently working on, with Defense Science Board approval and many corporate defense contractors involved) and you don’t have a very pretty picture:
http://chronicle.com/article/Targeting-Assumptions/234056
“thousands of micro-cameras and other sensors scattered through cities connected to data-crunching computers that can essentially track everything that moves through their ‘combat space’, using face-recognition and other software.”
Already being used:
CCTV Hub
We have access to 55,000 via a London-based CCTV Hub where we download images to create evidence packages, and identify suspects. We can also track individuals in real time where we have intelligence to suspect them.
http://www.btp.police.uk/advice_and_info/how_we_tackle_crime/cctv.aspx
32 years after “1984” science-fiction surveillance is now on the market for any government to buy.
It’s certainly possible to retrofit a phone with mechanical switches or even CMOS/FET switches to be controlled digitally by an external device similar to the one outlined above. In the latter case, you could make the switch gates programmable to turn on/off in different combinations based on input from a user or the phone itself. Perhaps the simplest such modification would be to cut the traces to the cellular and wi-fi/BT antennas and insert switches on those lines. I personally installed a one-off antenna tuner+signal amplifier into my phone – same basic concept, really – and it’s not terribly difficult. Plus, you can’t hack that sort of mod without physical access to the phone.
I was just thinking about a phone modified by some technician for a niche market like for journalists. Cameras and mics are usually detachable in some smartphones, radios are much complicated I guess. Yes, a Faraday cage would be a possible solution, better than nothing. I do not see phone manufacturers including any solution with mechanical switches.
Arrivederci !!
Ah, here’s a useful video of Snowden breaking down a phone for VICE and disabling the camera and microphone:
https://news.vice.com/article/state-of-surveillance-with-edward-snowden-and-shane-smith
As far as Faraday cages, I don’t think they work for the full range of cell phone transmissions; even with RFID tags they can be questionable in many cases. Lots of marketing hype, it seems.
like this one?
Blackphone 2
https://www.silentcircle.com/products-and-solutions/devices/
Blackphone is the world’s first smartphone built from the ground up to be private by design. Now with a faster processor, more RAM and a larger display.
But they are using Google stuff so how secure can that be?
I wonder why the journalists don’t carry the old phones with the battery removed and with local SIM cards while traveling in enemy territory. Carrying smart-phones around isn’t smart – it can be a very dumb thing.
Any cell phone that receives a signal can also have software pushed to it. The older, the better, however the first series android devices are compromised.
Anything that relies on software can be compromised.
Right. That’s why it may be preferable to use dumb phones that only place calls; without battery it won’t bother to respond to any attempt to modify the software, so you can control your communication.
Communication should be only through encrypted pidgin in TAILS bootup with spoofed MAC address. Micah Lee has an article on this. This fellow is quite good at doing free community service, I should think.
There is also a way of direct access using vnc through which encrypted files can be directly placed on the recipient machine; no email, no trace anywhere.
WARNING TO ALL JOURNALISTS:
Your smartphone can also reveal your leaks and sources. The microphone and cameras can be covertly turned on and your conversations and images can be recorded. And that data removed or extracted.
Of course, when your source and you are detained or appear in court, you ability to challenge the source of the government ‘s accusation will be met with the roadblock of not revealing their methods due to National Security Concerns.
In case you have not noticed many of the pp updates to android phones are adding access to your bluetooth for device discovery. This will give away everyone in your immediate area. They can tell who is in the room with you!!!
There are some more practical use for this technology. It can provide current travel times in highly congested traffic. You can know if any of your friends are driving along in a nearby car. Also, it records all the visit of terrorists to the locality where the road-side bluetooth sensors are installed.
which means they can lie, make stuff up
this is how power-mongering sfb morons wih gov jobs ruin the planet
cockraoches
Imminently practical nerd work. *also good to see Snowden keeping busy in his involuntary ice fortress to the far north … waste not/want not.
Now, if we can just develop a human ‘introspection device’ Micah … we’ll about have it licked!
I’m wondering why they didn’t take the approach of using their own receiver rather than rely on test points. That, I suppose, is a question for them.
The problem with using a receiver is that it will pick up signals from other devices as well, and the device would have to determine whether is is coming from the user’s phone, another nearby phone, cell tower, etc. Also, using test points may allow them to verify wherever the phone is supposed to be in airplane mode so it can be smart about showing warnings (this is hypothetical, but it very well might be possible).
I use the Xposed Installer
http://repo.xposed.info/module/de.robv.android.xposed.installer
And the Module DonkeyGuard
http://repo.xposed.info/module/eu.donkeyguard
To block or spoof my phone’s info, but I have no way of knowing how good a job they do. You also have to root your phone.
I forgot to mention, I use a Faraday bag for my phone, works very well just be careful when buying one as there are a lot of poor quality products out there.
You can make your own Faraday bag as well, just Google “DIY Faraday Bag”.
Sounds great, I would love to have all the data including the testing points, etc.
Hey Micah, Very interesting article. However, I am curious as to why clandestine reporters fail to remove their battery from their phone if they want it to remain undetectable while not in use. Secondly, all of the measures you listed do not prevent a phone from being located when active. I read a story a while back about CIA operatives using portable equipment in clandestine areas that was specifically designed to thwart efforts to triangulate on a cell phone signal. Are you aware of this technology?
Many phones are moving away from removable batteries. Personally I think it is from pressure from US/NSA so you can never truly shut your phone off. I got my wife a Faraday Bag for her phone.
You also can’t use your phone, to record video footage or audio interviews, when it doesn’t have a battery.
Seems like that iPod Touch might make a good video / audio recorder without the cell radio’s of smartphones (still have to turn off wifi and bluetooth). Throw in a smartphone with a removable battery used for limited transmissions (keep the battery out most of the time) and you might have a much better set of tools for the time being.
Audio video footages can be recorded on a separate device and then transmitted later using TAILS booted laptop. I see no point using smart-phones in enemy territory. Dumb phones are way safer. Tape off all cameras when not in use.
What, like the ‘spy rock’? Capable of storing short-range bluetooth or other radio transmissions for later recovery. . .
http://www.telegraph.co.uk/news/worldnews/europe/russia/1508684/British-agents-caught-red-handed-by-Russia.html
I suppose it could work for journalists, i.e. leave the spy rock in some other building and send all your data to it via a separate device, so that when they drop the bombs, they land on the rock instead of on your head? I don’t think CIA and MI6 are going to be selling this system to journalists, however.
If the phone had two separate batteries, you could hard-wire essentially a physical “pull-out fuse” to disable the airwave signals. It could only be physically pulled out by the user and couldn’t be hacked remotely. The pull-out fuse could be as thin as a paper clip. Aluminum foil works also to disable the entire phone.
But you then can’t use your phone to record video, read documents and many other things you can use your phone for offline. Since there are multiple RF transmitters in your phone you would need a pull-out fuse for each.
Maybe a multi-pronged fuse, shaped like a comb, would work. Each prong intersecting with each circuit but since they are separated from one another, they wouldn’t short out other circuits.
The battery cases popular with the iPhone’s might be useful here if one could disable the internal battery. Many battery cases have a switch, or the case can simply be pulled off the phone.