Entries Tagged "cell phones"

Page 26 of 29

Remotely Eavesdropping on Cell Phone Microphones

I give a talk called “The Future of Privacy,” where I talk about current and future technological developments that erode our privacy. One of the things I talk about is auditory eavesdropping, and I hypothesize that a cell phone microphone could be turned on surreptitiously and remotely.

I never had any actual evidence one way or the other, but the technique has surfaced in an organized crime prosecution:

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the “roving bug” was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect’s cell phone.

Kaplan’s opinion said that the eavesdropping technique “functioned whether the phone was powered on or off.” Some handsets can’t be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

Seems that the technique is to download eavesdropping software into the phone:

The U.S. Commerce Department’s security office warns that “a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone.” An article in the Financial Times last year said mobile providers can “remotely install a piece of software on to any handset, without the owner’s knowledge, which will activate the microphone even when its owner is not making a call.”

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. “They can be remotely accessed and made to transmit room audio all the time,” he said. “You can do that without having physical access to the phone.”

[…]

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a “listening device placed in the cellular telephone.” That phrase could refer to software or hardware.

One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

“They had to have physical possession of the phone to do it,” Porteous said. “There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by.”

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere “within the United States”—in other words, outside the range of a nearby FBI agent armed with a radio receiver.

In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner’s affidavit seeking a court order lists Ardito’s phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted.

A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activation method. “A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug,” the article said, “enabling them to be activated at a later date to pick up sounds even when the receiver is down.”

For its part, Nextel said through spokesman Travis Sowders: “We’re not aware of this investigation, and we weren’t asked to participate.”

EDITED TO ADD (12/12): Another article.

Posted on December 5, 2006 at 6:29 AM

Screaming Cell Phones

Cell phone security:

Does it pay to scream if your cell phone is stolen? Synchronica, a mobile device management company, thinks so. If you use the company’s Mobile Manager service and your handset is stolen, the company, once contacted, will remotely lockdown your phone, erase all its data and trigger it to emit a blood-curdling scream to scare the bejesus out of the thief.

The general category of this sort of security countermeasure is “benefit denial.” It’s like those dye tags on expensive clothing; if you shoplift the clothing and try to remove the tag, dye spills all over the clothes and makes them unwearable. The effectiveness of this kind of thing relies on the thief knowing that the security measure is there, or is reasonably likely to be there. It’s an effective shoplifting deterrent; my guess is that it will be less effective against cell phone thieves.

Remotely erasing data on stolen cell phones is a good idea regardless, though. And since cell phones are far more often lost than stolen, how about the phone calmly announcing that it is lost and it would like to be returned to its owner?

Posted on September 21, 2006 at 12:12 PMView Comments

Recovering Data from Cell Phones

People sell, give away, and throw away their cell phones without even thinking about the data still on them:

A company, Trust Digital of McLean, Virginia, bought 10 different phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems.

Curious software experts at Trust Digital resurrected information on nearly all the used phones, including the racy exchanges between guarded lovers.

The other phones contained:

  • One company’s plans to win a multimillion-dollar federal transportation contract.
  • E-mails about another firm’s $50,000 payment for a software license.
  • Bank accounts and passwords.
  • Details of prescriptions and receipts for one worker’s utility payments.

The recovered information was equal to 27,000 pages—a stack of printouts 8 feet high.

“We found just a mountain of personal and corporate data,” said Nick Magliato, Trust Digital’s chief executive.

In many cases, this was data that the owners erased.

A popular practice among sellers, resetting the phone, often means sensitive information appears to have been erased. But it can be resurrected using specialized yet inexpensive software found on the Internet.

More and more, our data is not really under our control. We store it on devices and third-party websites, or on our own computer. We try to erase it, but we really can’t. We try to control its dissemination, but it’s harder and harder.

Posted on September 5, 2006 at 9:38 AM

Bank Bans Cell Phones

Not because they’re annoying, but as a security measure:

Cell phones have been banned inside the five branches of the First National Bank in the Chicago area, to enhance security.

Even using a cell phone in the bank’s lobby may result in the person being asked to leave the premises.

“We ban cell phone use in the lobby because you don’t know what people are doing,” Ralph Oster, a senior vice president, told the Chicago Tribune. Cell phone cameras are also a worry.

Oster said there have been holdups in which bandits were on the phone with lookouts outside while committing bank robberies.

“You’re trying to stop that communication,” he says.

Banks in Mexico City banned call phones in May and Citizens Financial Bank of Munster, Ind., asks customers to turn off their cell phones.

West Suburban Bank, based in Lombard, Ill., barred customers wearing hats in January but has not moved to silence cell phones.

This is just plain dumb. It’s easy to get around the ban: a Bluetooth earpiece is inconspicuous enough. Or a couple of earbuds that look like an iPod. Or an SMS device. It only has to work at the beginning. After all, once you start actually robbing the bank, a ban isn’t going to deter you from using your cell phone.

Posted on August 4, 2006 at 3:11 PMView Comments

A Minor Security Lesson from Mumbai Terrorist Bombings

Two quotes:

Authorities had also severely limited the cellular network for fear it could be used to trigger more attacks.

And:

Some of the injured were seen frantically dialing their cell phones. The mobile phone network collapsed adding to the sense of panic.

(Note: The story was changed online, and the second quote was deleted.)

Cell phones are useful to terrorists, but they’re more useful to the rest of us.

Posted on July 13, 2006 at 1:20 PMView Comments

Greek Wiretapping Scandal: Perpetrators' Names

According to The Guardian:

Five senior Vodafone technicians have been accused of being the operational masterminds of an elaborate eavesdropping scandal enveloping the mobile phone giant’s Greek subsidiary.

The employees, named in a report released last week by Greece’s independent telecoms watchdog, ADAE, allegedly installed spy software into Vodafone’s central systems.

Still no word on who the technicians were working for.

I’ve written about this scandal before: here, here, and most recently here.

Posted on July 10, 2006 at 1:28 PMView Comments

Cell Phone Security

No, it’s not what you think. This phone has a built-in Breathalyzer:

Here’s how it works: Users blow into a small spot on the phone, and if they’ve had too much to drink the phone issues a warning and shows a weaving car hitting traffic cones.

You can also configure the phone not to let you dial certain phone numbers if you’re drunk. Think ex-lovers.

Now that’s a security feature I can get behind.

Posted on July 5, 2006 at 2:45 PMView Comments

Getting a Personal Unlock Code for Your O2 Cell Phone

O2 is a UK cell phone network. The company gives you the option of setting up a PIN on your phone. The idea is that if someone steals your phone, they can’t make calls. If they type the PIN incorrectly three times, the phone is blocked. To deal with the problems of phone owners mistyping their PIN—or forgetting it—they can contact O2 and get a Personal Unlock Code (PUK). Presumably, the operator goes through some authentication steps to ensure that the person calling is actually the legitimate owner of the phone.

So far, so good.

But O2 has decided to automate the PUK process. Now anyone on the Internet can visit this website, type in a valid mobile telephone number, and get a valid PUK to reset the PIN—without any authentication whatsoever.

Oops.

EDITED TO ADD (7/4): A representitive from O2 sent me the following:

“Yes, it does seem there is a security risk by O2 supplying such a service, but in fact we believe this risk is very small. The risk is when a customer’s phone is lost or stolen. There are two scenarios in that event:

“Scenario 1 – The phone is powered off. A PIN number would be required at next power on. Although the PUK code will indeed allow you to reset the PIN, you need to know the telephone number of the SIM in order to get it – there is no way to determine the telephone number from the SIM or handset itself. Should the telephone number be known the risk is then same as scenario 2.

“Scenario 2 – The phone remains powered on: Here, the thief can use the phone in any case without having to acquire PUK.

“In both scenarios we have taken the view that the principle security measure is for the customer to report the loss/theft as quickly as possible, so that we can remotely disable both the SIM and also the handset (so that it cannot be used with any other SIM).”

Posted on July 3, 2006 at 2:26 PM

Priority Cell Phones for First Responders

Verizon has announced that is has activated the Access Overload Control (ACCOLC) system, allowing some cell phones to have priority access to the network, even when the network is overloaded.

If you are a first responder with a Verizon phone, please visit the government’s WPS Requestor to provide the necessary information to have your handset activated.

Sounds like you’re going to have to enter some sort of code into your handset. I wonder how long before someone hacks that system.

Posted on May 1, 2006 at 1:29 PMView Comments

1 24 25 26 27 28 29

Sidebar photo of Bruce Schneier by Joe MacInnis.