The article linked to above, plus several other sources I've come across suggest you are incorrect. I don't pretend to understand it, but there is some technique that makes your phone into a remote listening device even when off. The article above says "[US District Judge Lewis] Kaplan's opinion said that the eavesdropping technique 'functioned whether the phone was powered on or off.'"
Also -- that's the whole point -- otherwise Snowden would just say "Please turn your phones off".
> The article linked to above, plus several other sources I've come across suggest you are incorrect.
They are wrong. Which is not unusual, news outlets get technical information wrong all the bloody time. Hell, they get things wrong more often than they get them right.
> I don't pretend to understand it, but there is some technique that makes your phone into a remote listening device even when off.
Nope.
> Also -- that's the whole point -- otherwise Snowden would just say "Please turn your phones off".
Snowden is a dramatic source, not an accurate one. I'm glad he blew the whistle because it brings the NSA into the media's focus, but technical accuracy is clearly not his strong suit.
This advice is wrong. Try turning off an older feature phone's regular operating system, and then plugging it in to charge. Many of them will immediately come alive with a "charging" indicator on the screen, even when supposedly powered off. This pre-boot mode is perfectly capable of turning on the mic and recording what's going on.
Combine this kind of thing with a database of phone remote expoits and it's easy for the NSA to "upgrade" your phone's software and turn it into a bug. This is what Snowden means when he talks about "poor endpoint security." It doesn't matter how secure your fancy encryption applications are when the phone itself can easily be hacked.
Sometimes they don't even have to remotely push software. There was a recent scandal about Carrier IQ, a system on smartphones (Android players and iPhone) that by default was recording every tap, every virtual key pressed, every incoming/outgoing SMS, and more. Anyone with the device connected to a PC could take the forensic log off the phone and see basically everything, even in the past. With per IP logging and billing on mobile plans, as Snowden's Verizon leaks showed, the NSA can just have your phone upload that log anytime they like, without a trace on your bill or data usage.
> This advice is wrong. Try turning off an older feature phone's regular operating system, and then plugging it in to charge. Many of them will immediately come alive with a "charging" indicator on the screen, even when supposedly powered off. This pre-boot mode is perfectly capable of turning on the mic and recording what's going on.
Smartphones do the same thing. But that's triggered by a hardware interrupt (you physically connecting power to an input). You CAN NOT do that remotely, as there must be power on the receiver to receive the signal in the first place.
Or here, let's simplify it. Power off your cell phone, then have someone call it. Does it ring? No, of course it doesn't. Your argument is that by changing the caller from your friend to the NSA that somehow the phone would now be able to react to that signal. Which is utterly idiotic.
I'd love to see a definitive source one way or the other... But your point seems to be "all sources are wrong" so I'm not sure what to do with that. I certainly have no reason to believe some guy on hackernews (i.e., you) more than the findings of a federal judge and his staff. So, at this point, I have something like "accepted opinion" and "doubt" -- i.e., unless you can cite or explain something.
In this case, the ideal source would explain why this is so frequently misreported, not simply assert that it is always misreported. Also, it would explain why it was an impossibility.
Definitive source is easy as shit - power off your phone, then see if it's drawing any power from the battery. If it's not, then it can't be remotely activated. Period, end of story. That's just flat out not possible. If we had the technology to receive wireless signals without using any power our cell phones would have batteries that last for weeks instead of a day.
Again, a $20 multimeter wouldn't measure shit with a draw that small. And there are devices which use GSM radios for communication and last half a year on a 9V battery, for remote monitoring stations and such. So a virus implanted in a bootloader could very easily keep everything off and stay ready to spy. Your inability to accept this as a technical possibility is very childish.
There's a thing called a bootloader , and if something is implanted there the entire phone can be off, except for the radio "checking in" every few minutes or so. And you are very,very naive if you think you can measure a 0.1A draw using a $20 multimeter, good luck with that.
