I'm glad this title mentioned Bunnie, when the smartphone case was first announced most news outlets reported it as "a smartphone case that prevents spying by Edward Snowden and some hacker"
agreed. quite skeptical that snowden is anything other than a PR stunt for an otherwise interesting/useful project that requires hardware development expertise
I don't understand what kind of malware this is supposed to detect? This only seems relevant when you're using airplane mode, and why wouldn't malware just wait until you went back online before transmitting the data?
Let's say you're a journalist meeting with a source.
Let's say a certain three letter agency would like to listen to that conversation in real-time if they could.
Let's say the journalist thinks that by setting his phone to flight mode, the radio is off and he can't be maliciously tracked.
Let's say the three letter agency has various means to connect and listen in on phones in real time if it chooses.
This new smartphone case would then be able to confirm to the journalist that the phone is not sending/receiving radio signals.
Now, that might sound like a far-fetched scenario, but bear in mind that Snowden asked reporters meeting with him to put their phones in his fridge to prevent exactly that scenario from playing out.
It is therefore not surprising that he might play a part in developing a case like this.
So we assume that an adversary has dropped some malware that can silently enable the radio, activate the microphone, encode the audio stream and transmit it in real-time - and they want to avoid detection by this case.
Well, all they need to do is modify the malware to record the audio to a file and transmit it when the radio is next switched on, perhaps interleaving it with normal radio activity.
That was my immediate thought, if they have access to your phone at that level recording (voice, packets, gps co-ords) to a file then sending it once it has signal would be trivial. It would provide a misguided level of confidence in their security which could lead to exactly the consequences trying to be avoided.
Got a secret meeting? Don't take your bloody phone.
It has been confirmed that some mobile basebands are, in fact, remotely controllable even when a device is apparently off. It isn't a far-fetched scenario.
In this case it was a Motorola device on an iDEN network, probably using a Freescale baseband. But it is likely that most major vendors were persuaded to include similar capabilities and that network providers cooperate in providing special signaling to control these capabilities.
I can't argue with that: if I had to choose between the two, I'd rather be stabbed by the non-dominant hand. Obviously not being stabbed at all is a much better choice (when available).
I guess. For the kinds of clients who would want this device, this would just be like making it so that you're only a little bit pregnant. You either prevent the eavesdropping or you don't. The only safe tactic is not bring the device anywhere you don't want to be tracked or recorded. Or to technologically prevent it from operating somehow in a way that doesn't rely on verification -- such as taking the battery out, if you can, or putting it in a verified faraday cage that you keep in a soundproof box if you can't. And if you're the kind of person with a life so interesting they need to worry about about phone implants, maybe take battery removability into consideration when you buy the device.
Baseband processors in all mobiles have direct access to the microphone and it is fairly trivial to access remotely. Comes as standard on all stingray devices available to any and all perverts willing to use it.
Only Samsung devices have been shown to give the baseband processor backdoor access to device storage.
Afaik.
This also detects when the GPS is used. If the phone has GPS and cell radio (for reception and transmission) disabled, it's a lot harder for any malware to figure out its location (not impossible -- there is some research about identifying locations in a metro network using an accelerometer alone).
While it's easy to prevent the phone from recording your conversation (just place it somewhere out of earshot, maybe next to a noise source for the duration of the conversation alone), it's much harder to prevent it from learning where you're going (if you're taking it with you).
Because you can't take the fridge with you on a false trail, place the phone inside at some point before deviating to the true meeting point, and then pull it back out again once the meeting has been completed and sufficient distance has been traveled.
Even some sort of electromagnetic shielding case or bag wouldn't be as convenient (so more likely to be used) or informative.
Yeah. Or have a little metal case with you into which you put your device. Or buy a roll of aluminum foil and just wrap the phone inside it (just spelling this out makes me feel like a conspiracy theory nutter). So many cheap options...
There are fairly cheap little faraday cage forensic bags that LEOs often purchase in bulk. Power off phone, slip phone in, it's not transmitting any more.
They're trying to build something that can detect when GPS is on, to protect against phones secretly recording their owners' locations even while in airplane mode.
If it were me, though, I'd just drop the phone into a potato-chip bag.
Those look remarkably like some anti-static bags that we bought by the thousands in China for less than a dollar a piece. I'll check on Tuesday and post back here.
I just spent a week in the Shenzhen Huaqiang Bei electronic malls and I couldn't agree with you more about the pricing. You can do so much better being there physically and negotiating the hell out of things.
As all things we buy on the internet, if it seems to be too good to be true... Hence my comment about independent testing/review of such products.
However the concept of Faraday Cages is not new. There are vendors catering to the Law Enforcement market that make these bags to prevent tampering of evidence on confiscated devices.
You just have to find the right ones. I was just showing examples of such products available online.
The potato chip bag option would have plausible deniability. I would go for a whole lunch bag with sandwich in genuine tin foil as mylar film doesn't seem that thick to me.
Plausible deniability is really important if one expects to be frisked. Traveling in something like cycling gear could be part of the disguise, you can go through special gates at train stations and not be ticket inspected by machine. Nobody expects the guy in fluorescent clothing travelling at 15 mph.
"For the iPhone, there are four different radio interfaces that could potentially be used for malicious purposes: the cellular modem, Wi-Fi, GPS, and NFC"
Well, GPS only receives... so how is it going to detect that?
Possibly the idea is to prevent malware already on the phone from logging location data while the radios are dark, and then uploading the historical location data when the phone reconnects?
That said, it's obviously a very limited form of protection. I guess it speaks to the sad state of mobile security that this is the best Snowden and Bunnie can come up with - the only sane choice for a potential target is to assume the mobile device is untrusted and try to reduce the scope for it to snitch on the user.
In the the linked article, it states they intend to attach signal probes to test points on the iPhone mainboard to read when certain interfaces are active.
I assume similar to the way radar detector-detectors work. Superheterodyne receivers mix incoming RF with an internal signal to make a much lower intermediate signal they can tune to. The device will leak some of the internal signal and you can detect it.
Articles like this make me wonder how journalists were able to do their jobs before the ubiquity of cellphones.
Here's an analogy to what's happening:
Since you're a high value journalist, a state actor has helpfully assigned an FBI-type agent as your minder. And now you're debating whether you should put a blindfold and earplugs on your minder before attending an important meeting with him in tow. Or, alternately, you're debating on whether you should add a gag to him to keep him from reporting back to his superiors.
But, the minder is resourceful. He has trained for the possibility of a blindfold. So he might remove it at opportune times and take a peek at what's happening. Or, when gagged, he is prepared to report back by tapping out a message with his fingers, using Morse code.
In short, I think it's a Sisyphean struggle to try to keep the minder from reporting back. Instead, just leave the minder elsewhere, far away from important discussions.
There is no way a few amateurs with soldering irons will be able to successfully and continually thwart state actors. Don't play their game!
Iridium handheld phones are already recognized by certain countries' customs for a similar purpose, they don't want journalists to have phone call and SMS access outside of the country using a system/network entirely outside of their domestic telecoms' control. For example when reporting on internal crackdowns on dissent, political opposition, etc.
Nothing a bit of camouflage cannot fix. If these cases start looking like regular ones, what are they going to do, ban all phone cases from entering the country...?
Better hope that the factory manufacturing this device, and the technicians installing it within the phone, are trustworthy enough not to leave their own backdoors.
A supposedly trusted device that taps into the hardware buses by design is an excellent target for malfeasance.
So it's a sort of hardware-based Little Snitch without the ability to block connections. Neat. Perhaps a useful tool for the security-minded but not a true safeguard. Remote code execution exploits are very real. All an attacker needs to do is modify your network configuration (DNS, proxy, hosts file, etc.) to disguise network traffic over a specific address that looks real enough so as to not warrant suspicion. This exploit could also be designed to sit idly while the device is in airplane mode, avoiding the case's primary detection feature.
