Nosey Smurf - Smartphone users can do "very little" to stop security services getting "total control"

Edward Snowden interview: ‘Smartphones can be taken over’

[quote]Smartphone users can do “very little” to stop security services getting “total control” over their devices…

Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.

“Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing,” he said.

"Nosey Smurf is the ‘hot mic’ tool. For example if it’s in your pocket, [GCHQ] can turn the microphone on and listen to everything that’s going on around you - even if your phone is switched off because they’ve got the other tools for turning it on.

“Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.”
[/quote]

Perhaps users of older less smart phones not so daft after all…

Apps are only safe relative to their platform?.. I guess in any case the push back against their overreach is important but users perhaps need to consider the limits of what is possible against aggressive intrusion and what privacy is practical relative to the hardware and OS. The advantage is always with the aggressor?

We can’t solve every problem by day 1.

Fixing the entire internet is the first step lol

3 Likes

So at what stage do they infect them? Is it baked in mobile OS’es? Firmware? Or is it simply widespread malware?

1 Like

As usual there are probably multiple vulnerabilities, but I think its actually the network operator’s firmware which is a particularly (operating system and rooted phone) independent weak point. Hence sending a text message being able to re-write this firmware and give sub-OS level control to the attacker. That’s a guess.

1 Like

Resistance is futile…

2 Likes

I wonder if this would be the case if we had the Blackphone and the BlackphoneOS running on the SAFE Network. What if you could only install an app, if you had something like touchID, but the biometric on the SAFE Network, in the users possession?

Poor @janitor have you also become a ‘sigh’ borg?

2 Likes

I suspect that until we can get around ISP’s and phone companies (with cellular masts and imei recondition etc.) we will suffer. We need Open hardware, OSS Operating Systems and of course SAFE type networks that overlay physical connections (like MAC addresses locally and IP addresses globally).

We are not too far away from bypassing much of this, we need to remember always that progress is exponential and these issues will go away no matter how hard the incumbents try and stop it.

11 Likes

We’re dealing with an opponent with practically unlimited resources.
Perhaps that does matter, I’ve been thinking recently.

It’s a freaking shock and awe campaign. It seems the only way to stay safe is to not go online.

1 Like

Okay here’s a couple thoughts. If your phone can read what you type and you log into SAFE from your phone does this not compromise your SAFE credentials? Credentials > phone > gov’t snooping on phone > gov’t now has SAFE credentials and your whole life on SAFE.

2 Likes

If I’ve learned anything working with computers, it’s “limit the points of vulnerability”. Like @dirvine said, progress is exponential. But it’s also incremental. This network will be a good starting point.

1 Like

Of course it does, hence the constant discussion about “safe hardware” and out-of-band authentication.

1 Like

Something like trezor can fix this issue. Login credentials never hit the hardware.

They have access, but what they can collect, and what they can store are still limited both technically and legally. This was always true - those with the resources could always watch every move you made, the difference is that much more can be done in bulk due to the technology and how we’ve been using it.

What SAFE and other privacy tech do, is shift the technical capability balance back a bit at a time - making bulk collection and bulk surveillance expensive again.

Similarly, Snowden and similar whistle-blowers make these same things politically and legally more difficult.

Targeted surveillance will never stop: I could stalk you 24x7 without you knowing, but I don’t because I’d rather do other things with my time/resources. It’s the same issue here, we can only make them have to make the sesame kind of choice.

4 Likes