Catalog of Police Surveillance Equipment

The Intercept has "a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies." Lot of detailed information about Stingrays and similar equipment.

Posted on December 17, 2015 at 12:06 PM • 18 Comments

Comments

NiceDecember 17, 2015 4:53 PM

Defense contractors literally profiting off of our lack of privacy.

The wars are winding down so they had to do something else to protect their revenue streams, right? That and fly spy planes over Baltimore?

P/KDecember 17, 2015 6:11 PM

The catalogue also contains a number of DRT devices, which are similar to Stingrays, but made by a company called Digital Receiver Technology or DRT (Stingray is made by Harris).

NSA also uses these DRT devices for their tactical SIGINT collection in war zones abroad, and as such they were also mentioned in some Snowden-documents, notably the BoundlessInformant charts with the collection shared by European partner agencies. I wrote about this 2 years ago:
http://electrospaces.blogspot.com/2013/11/drtbox-and-drt-surveillance-systems.html

US Police StateDecember 17, 2015 9:50 PM

“You can't have 100-percent security and also have 100-percent privacy." - Obama

Well Obozo, right now we have ZERO privacy in the militarized "Homeland" ("Heimat") - a term which is itself a creepy and sentimental patriotic propaganda term. And given the regularity with which any nutjob can get military gear to take out their frustrations on a soft target, we also have ZERO security.

The government can dispense with any pretense that a careful 'balance' is being sought between privacy and security.

It is clear that the MIC will continue to shift tools traditionally used in war zones into the domestic arena (if they haven't all come across already) in response to any brown person undertaking a violent action in the Heitmat.

Orwell nailed it:

"The war is not meant to be won, it is meant to be continuous. Hierarchical society is only possible on the basis of poverty and ignorance. This new version is the past and no different past can ever have existed. In principle the war effort is always planned to keep society on the brink of starvation. The war is waged by the ruling group against its own subjects and its object is not the victory over either Eurasia or East Asia, but to keep the very structure of society intact."

Thus, we can conclude the faux war on terror will never be won, and the ignorance / fear of the bovine US population will keep the MIC well-fed whilst civil society is starved to death. Witness the recent US Republican debate as confirmation of this fact: "Security... blah blah blah.... Syria blah blah blah... San Bernadino .... blah blah blah ... keeping Americans safe at Christmas time ... blah blah blah". Nausea-inducing stuff.

Like the handful of deaths associated with religious extremism since 9/11 are the greatest concerns facing the nation. Please.

The greatest threats facing the nation are: the shredding of the Constitution / Bill of Rights, the deep state, wealth / income inequality, crumbling infrastructure, militarized police all too willing to shoot and ask questions later, lack of access to health care / housing / affordable education, crumbling infrastructure, mass incarceration of the masses on pissy charges (often minor drug possession), an untouchable bankster-led financial elite / criminal cartel, racism / general zenophobia encouraged by ignorant fools like Donald Chump, the merger of corporate & government interests (classic fascist trait), a 'free press' playing handmaiden to the political psychopaths, and the willingness of the political elite to keep playing "America, fuck yeah" in the global arena by bombing brown people to multiple our enemies - providing a further pretext for enlarging the MIC.

Only the complete and utter collapse of US hegemony and bankruptcy of the empire via continual war (which is well on its way) will end the disease that is "American exceptionalism" - a phrase that is in itself a laughable concept when faced with cold hard facts.

In the meantime, any terrorist with half a brain will not use computers, cell phones, email, sms, or any other tools that leave digital trails. So while the cyber scum play with their latest fascist tools and fail to do the hard yards associated with traditional intel gathering, the real threats will continue to fly under the radar.

Well done America. Give yourself a turkey slap. You have earned it.

65535December 18, 2015 12:02 AM

@ US Police State

“Well Obozo, right now we have ZERO privacy in the militarized "Homeland" ("Heimat")…”

I agree.

I regret helping this con artist of "President" into office with his promises of reversing Bush’s spying. Obama has done the opposite. He has greatly increased spying - both on his donors and other citizens.

@ Nice

“Defense contractors literally profiting off of our lack of privacy.”

How true. The government a created a one-way mirror with which to spy upon its citizens yet the citizens cannot examine the government.

“…large corporations like Boeing and Harris, which clocked more than $2.6 billion in federal contracts last year.” –The intercept

https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/

These defense contractors have turned their military weapon upon the average US citizen.

I am sure there are a number of privacy advocates and their lawyers who have had their phone conversations spied upon. This is destructive and must stop this instant.

The secrecy of this phone spying business stinks to high heaven.

“…Harris sought a license from the Federal Communications Commission to widely sell its devices to local law enforcement, and police flooded the FCC with letters of support. “The text of every letter was the same. The only difference was the law enforcement logo at the top,” said Chris Soghoian…” The Intercept

That is a dirty job of “AstroTurfing” by police agencies. And, who in the FCC allowed that AstroTurfing of the FCC to happen?

“…the U.S. has expanded its funding to provide military hardware to state and local law enforcement agencies via grants awarded by the Department of Homeland Security and the Justice Department. There’s been a similar pattern with Stingray-like devices. “The same grant programs that paid for local law enforcement agencies across the country to buy armored personnel carriers and drones have paid for Stingrays,” said Soghoian. “Like drones, license plate readers, and biometric scanners, the Stingrays are yet another surveillance technology created by defense contractors for the military, and after years of use in war zones, it eventually trickles down to local and state agencies, paid for with DOJ and DHS money [that should read Tax Payer’s money –ed].” – The intercept.

Also, what right does getting money from the Harris Corporation trump the rules evidence procedures in the US courtrooms?

“…the Department of Homeland Security in October do not require warrants for operations on the U.S. border, nor do the warrant requirements apply to state and local officials who purchased their Stingrays through grants from the federal government…“- The Intercept

Further, how does a civilian police contract trump the rights of the accused to see all of the evidence against him/her in court?

“…capabilities of the devices are kept under lock and key — a secrecy that hearkens back to their military origins. When state or local police purchase the cell-site simulators, they are routinely required to sign non-disclosure agreements with the FBI that they may not reveal the “existence of and the capabilities provided by” the surveillance devices, or share “any information” about the equipment with the public…” –The Intercept

This “Secrecy” from lawyers and judges stinks like a overflowing toilet. How did “Nation Security” go from monitoring the Russians to low level vice crime? This is clearly an abuse of power by those who currently wield it.


rgaffDecember 18, 2015 3:06 AM

@US Police State, and Obama:

The only reason you can't have 100% of security and 100% privacy, is because you simply can't ever get ANYTHING to 100%.... not because dropping one raises the other. In fact, they are not opposites, they work together. You increase security by increasing privacy! You decrease security by decreasing privacy!

What do you think we really need security from? Things that are less likely to happen than getting struck by lightning MULTIPLE TIMES??? Or do we perhaps need security from an overzealous police state that threatens to haul anyone off simply for dissenting or whistleblowing? Do you see how security and privacy work together now? The government itself is a FAR FAR BIGGER THREAT than any terrorism. They are the ones we need protection from. Oh, hey! There was that thing called The Constitution invented that was supposed to do that, why did we do away with it with travesties of justice like CISA, and disallow constitutional challenges in court to any government wrongdoing by claiming "National Security" privilege for everything?

WinterDecember 18, 2015 6:17 AM

I am not sure whether this belongs here, but it is "remarkable". Mainly because it is now published:


“Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic
Backdoor in NetScreen firewalls gives attackers admin access, VPN decrypt ability.


http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/


As involved as that process was, getting unauthorized code covertly installed into an official operating system and keeping it there for years would appear to be an even more complicated—and brazen—undertaking. This 2013 article published by Der Spiegel reported that an NSA operation known as FEEDTHROUGH worked against Juniper firewalls and gave the agency persistent backdoor access.


"This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers," the article reported. "Thanks to FEEDTROUGH, these implants can, by design, even survive 'across reboots and software upgrades.' In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH 'has been deployed on many target platforms.'"

CallMeLateForSupperDecember 18, 2015 7:10 AM

I read the article yesterday but somehow missed the catalog itself, so thanks, Bruce.

@Nice
"The wars are winding down so they had to do something else to protect their revenue streams, right?"

War is not, in fact, winding down, and U.S. aircraft/missle/bomb/bullet conpanies that have contracts with various governments are doing quite nicely. Foe example, Saudi's on-going air campaign against targets in Yement has them spending big on U.S. bombs and U.S. missles and U.S. parts for their U.S. fighters.

As long as there are boys, there will be companies that dream up and sell expensive, deadly toys.

CallMeLateForSupperDecember 18, 2015 7:42 AM

THe article notes an important but non-obvious reason why it is hard to know how many of these cellphone diddlers are deployed in the U.S.: local LEAs are not required to account for purchases paid for with funds acquired through either federal grant or asset forfeiture

Civil assect forfeiture is a dirty little secret that needs to be dragged into the light, disinfected and made right.
https://en.wikipedia.org/wiki/Asset_forfeiture

SteveDecember 18, 2015 8:33 AM

Sorry to be such a noob, but: Is there some trick to seeing articles on The Intercept? Clicking on the links just takes me to a "home" page, and none of the links on that page appear to do anything.

ianfDecember 18, 2015 9:10 AM


If clicking on textual links like this one https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/ takes you to the homepage, then something in your browser redirects it there for some reason, could be a residue of some extension you perhaos tried, then removed (that's why I gave up OSX Firefox, a kitchen sink, but too many conflicts/ crashes). Try another browser from another device (& still the same router) to see what happens. FTR. the above URL resolves nicely on an iPhone 4 on iOS6.

SaveItForFoxDecember 18, 2015 10:39 AM

@US Police State

While your statements may be a bit based in fact, please save your rambling hyperbolic rants for the comment sections of CNN or Fox or MSNBC. Bruce's blog is for pragmatic, fact-based discussions of security issues.

TõnisDecember 18, 2015 11:34 AM

@US Police State, I myself appreciate your remarks. I'll take them one step further and say that this whole "good guys" vs. "bad guys" stuff is nonsense. As far as I'm concerned, they're all bad guys, starting with the shameful governments spying on their own citizens.

@Reader, as for BlackBerry CEO Chen's recent remarks, I'll add that though Chen seems to contradict himself, as I read between the lines in his statement re apple and encryption, what he seems to be saying is that encryption shouldn't be on by default a la Apple. He says more than once that the user can elect to place his data beyond the reach of government: "Users can install applications with encryption that precludes lawful access," and, "Ultimately, users have the right and responsibility to choose privacy with or without the potential for lawful oversight." To me this means that BlackBerry's position is that the user can elect whether or not to turn on "the app," encryption. If a user elects not to enable encryption then, of course, tech companies can (are able to) help police. Chen also repeats what BlackBerry has said before, that BlackBerry does not install back doors. So, there is nothing new here that shows that BlackBerry is compromised.

Why this clumsy statement from Chen? I think it's a bit of grandstanding, some theater, a chance to slam Apple while making BlackBerry appear "ethical," as one of the aforementioned "good guys."

ThothDecember 18, 2015 6:08 PM

@Tõnis
I wonder if John Chen shot himself in the foot by naking that blog. Grand standing where people's opinion matters is something not to be taken likely and who knows if he did it wisely. He is kind of implying "With the Govt" or "Against the Govt" which Apple is in the perception of "Against the Govt" by protecting personal privacy regardless if Apple products do actually have any effect on personal privacy. John Chen postures himself "With the Govt" probably in a bid to attract Govt deals at the expanse of being "Personal Privacy" orientated. John Chen's stance might play well with 5Eyes Govt customers but the revenue it once made from the general populace that once made Blackberry popular is no more.

I wonder if he took into consideration the fact that most people dont go for Blackberry anymore and the only option is to attract 5Eyes Govt customers and thus posture itself to be friendly to Govt and be sympathetic to them (with backdoors).

I wonder if the reason his recent business plans are to move away from consumer business and moving to Govt Contractor orientated field since the consumer side few are using Blackberries these days due to all the scandals it has its hands inside and how slow it is to modernise itself.

Maybe John Chen is dropping the bombshell hinting "hey we have backdoors already" in a bid to close the consumer business side so it can fully dedicate its resource to supposedly more profitable Govt Contract businesses ?

Angela Merkel is known to be a fan for Blackberries as its "secure to Confidential level" to the German Govt or maybe rated even higher clearance with the Secusmart HSM microSD card inserted. All the cries of German Govt (especially Merkel) being backdoored by NSA... I wonder what is the likelihood Blackberry helped the US Warhawks in spying on Angela Merkel partly by her reliance on her favourtie personal Blackberry by making a hand shake with Blacberry/RIM. Not to forget Blackberry may get to profit from Obamaphone with contracts from him ?

ThothDecember 18, 2015 10:33 PM

Looking at the catalog, the manufacturers are all Defense Industry contractors that are used to making Defense Technology and now they have placed Defense-based technology into civilian agency equipment.

If you think along the line of military COMINT (Communication Intelligence), those equipment uses military COMINT technology in a civilian setting. Some of them are limited by GSM bands and some of them are multi-protocol which means it has a DSP chip(s) that would allow it to intercept almost any signal (imagine Signal Corps or Intel units using COMINT tools to intercept enemy radio comms) with a versatile setup that is not restricted to a single protocol (like strictly GSM, WiFi ...etc...).

Not only are the Military-Industrial complex interested in war mongering, but are interested in arming civilian agencies and turning them into another breed of "war mongering" agencies that operates out of their civilian operational scope inching closer to be military-capable. It is as good as equipping police departments with Armoured Fighting Vehicles and M1 Abrams Tanks to patrol the streets of Washington and New York with full military load out paramilitary police troopers with machine guns in the middle of town or city.

If you deploy your own ham radio or a mesh network over ham radio or maybe a WiFi mesh network or BLE/Bluetooth/NFC or some kind of RF and it has a sort of signal signature, it will be able to pick up and if the messages are unencrypted, it would become obvious.

Now that military-based technology have crept into civilian space and the wide deployment of military-like strategy in the civilian space, the only defense for civilian space is military-like defense (MSA and HSA protective profile technology) which the only working demo of a HSA resistant profile is the TFC deployment.

COMSEC Tactics that can be used are:
- Band hopping
- Continuous stream cipher security
- Side channel resistant implementations
- Secure and Jam resistant Broadcast Comms (with Band hopping)
- Probabilistic protocols (remove tell-tale signs of a fix protocol i.e. headers and signal flags)
- Red/Black separation
- Other high assurance setup.

What we can achieve in our current civilian technology:
- Protocol that supports continuous HTTPS stream (with Chacha cipher) sending and receiving both bogus and genuine messages at a fixed timed transmission frequency so as not to spam the channel and to be very uniform to make real and false messages hard to tell.
- Using HTTPS as the exterior tunnel instead of special protocol is because HTTPS is now a common sight and hard to block.
- Do not use specialized port for the exterior HTTPS tunnel as well.
- If specialized ports are to be used, use virtual ports with a specialized protocol wrapped by the exterior HTTPS tunnel.
- Separation between HTTPS-based black side with the red side being a broadcast or receive only device and connected only during transmission or reception of actual messages from a secured cache by the HTTPS black side web server.

There are many other high assurance techniques but those are just the few on the top of my mind for now.

TõnisDecember 19, 2015 4:08 PM

@Thoth, Merkel was on another device when the spying happened, and she only switched to BlackBerry (hardened with the SecuSmart chip) after the spying was revealed. I'm a hardcore BlackBerry fan (I'm on BlackBerry 10), but I can only theorize as to how secure BlackBerry may be. There are too many variables, as with the mystery arounds TrueCrypt. I'll present my thought process on security of data at rest on a BlackBerry starting from there.

Like TrueCrypt, BlackBerry is either completely secure or completely compromised. In my opinion, if it's compromised, it's at such a high level (Five Eyes level) where its (in)security is unlikely to be revealed by spooks for anything a normal person could possibly do, any kind of crime up to and including the level of murder. [Analogy: "Not even the FBI can crack TrueCrypt!" (as was exemplified in a case against a Brazilian banker).]

I've used BlackBerry since OS 4 and since those days have not read of an instance where police or a forensics lab has been able to circumvent a locked BlackBerry's password using a plug-in UFED device like the ones made by Cellebrite. As far as I know and can remember, accessing a locked BlackBerry's data at rest has been limited to the chip-off method. Assuming the examiner completes a chipoff without destroying the device or data, he would still have to crack the encryption in an offline attack if encryption is turned on. Instances of police and forensics examiners circumventing locked iPhone and Android phone passwords and accessing all device data using plug-in UFED equipment are numerous. This tells me that BlackBerry's implementation of security, passwords and encryption has been better than iOS and Android os phones for a long time.

Prior to BlackBerry 10, when setting up encryption on a BlackBerry, one of the steps was generating a key. After setting a password, as with moving the mouse when generating a TrueCrypt key, the BlackBerry os user would next be prompted to move the mouse randomly (the longer the better) to generate the key. I always thought this was pretty good: true, on the spot user generated randomness. I noticed this step was missing on BlackBerry 10 and inquired about it. I received a reply which stated, "You are correct in saying that the method by which the encryption key is generated differs from previous devices running BlackBerry OS 7.1 and earlier. On BlackBerry 10 devices, the key is generated at installation time by cryptographically sound PRNG. We do not retain the key (it remains on the device – we have no access to it) and we do not share the key with any third parties. The key is stored in non-volatile memory that has been designed to be accessible to the system only. The board and the component enclosures are designed to make physically accessing these ICs problematic and destruction of the data is much more likely than retrieval. We believe that we offer a good level of security for data at rest and our BlackBerry 10 solution has been validated by multiple third parties and was FIPS certified before launch." I was also informed that encryption strength has no relation to password on BlackBerry 10. Whether this new key implementation is better or worse I don't know; it's a variable.

Taking into consideration the numerous past iOS and Android os vulnerabilities and the few BlackBerry os vulnerabilities that have come to light (I can think of only two), I conclude that a properly configured BlackBerry's data at rest is more secure than data stored on an iPhone or android os phone. I have no idea about the security of BlackBerry's new Android phone, the Priv, but I'm not a fan of an os put out by a company, Google, whose entire business model is built around spying on its users. And whether or not security on iOS and Android based phones has caught up I don't know, but how good can Apple's super-duper not even Cupertino can crack encryption really be if the user's device is locked with a four character PIN? Yes, I realize an iPhone user can set a longer, stronger password, but are they doing it? Is the implementation secure or is an iPhone's encryption tied to its four character PIN? Are there vulnerabilities like the ones that pop up on Youtube every now and then where someone demonstrates how to get around the lock screen on an iPhone with a few unusual steps performed in some order or with voice control? Considering Apple's and android based phones' past security record, I can speculate that their security is probably not close to that of a properly configured BlackBerry.

I think much of what we're seeing lately and what we've seen in the past five years is theater. I'll wax conspiratorial.

BlackBerry smarthpone operating systems (or even those of other platforms) aren't first and foremost in consumers' minds, and it didn't take long for most consumers to move on to iOS, Android, and Windows phones when they saw what those phones could do (and when those phones started becoming hyped up). So, why the intense, long-running hatred spewed by tech sites and the mainstream media directed toward BlackBerry? Yes, BlackBerry lost consumer love when it fell behind in phone capabilities (browser, apps, etc.), but it has always excelled in communications and security. [BlackBerry 10 has caught up with and in my opinion now excels with its Browser, but consumers want apps that BlackBerry supposedly doesn't have. (I myself don't care for apps; my priorities are the security of my data at rest, instant messaging, and voice/video calls.)] I think in the past five years hating BlackBerry went beyond being fashionable and stood to benefit several interests:

1. Wall Street stock-manipulating short-seller types who would scrap anything good for a quick profit; and

2. Five Eyes global surveillance governments that don't want to kill off the only truly secure option for themselves, but want to kill it off in a practical sense for consumers.

Who spreads the intense BlackBerry hate? Tech and mainstream media sites who likely are one, some, or all of the following: Apple/Google/Microsoft investors, owned by (in the pocket of)Apple/Google/Microsoft, Prism participants.

I could go on and on. I've heard all the arguments and counter arguments every which way. Take BYOD in corporate and government workplaces. "Government itself is moving away from BlackBerry and adopting iPhones!" O-kay! Maybe federal janitors are on iPhones, but where it matters there is BlackBerry. And now, BlackBerry's BES can securely manage other platforms' phones also. Then, there's "BlackBerry is bankrupt!" Really?!? That's ridiculous, a complete lie. For five years it's been "BlackBerry will be out of business in three years!"

With the level of scheming, sophistication, and breach of trust exposed by Snowden, who's to say that it's not all theater, that the companies and government(s) don't sit down together and say, "Okay, for the next few years we'll hype this one and hate that one, and then we'll alternate for the next years," as they move along according to some master plan. I myself hope BlackBerry remains supported and accessible to me as individual. To this day, I don't think any police up to state police department levels (possibly even the FBI) could gain meaningful access to the encrypted data at rest on my password locked BlackBerry. And if it were possible for BlackBerry itself to somehow get meaningful access to that data, it's one of the best kept secrets in the world and unlikely to become known to me or anyone else even if I were on trial for murder. That's pretty secure in the practical sense. For Apple and Google, not so sure. Off-the-cuff prediction: as more people are on "secure" iPhones and "secure" Android phones, little vulnerabilities will come to light allowing evidence stored on those phones to be accessible and used against them.

An interesting aside along these lines:

I watched the Aaron Hernandez murder trial. The prosecutor had the defendant's unlocked, unencrypted phone -- it happened to be a BlackBerry Z10 -- and was going through a tedious process of matching texts that were on the phone with carrier records. The carrier's rep, its "custodian of records," was on the stand. Some texts were missing/deleted from the phone, and the prosecutor asked the rep if the carrier had the content of those texts. His answer was no, that it would be too voluminous to store the content of all texts. Really?!? With all the "free" (somehow subsidized) server space out there for Prism-tracking us the carrier doesn't have the content of texts that might be needed in a murder investigation? Is it true or did the carrier rep lie? Maybe someone else has the content of the texts. And the police/prosecution didn't even bring the phone to a forensic lab to try to recover the deleted texts? I wonder why? Too much work and/or not important enough? One thing is for sure, if those deleted texts are being archived by someone somewhere it's for some other purpose, because they weren't entered into evidence even in that murder trial.

ThothDecember 19, 2015 6:05 PM

@Tõnis
If the Govt wants a secure smartphone , the best option that has been rated os the General Dynamic's Secteria line which has NSA hands involve. Now there is a Boeing Black too but who knows how secure. Blackberry got to find a way to overthrow General Dynamic's Secteria which is certified to handle TS level of clearance but Blackberry... never heard of ut capable of TS and below clearance yet so I assume it is not TS and below capable. The down side of the TS capable Secteria developed with the help of NSA is the high cost of ownership and maintenance per piece like any Govt secure devices specifically made for their missions. The only advantage BB offers is lower cost at a lower security rating.

Regarding the chip used which Blackberry claims to be difficult to penetrate physically, the same claim happened to Smart Card and TPM industries where they claim their chips are secure and Ross Anderson et. al. came to show them they are wrong. Even a graduate student could make the Smart Card industry face red.

To my understandig the current BB10 uses a Qualcomm Snapdragon with ARM TrustZone and that chip is not tamper resistance which means it is weaker than a Smart Card chip with actual tamper resistance.

Do note that FIPS certification have many types and I am guessing they are talking about FIPS 140-2 which is Cryptographic Module certification. A 140-2 Level 1 is the lowest level and easiest to obtain as long as you apply Suite B algorithm. Level 2 requires you some form of hardening on the implementation and some form of basic tampering evident that can be circumvented with modest mean. Level 3 is another step up from the protection profile with more sophisticated tamper resistance and control of key export put of the module and Level 4 being the highest requires all the 3 levels plus sophisticated EMSEC measures usually reserved for Nation State protection or very high stake protection. I have no udea what type of chips of earlier than BB10 variants so I wont comment about the older ones but for BB10 you can search on GSM Arena website which tells you the processor being a Qualcomm Snapdragon, the highest FIPS 140 it can obtain would only be Level 2 which is as good as proving your Suite B is correctly implemented and some obsfucation but without a dedicated tamper resistant chip, it cannot go beuond Level 2. Mostly this level os given for software module for security.

If you are to compare between FBI and NSA, the more suitable attacker for BB implementations would be NSA due to it's much bigger resource and talent pool. Plugging the standard forensic tools available to LEAs are kind of pointless because ARM TrustZone security (Qualcomm's SEE implements the ARM TrustZone) uses hardware encryption and hardware keystore and the usual reading out of RAM and Flash storage is not going to cut (what most forensic LEAs do). If they are serious, they would ring up NSA to do the chip penetration to extract the necessary data like encryption keys and hardware protected PINs and biometrics that is if BB10 does use Qualcomms QSEE to store and encrypt these sensitive data inside the hardware chip. This is where pairing with a Secusmart comes in as that stuff provides tamper resistant in the form of a smart card chip.

The main thing about the recent row of John Chen is he is not being sensitive to the current time with his comments when Govt spying on citizens are becoming rampant and misusing and expanding such investigatory powers beyond what is acceptable to the citizens.

If the FBI really wants into an iPhone, BB10 or Samsung, they could just get the NSA to penetrate the chip but thst would also mean an avenue of exploit would be knoen to the public and quickly patched which makes it harder to get inside. It is simply a matter of exposing operational capabilites now and getting it patched by manufacturers or keeping a stockpile of attack vectors and only applying itnat the most dire needs. I think they are going for the later reasoing as exposing a attack vector just to solve a murder case would mean losing a one time cyberweapon which would get patched.

Now we know BB/RIM has a smaller market share in consumer side, together with it's current positioning, it seeems consumers are now a smaller sales target and due to the dominance of Apple and Samsung. What better than to reposition itself to be more favourable to the 5Eyes Govt and try to pitch itself as secure for Govt use and a cheaper alternative than Secteria phones.

ianfDecember 21, 2015 6:43 AM


@ Thoth says [large cut…] “Now that military-based technology has crept into civilian space and the wide deployment of military-like strategy in the civilian space, the only defense for civilian space is military-like defense (MSA and HSA protective profile technology)” […]

… which (strategy) falls short on its own impracticality, if not impossibility, for as long as we're not talking of some well organized and financed, practically underground (hence secret/ military-style) civilian movement. Without that, any spontaneously forming "leaf cells" of an opposition will find it much harder/ slower to contact one another, to form ever mightier branches needed to defeat encroaching despotism, electronic or otherwise.


COMSEC Tactics that can be used are: […]

    [plenty of pragmatic, yet by and large illusory technical scenarios cut due to their unavailability in turn-key/ off-the-shelf format]

What we can achieve in our current civilian technology: […]

CORRECTION: what could be achieved with current civilian technology provided the high-tech wheel needn't have to be reinvented in each and every case. By analogy, outside of offshore ship-based Radio Caroline and similar mid-60s pirate radio stations, the only grassroots' uses of existing outreach technologies contrary to the interests of a mighty police state (that are known to me) were the analog radio and occasional TV broadcasts of the banned Solidarity movement in mid-80s Poland, none of the endeavors anywhere near the complexity level sketched by Thoth, yet still stretching the envelope of the resources needed for their deployment.

There are many other high assurance techniques but those are just the few on the top of my mind for now.

I don't doubt it, but theoretical frameworks that never metastasize into practical, usable solutions to subvert, combat and deny that creeping weaponization of civilian space problem, are at best untested proofs of concepts.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.