good luck hacking my phone. Its on vodaphone and cant get a signal most of the time :(
GCHQ's SMURF ARMY can hack smartphones, says Snowden. Again.
Whistleblower Edward Snowden has given an interview to BBC investigative programme Panorama in which he's added further detail on an array of tools named after the Smurfs* that allow UK intelligence agencies to hack smartphones. Privacy International has already aired much of what Snowden explained to Panorama, namely that a …
COMMENTS
-
-
-
Friday 23rd October 2015 14:39 GMT Ken 16
Re: Soft switch
Back in 2000 when company issue was a Nokia 5510, normal practice at meetings was for everyone to unclip their battery and put in on the table in front of them. Data security was incidental, it was a way of ensuring everyone was focused on the meeting. I miss that feature. All my personal phones have replaceable batteries still because sometimes I run out of power but it's not that easy to swap them.
I think anyone clued up on security knew for the last decade that service texts can insert code with these features on anything even smart enough to run java, we just didn't know the pet names of the modules.
-
-
Tuesday 6th October 2015 07:21 GMT Anonymous Coward
Re: Soft switch
Any premium or security concious design should sport a set of hardware (DIP) switches under the cover to allow us to independently and verifiably control mic, cam(s), radio, wifi, ROM lock, GPS, etc... at our discretion... but that would rather defeat their purpose, wouldn't it. So carry on pissing about with data-harvesting biometrics and passing that of as a "security"* effort they will.
Need a Yoda icon -->
* conspicuously neglecting to mention "services"
-
-
Tuesday 6th October 2015 07:23 GMT Dave 126
Made me think of Chris Morris' film Four Lions:
BARRY:
The Feds can track your phone even if the battery’s out.
Really. They can see you underground right...
WAJ:
Can they see you if you’re not there?
BARRY:
Where’s there?
WAJ:
I don’t know.
BARRY:
They can see you everywhere, Waj.
FESSAL:
Are they looking at us through cameras?
BARRY:
Space cameras, yes
FESSAL:
But me dad says I’m not supposed to be on camera - it’s haram
BARRY:
With the greatest of respect Fessal your dad eats newspaper
FESSAL:
Not any more. He eats moths.
-
Tuesday 6th October 2015 07:58 GMT Shonko Kid
"...he says can turn a phone on or off"
I call bullshit, it's easily provable that when off a phone isn't transmitting.
It could well be recieving, ie it wasn't off but in a deep sleep, and there was a mechanism like wake-on-lan. Even then that would be problematic, as it would require all cell towers to broadcast the message, in the hope that the target device is within range (it's not broadcasting, so only the last connected tower is known).
The other 'smurfs' he describes are possible, of course, basic spy-ware. Though I find it unlikely that the capability is present in un hacked phones, this would require far too great a level of compliance (and secrecy) from all phone manufacturers.
-
Tuesday 6th October 2015 08:30 GMT Anonymous Coward
Re: "...he says can turn a phone on or off"
I wonder if what he means is that a flag is set in advance when the phone is turned on that the NSA is interested in it.
At that point when the user turns it off - it either doesn't fully turn off or turns back on again after a fixed period of time.
I'd like to see more evidence of this though.
-
Tuesday 6th October 2015 09:24 GMT Velv
Re: "...he says can turn a phone on or off"
" Though I find it unlikely that the capability is present in un hacked phones, this would require far too great a level of compliance (and secrecy) from all phone manufacturers."
If your phone is open source then it's highly likely the spooks with almost unlimited access to good programmers are aware of the holes and vulnerabilities which have not been made public. Easy to then exploit without the assistance of the manufacturer.
Don't believe me? OpenSSL had a massive hole for four years until someone noticed it. Quite likely there are others to be exploited.
Closed source shouldn't get smug either. Don't for one minute think the spooks haven't stolen a copy of the source code, it's just that it isn't subject to possible peer review, so holes are less likely to be spotted.
Tinfoil hats on...
-
Tuesday 6th October 2015 09:52 GMT Anonymous Coward
Re: "...he says can turn a phone on or off"
"Stolen"?!??!?!!!one
What the hell would they have to "steal" in the the face of the relevant corporations' "extreme willingness" to acquiesce to the whim of the TLAs?
-
-
Tuesday 6th October 2015 10:14 GMT Stuart 22
Re: "...he says can turn a phone on or off"
The issue may be - not turning it on - but spoofing the 'turn off' so it didn't. It just appears turned off. Of course those that complain of bad battery drain overnight know what I'm talking about. There's nothing that pleases a spook more than to join in as a silent threesome just to make sure you, or your friend, doesn't scream "Allahu Akbar" at the climatic moment. Or something like that.
-
Thursday 8th October 2015 02:52 GMT Mark 65
Re: "...he says can turn a phone on or off"
The issue may be - not turning it on - but spoofing the 'turn off' so it didn't. It just appears turned off. Of course those that complain of bad battery drain overnight know what I'm talking about.
There was me just thinking it was Apple wanting me to update an old iphone.
-
-
Tuesday 6th October 2015 11:40 GMT Jess
Re: "...he says can turn a phone on or off"
A timed turn on would be possible. A deep sleep mode that records everything would be possible. This mode could check for control texts every now and then. It could even be tied into the motion sensor. Or/and it could use bluetooth to establish proximity of other target devices. Perhaps ensuring that only one such device was active at any one time. I bet they can even use the FM transceivers included in many devices.
If any part of the target's mobile system is subject to the Patriot Act then American Spooks will have pretty flexible access to the device. Telco, SIM manufacture, Phone manufacturer, OS manufacturer, even installed software. And that is before they have to resort to exploiting design flaws.
-
Tuesday 6th October 2015 12:36 GMT PatientOne
Re: "...he says can turn a phone on or off"
"I call bullshit, it's easily provable that when off a phone isn't transmitting."
Not transmitting: Listening.
there're security apps available that claim to be able to remotely activate/deactivate and track your phone so you can locate it and recover it, even if it had been switched off (but not if the battery had been pulled). If they can do this, then there is a mechanism built in to the phone and into the network to allow it. It is, therefor, entirely possible that the Spooks knew about it and have an app, possibly hidden in the OS, to allow them to do exactly as claimed.
This is supposition, of cause, and dependant on those security apps being correct - would have to try one out to see - but perhaps someone else has already done so and is willing to share their experiences?
-
Tuesday 6th October 2015 08:11 GMT Your alien overlord - fear me
When I was playing with SMS/MMS a few years ago (at a telco/SMSC level), I was setting the flag to do invisible texts. Worked on all phones (back then it was built into the standards). I also did 'instant pop-up' SMSes which didn't need any interaction with users and didn't get saved in the history.
The only phones these didn't work on was Nokia running Symbian OS - conspiracy theorists can ponder on how they were brought by an American company then effect;y closed down.
-
Tuesday 6th October 2015 08:53 GMT Dan 55
Flash SMSes are still used for sending banking codes and are still understood by Android (they pop up a dialog box).
Invisible SMSes go to the baseband which pass it onto the SIM, there's probably a ton of exploits for the baseband and there definitely is for the SIM. Symbian 8 phones didn't have a baseband because they did everything with the phone OS but I'm pretty sure binary texts still worked, who could forget Orange's relentless barrage of SIM updates?
-
-
Tuesday 6th October 2015 10:05 GMT Hans Neeson-Bumpsadese
Seems a bit far-fetched
As others have said earlier I think this has the faint whiff of bulls**t about it. Thinking on it, I can see two ways this could be implemented...
(a) through an exploit which allows the spooks to install spyware code of their choosing onto any phone. It's the "any" word that stands out to me...I can see this sort of exploit working in some cases but something that works on *any* phone (or even any mainstream phone) with all the permutations of hardware, OS, vendor-specific OS tweaks, etc.....that sounds a bit far-fetched to me.
(b) something installed into phoned at source...this sounds equally unlikely. To have managed to get their spyware code into the manufacturing chain of every phone (or even every mainstream phone) without their actions being detected (difficult/unlikely) or through collusion of the manufacturers without anyone in the manufacturing chain blowing the whistle (also highly unlikely)...that also sounds a bit pie in the sky.
I wonder if we're at the stage now where it's option (c)....Snowden is getting carried away and is just making stuff up, or presenting blue-sky project / brainstorming stuff as actual concrete product.
-
Tuesday 6th October 2015 10:57 GMT Frank Leonhardt
Re: Seems a bit far-fetched
Deja vu
http://blog.frankleonhardt.com/2015/edward-snowden-says-smartphones-can-be-taken-over-by-text-message/
He's playing the credulous BBC like a fiddle; except that when you see what he actually said rather than what the BBC implied he said in the pre-broadcast hype, it's not so clear who's having a laugh.
-
Tuesday 6th October 2015 11:35 GMT Little Mouse
Re: Seems a bit far-fetched
the credulous BBC
Well, this is the same BBC that endlessly repeated the "fact" that the abbreviation P.O.S. stood for "parent over shoulder" recently, in a truly ballsed-up attempt to educate grown-ups and prove that they're down-with-the-kids...
Much merriment ensued in the Mouse household on that particular day.
-
Wednesday 7th October 2015 08:33 GMT Bazzza
Re: Seems a bit far-fetched
Depending on the context, POS can either stand for "piece of s**t" or "parent over shoulder". Going back the best part of 10 years to when my four kids were all on MSN Messenger every evening after school, I would say that the latter definition predates the former in my experience. No ?
-
-
Tuesday 6th October 2015 12:47 GMT Dan 55
Re: Seems a bit far-fetched
I've no doubt they can be taken over by text message, if you set a flag when sending the text message, it's routed by the baseband to the SIM. If you couple that with an exploit, you've got 'em. I'm sure they've got plenty enough people dedicated to screwing about with Qualcomm SoCs and SIMs from a variety of operators (never knowingly known for security anyway).
-
Tuesday 6th October 2015 20:47 GMT Anonymous Coward
I can see hacking the SIM
But how does that extend to pwning the whole phone? Does the SIM run at a sort of ring 0 type privilege, allowing it to modify Android/iOS to its hearts content or something? If so, that's probably something that should be address in the OS, and make the SIM run in some sort of virtual environment where it thinks it has control but the OS really has control over it.
-
-
-
Tuesday 6th October 2015 12:39 GMT JetSetJim
Re: Seems a bit far-fetched
Far fetched? No - it's easily possibly with a feature called Mobile Device Management. There are several open specifications for it, so while there may be some platform dependent binaries around, the mechanism for getting a phone to install something is probably the same, and it shouldn't be too hard to get the phone to report its hardware config as part of the command/request messaging. You can use the system to push apps to a device, so it's not a big leap that this ability can be hidden from the user, and the apps may well have escalated permissions to enable them to do some funky monitoring. As has been said, all the user will see is sucky battery life, but how much suck-age is going to be dependent on how active/optimised the app(s) is/are.
-
-
-
-
Tuesday 6th October 2015 12:43 GMT JetSetJim
Re: Tune in next week when
Wasn't me, but you shoulda stuck a jokey icon (coat/joke alert) as otherwise it read as if you thought Snowden was saying any old shit to get coverage, rather than making reference to the inter-galactic overlord bashing Goldblum/Smith dynamic duo in an amusing fashion
-
-
Wednesday 7th October 2015 08:52 GMT Yugguy
Re: @Yugguy - Tune in next week when
I'm so confused. It's ok to say negative stuff about Assange but not Snowden?
Is there a cut-off point of belief? For instance, if next week he tells us the government are all really clones grown in underground pods do we believe that?
Please help oh wise ones.
-
-
-
Tuesday 6th October 2015 10:13 GMT Matthew 17
How would he know?
He's been in exile a while now, phones and whatnot have since been encrypted, Apple have made a big play about how they haven't installed any backdoors into their kit, they're supposed to be being taken to court over this.
I think he just enjoys the fame, he comes up creates a bit of FUD and has a bit of a laugh at our expense.
So Mr. Snowden; pics or it didn't happen.
-
-
Tuesday 6th October 2015 19:05 GMT Bucky 2
Re: re. *Not after actual fictitious Smurfs, ...
Actually, my first guess about the one that turns on the camera was that it would be named Vanity Smurf. I'd be surprised if nicknames for shadowy illegal stuff would be careful to avoid copyright infringement.
"Down by the ocean,
Down by the sea,
I looked in the water and what did I see?
Me! Me! Me! Me!"
-
Tuesday 6th October 2015 10:37 GMT Eclectic Man
Faraday Cage?
@Flywheel There is no point in putting your phone into a Faraday cage while you are asleep. If they want to send you a hacking text, the network will merely wait until your phone connects to the network when you turn it on in the moring, (Unless you talk secrets in your sleep, of course.)
If you want a pysical off switch, how about taking the SIM out? Rather unwieldy, I accept, but should inhibit communications somewhat, even for a '6S. (Not sure about Wifi or bluetooth mind - techies on this site please advise / correct me).
The fact is that each countries' security services are not answerable to any other countries' laws. The real issue here is political and public (supposedly democratic) oversight of their activities, who they are actually protecting (often the established powers and wealthy of the nation) and who they should be protecting. Anyone considering this should think long and hard about what should have been done about the horrendous child abuse at the Kincorra Boys Home, wich was known the Secureity Service, but was allowed to continue for intelligence gathering. There is a major ethical issue here.
As technology allows people, whether terrorists, extremeists or law enforcement officers to do new things, we need to work ou how to act ethically, even when those capabilities are kept secret. Oversight by politicians may not be the best was to moderate activities. I cannot believe that Theresa May has read and properly understood all of the over 1000 intercepot warrants she approved. I wonder how many she rejected - that is the number that really matters and would show she is doing her job .
OK, apologies, rant over.
-
Tuesday 6th October 2015 10:42 GMT Jess
i find the idea of an SMS installing an update, unlikely. However it could be used to control features.
It is obvious that phones with American OSes (Android, iOS, Windows) are subject to anything the American Government wants via the Patriot act.
This could mean a backdoor. Or it could just be pushing out custom updates to target phones. Or both as needed.
My guess, after seeing this, is that they can, at the very least, send a silent MMS that installs whatever spyware they want. (Without having to directly involve Apple/MS/Google) which would be the smurfs mentioned (Obviously with versions for different platforms).
The question I would like to see answered is how vulnerable phones that are not covered by the Patriot act are.
It seems likely they are less vulnerable, given the way they seem to be being eradicated. Symbian - bribed by MS. S40 - bought by MS. BlackBerry - being marginalised by everyone. (Given it isn't hard to make Android apps run on them, why?)
As for what the Smurfs can do, I'm sure it is quite possible to fake being off, record while offline, video without any indication, both cameras probably.
And the issue isn't that they can do this in America, but that they can do it worldwide. Within a country having access to the mobile network itself would allow a lot of monitoring. (Location and calls at least.)
It wouldn't surprise me if it were possible to program a SIM to silently answer calls from certain numbers, for surveillance. (My IP phone has that facility built in).
-
Tuesday 6th October 2015 11:51 GMT Fraggle850
The Patriot Act, Spookphones & spook-proof phones
I wonder how Cynaogen stacks up? GCHQ-proof (or possibly GCHQ-proof-able?) could be a good USP for WileyFox. I'm guessing it's a no though due to the googly nature of the core os.
What of other 'secure' smartphones? I'm guessing that the 'Black', being made by US defence contractor Boeing, is somewhat suspect!
What about (now don't all start laughing) Tizen? I guess we'd need to worry about S Korean govt involvement, likewise China for any homegrown Chinese mobe/os combos...
What about carrying a dumbphone with tethering and WiFi to a small tablet?
Some form of mobile hotspot with a firewall?
-
Wednesday 7th October 2015 06:38 GMT Anonymous Coward
Re: The Patriot Act, Spookphones & spook-proof phones
Most likely they've been doing this for decades, meaning anything capable of connecting to a mobile network of at least 2G has the capacity built in. So you'd think, but then you wonder how the west can do this with chips manufactured in the east: some of which are hostile to the west?
But to question the paranoia, if these features are built into the phones, how come no one's been able to find these features yet? You'd think someone paranoid enough would've taken apart some of these phones and subjected the chips in them to extreme examination: x-rays, decapping, etc.
-
-
-
Tuesday 6th October 2015 11:37 GMT Chris Fox
A weak programme, with poor journalistic standards
This was a very weak programme, with sub-tabloid quality journalism.
The Snowden involvement just seemed like bait to get people to watch a programme that was largely an uncritical platform for the usual pro-surveillance propaganda. Perhaps they were so pleased at securing an interview they forgot their journalistic principles.
There were numerous highly contentious comments made, particularly by Mark Giuliano (FBI Deputy Director), that were essentially unchallenged, e.g. encryption is fundamentally bad, and should only be available in a broken form; and that social media platforms should in effect be spying for the government. David Anderson did offer some dissent to the latter but offered the pearl that government agencies needed to collect all data even when the targets are known, which seemed to undermine his position on judicial warrants, something the programme failed to pick up on.
The BBC's narrow obsession with “balance” means it does not appreciate that merely including Eric King (PI) for “balance” is not the same as good journalism. At no point did the programme attempt even to suggest, let alone explore, the possibility that there might be legitimate uses for secure encryption. And it did not properly consider the question of balancing the interests of law-enforcement against a reasonable expectation of privacy, including from government agencies, for those who were not the subject of an investigation.
The fact that otherwise competent main-stream journalists fail to understand or convey some of these important issues — even in a programme that referred explicitly to surveillance proposals currently being considered by the UK government — means they are failing to inform, and failing to hold the government to account. Such failings allow democracy and the rights of the individual to be undermined.
Going by this programme, investigative journalism is dead at the BBC.
-
Tuesday 6th October 2015 13:01 GMT sysconfig
@Chris Fox, Re: A weak programme, with poor journalistic standards
Spot on. It was terrible journalism indeed. Many things presented as facts that are at least arguable.
Oversight in the US was touted as super transparent, but no mention of secret courts and a complete lack of disclosure once a "top secret" stamp has been put on documents or entire court cases.
But what I found most concerning, admittedly while wearing my extra large tin foil hat, was the subtle language, especially in the end... "Snowden will die in Moscow." ... "If I wasn't here any more tomorrow, I know I've done the right thing. I feel blessed."
That's almost like spinning it towards the next step in the man hunt...
There were other bits where the BBC cut Snowden's statements in a way that they appeared to be slightly evasive, so as to not to answer the actual question.
So, dear BBC, why don't you make a program on the new surveillance legislation you are referring to, and scrutinise every bit of it properly. Where does it come from, where is the evidence that shows it's required, where are the success stories that we are always told about (yet they are never actually disclosed)? How about the bits where legislation was retrospectively changed to legalise some of what GCHQ have been doing?
This was a piss poor performance in journalistic terms. Show us that you can do better. (We know you can, but we doubt that you want to.)
-
Tuesday 6th October 2015 11:49 GMT lukewarmdog
pre-hacked phones
So you've identified some people of interest, got access to their phones, added some monitoring software.. whilst you're there why not add a small syringe of anthrax that you can remotely activate through the earpiece when you hear keywords: poisonberry Smurf. Or a small surgical saw activated at pocket level: Chainsaw Smurf. Or a tiny packet of C4.. Clouseau Smurf.
*fictional militant smurfs
-
Tuesday 6th October 2015 11:50 GMT fLaMePrOoF
Our security service has been doing this for years even before smart phones...
Back in about 2009 when I owned a Sony Ericsson C902 feature phone, my employer used to organise a summer day out for all staff and their families, that year we had a boat tour up and down the Thames.
Using my C902 camera I took lots of photos on the trip, including a large number of Vauxhall Cross as we sailed past...
After the trip back at my desk I plugged the memory card into my computer and to my surprise found that there wasn't a single image of Vauxhall Cross, even though I knew I'd taken several, 6-12 at least.
What's even more strange, all of the other photos, before and after the Vauxhall Cross ones were present with sequentially numbered file names first to last, with no break in the numbering.
Several times I've recounted this tale to various levels of dis-belief and mockery, now maybe the reaction might be slightly less incredulous...
-
-
Tuesday 6th October 2015 12:44 GMT fLaMePrOoF
As a technical test analyst/manager with >8 years experience in mobile telecoms, (I was working for Orange / EE at the time), I can assure you I'm perfectly qualified to assess and report on the afore-mentioned incident, however if you're just going to call me a liar then I can see you must have earned your little silver badge for trolling...
-
-
Tuesday 6th October 2015 13:42 GMT Fraggle850
@fLaMePrOoF: In the spirit of 'evidence or it didn't happen'
It would be interesting to repeat the experiment, although 6 years down the line they may have changed things. I'd guess that it would be useful to let people take pictures of such things because it could be incriminating.
Taking you at your word this is rather intriguing.
-
-
Monday 12th October 2015 11:17 GMT Anonymous Coward
Unmetered data ?
When the GHCQ are invading my phone - is the data transmission unmetered ?
I'd be really pissed off if I have to use up my mobile data so they can play smurf.
If yes, this would be identity theft, invasion of privacy as well as plain old thievery.
Thanks again - for protecting us from whoever you are scared off!
-
Wednesday 21st October 2015 08:17 GMT Anonymous Coward
Farcebook crack encryption?
I doubt if Farcebook even understand what encryption is.
The Farcebook puppet's response to the journo's question about encryption should have been "it depends who encrypted it". Again bad journalism (lack of technical understanding).
This should have been picked up by the interviewer - what Farcebook can decrypt any encrypted data, no matter who encrypted it and how?
-
Friday 13th November 2015 11:01 GMT Anonymous Coward
It's in the GSM/3G/LTE chips and FW, silly
This speculation has been going on since early GSM MoU days 20+ years ago.
Historically, there were and still are only a handful of phone/smartphone chipset vendors.
How hard can it be for govt agencies to require them to add "special logic" to their chips?
Then, you have direct control over HW in the phone (radio, mic, camera,...).
Today Qualcomm, MediaTek, Spreadtrum control ~90% of baseband market worldwide, Qualcomm alone controls 95% of LTE basebands.
Chips need to be compliant to a myriad of standards & organizations (like GSM MoU) which might require them to add "special logic".
You need only a handful of people at each of those companies to know why that "special IP block from ****" needs to be in their chip and what it does.
Unless you remove the source of power (battery), the phone is never really "OFF".
AC, obviously. All this is pure speculation.
-
Monday 27th February 2017 06:27 GMT Anonymous Coward
Re.
Coincidentally, the one picture I had (not backed up!) containing a copy of some WW1 code found in a chimney attached to a pigeon skeleton got "lost" when the phone mysteriously decided to crash one evening and not come back on.
Eventually got the phone going months later but the *really* strange thing is that all the contacts were there, couple of pictures but not this one.
Perhaps it got rooted by the folks at SGC, who knows?
(AC, Samsung 5330)