There is a maintenance mode in every cell phone that allows it to be remotely turned on, that is, used as a listening device, without your knowledge.
I don't know what authentication is required. I expect that it was designed so that only your cell carrier could enable it, however whatever may have been secret about it, quite likely has leaked out by now.
If you don't want to be listened-to, don't have _any_ cell phones anywhere near you. Not just your own - say you want a private conversation in a public place; the phones of other people in your general vicinity could be switched on to listen to you.
I learned this from a well-known left-wing radical organization known as the United States Air Force, when I applied for the USAF Cyber Command. Their site had a recruiting video, that depicted a couple officers locking their phones into a grounded metal box - a faraday cage - before entering a secure area, that is, a room where secrets were openly discussed.
I've been asking everyone I know questions about this to make them realize how intense the total surveillance possibilities are.
"How many internet-connected microphones are in the same room as you?"
It's astonishing how big that number gets. For me right now, it's ~50. And so many of them are made by different companies, assembled in different countries, etc. The chance that someone, somewhere, can listen to you is nearly 100% if you're in a semi-public space. We're living in a dramatically more invasive surveillance society than 1984 ever predicted (that was just street cameras & one 'telescreen' in your home).
And then, add into this mix that we have new market acceptance for devices that intentionally open this behaviour: XBox One, Moto X, Amazon's...whatevertheycallit. There's not only technical capability, but also increasing consumer desire. It's crazy.
Further edits: There's a lot more at stake here, too, if you extrapolate from their[1] known capabilities and combine with actors who may also have motives at large scale. Take Facebook's mood-altering study, for example. We know that someone/Facebook has the ability to alter the moods and opinions of large groups of populations. The same actors can also listen/watch those people in real time. Dystopian scenarios of totalitarian governments exercising total population thought-control is more and more plausible as we all trade our privacy and security to giant corporations in exchange for mere convenience in our daily lives.
[1]: Who is 'they'? I don't know, but there are many possible 'they's and it might be many of them.
> There's not only technical capability, but also increasing consumer desire.
After "baby boomers", "Gen X", etc., I think the most appropriate name for today's kids is "the selfie generation". They're flattered if you stalk them. I wish I was kidding.
For quite a long time, I only used my Win2k box through a Linux IP Masquerading gateway. But during a long stay at a hotel, while looking for a new place to live, I noticed that my dialup modem activity lights flickered even when I myself wasn't doing anything online.
I asked a friend who recommended a firewall product whose name escapes me just now. Most coders think of a "firewall" as a way to keep bad packets out. This firewall would also keep bad packets _in_.
It identified the miscreant as the Welchia worm. What Welchia does is to install some completely legitimate Win2k security updates, as well as installing itself on some other Win2k box.
The only really _bad_ thing it did was to slow down my network.
Poor city-dwellers, always in a crowd. I spend the larger part of every day in a house in the country, with maybe 1 cell phone in the house but probably not in earshot. Didn't know I was so unusual!
Most notebook computers have video cameras built into the display's frame, at the top. These cameras typically have a light that powers on when the camera is in use.
However there is nothing at all to indicate that the computer has its audio microphone in use.
One idea: I can easily imagine research studies getting IRB approval for this. The red light could alter the subject's behavior, and video analysis could be part of the metrics (for measuring attention/distraction or gross estimates of gaze, etc).
I can't imagine an IRB-approved research study that requires a software solution (developed under an NDA) to a hardware problem that couldn't be solved with a one-inch square of black electrical tape.
For the price of a contracted software developer, you could simply buy a model of laptop (or smart phone), in which the bezel can be pried open without substantial damage, and behind the LED's transparent aperture (but obscuring the LED), you fix a tidbit of black tape or whichever opaque material you may prefer.
Or, better yet, for pretty much every situation that doesn't involve eye-movement tracking, simply install a hidden security camera at an opportunistic vantage point.
An IRB would only care about whether the deception perpetrated on the subject is justifiable. They wouldn't care one iota how the light was disabled--the risk to the subject is the same regardless of whether the light is disabled by hardware or software or not used. For example a BYOD type study might be plausible because in some circumstances subjects may be more comfortable/candid using their own devices. Who knows.
The issues for the IRB would only be the fact that the subjects are not consented to covert surveillance and whether the nature of the information collected presents a risk to the subject if accidentally disclosed.
It's not just that I am still bound by my NDA, but telling anyone what the application actually did, would result in bad things happening to completely innocent people.
You realise that this just makes it more intriguing. Personally, I wonder if that's not a way of saying "actually my justification isn't really valid". I don't mean to be inflammatory, I'm voicing my concern -- it sounds fishy.
I also have a legitimate reason to snap still photos on a smartphone, without making the shutter sound. On an iPhone, it sounds just like an SLR film camera, and is very loud.
However, it turns out that it is unlawful to do that in such countries as Japan.
Asking how to silence the iphone camera on stackoverflow resulted in 20,000 views of my post, several people saying you can't do that, and several people telling me it's against the law, that it would be a bad idea and so on.
Nevertheless, I have a completely legitimate reason to do so.
I expect Apple would reject it from the App Store. I may do it for Android, as well as for jailbroken iOS devices, but then sell it through the Cydia App Store.
I read someone was able to "remove" the click sound by playing the same click sound phase shifted when taking a photo - so when the OS sound mixer adds the two waveforms together it results in silence. Clever idea - it is the same as noise canceling headphones, except it all happens in software.
As others have mentioned, if you put your iphone in silent mode there is no click sound except in Japan. I'm not sure if a) phones sold in Japan have disabled this feature or b) the phone knows when it is located in Japan and then disables silent mode.
I doubt that would work well in practice. The reason is that timing is extremely important for this to work, if you're even one sample off you'll here a faint sound, and more than a few then it's quite obvious. So if the sound is generated by a separate OS process, you'll never know exactly when the sound is generated and you will not even have control over exactly when your own sound is played back in relation to the other process, think sub ms accuracy.
I haven't actually tried this for quite a long time. Perhaps Apple added a silent mode so as to compete with Android.
There's a lot of stuff that at one time would only work on jailbroken devices, only for Apple to "add support" for it as a result of some App becoming a huge hit at the Cydia App store.
At first one could not even take still photos programmatically, the user had to use Apple's own App for that. But Snapture - if I remember correctly - was able to do it on jailbroken devices, so Apple added the public API so that Snapture would be sold on the App Store, rather than through Cydia.
> Perhaps Apple added a silent mode so as to compete with
> Android.
Every single iPhone I had (and I had 3G, 4, 4S, 5, 5S) was able to take photo without sound if it was switched to silent. Probably differs by the region, i.e. those shipped to Japan make camera sound no matter what, others don't.
I have an Android phone that's not rooted, an Acer. Turning off shutter sound is in the camera settings, it's one of the first things I do with a camera as I prefer natural photos of family to posed ones.
You make it sound as if that is some kind of security revelation. In reality, what you are saying is 'the light is controlled in software'. Which is just another way of saying "that light is just a light, and it has only a tenuous connection to the camera being enabled".
Turns out this is a really, really trivial problem to solve in hardware. Delegating it to their peripheral microcontroller is not a hardware solution, it's just the same software nonsense.
Security is hard in software because from the undecidable halting problem it immediately follows that any non-trivial property of software (such as "does the micro firmware turn the LED on when the camera is on") can also not be decided.
There is no halting problem in hardware. But I hear they have very, very cheap switches nowadays that could easily control the power to the camera and a parallel LED.
> immediately follows that any non-trivial property of software (such as "does the micro firmware turn the LED on when the camera is on") can also not be decided.
Any non-trivial property of arbitrary software, you mean.
It is entirely possible to prove that some software is or isn't "secure", for however you define secure. It's just not possible to do that for arbitrary software.
It is entirely possible to (for example) write your micro firmware with an integrated proof that non-trivial properties (like the LED/camera thing you mention) are satisfied.
Second:
> There is no halting problem in hardware.
Actually, there is, kind of. Have you heard of the arbitrator problem? Long story short, analog behavior may propagate arbitrarily far into any digital system. You can make it less common, but you cannot get rid of it. Also: any non-trivial property of arbitrary hardware is also isn't provable. (Otherwise you could solve the halting problem, again)
I am curious about your assertion that there is no halting problem in hardware.
I've seen advertisements for automated circuit design tools that will convert a C program into the schematic for a chip that does the same thing, only in hardware.
That leads me to believe that hardware must have the halting problem as well. However I only have a passing understanding of the halting problem. Can you enlighten me?
Hardware does have the halting problem. (As you could very easily make your hardware be a CPU with ROM that is "run program, then assert" - if the program halts, it'll assert. Hence - halting problem)
I don’t think you fully understood what 0942v8653 said; why would you write malware to perform the default behaviour (the LED turning on when the camera is on)?
> There is a damn good reason I don't even own an ebook reader.
On my Kobo Aura HD I was able to disable the snitching and with the sideloading working so great I had no reason to turn on the wi-fi since I bought it.
Do you know in which part of the phones this is supposed to be in?
In every cell phone? Without more details I call BS on this. It might be possible, but stating that every cell phone has it, sounds unlikely to me. I don't think it is part of the GSM specification, so what would be the reason that EVERY cell phone (Also non-GSM phones) has it?
I quite commonly experience the phenomenon that when others don't agree with me, they make up reasons that I must be wrong, completely out of the blue.
For example, I'm working on a Conway's Game of Life implementation for iOS. It's taking a long time, so some joker published a web page that lists all the other members of our site, who have already shipped Conway's Life implementations.
So I pointed out that I shipped my own Life game for the Classic Mac OS in 1997, and that it was particularly fast because it set the bit-depth of the screen to 1 (black and white, no color, no greyscale), then drew directly into the video card memory. My old website where I published its source has been available in the wayback machine this whole time.
The response? Two other people pointed out that they knew how to draw directly to the screen decades ago.
No one is willing to acknowledge that I shipped my own Life implementation fourteen years ago, long before that site even existed.
As I said I am mentally ill. If I tell my own mother something she disagrees with or does not understand, she regards it as a symptom of my mental illness.
For example I told her that I am a webmaster, and that it costs me money to register my domains and host my sites.
She regards such statements as evidence that I have not been taking my medicine, and will, from time to time, call the police to get me involuntarily held in a psychiatric hospital, whose staff will agree that I must be delusional, because I claim to be a webmaster.
wait, wait ... wasn't there some michael crawford personality on kuro5hin years and years ago ? I never really understood what was going on there, but ... is this related in some way ?
Yes, I've been an active kuro5hin member since 2002.
Oddly, I am considered not notable enough for wikipedia, because someone made the argument that I am only known at k5, despite being widely published, having led the development of some protocols, invented things, written a whole bunch of highly regarded software products.
There have been some reports of government-sanctioned malware being installed on smartphones to override the behavior of the power-off switch, making it appear that the phone has been turned off when it's actually not. This could presumably be used for surveillance purposes, and probably has been, given what we've seen in the Snowden disclosures and elsewhere.
However, the idea that an unmodified or unhacked phone can be made to behave this way is sheer tinfoil hattery. You're not allowed to bring anything even vaguely electronic into a SCIF, but that's because the whole idea behind a SCIF is to have a room in an otherwise-unsecure facility where even the vaguest potential security risks are aggressively countered.
Baseband alone is not enough to act as an eavesdropping device. There's no direct connection between the baseband chipset and the microphone and camera. And if they left the baseband subsystem powered up when the phone was physically turned off (as opposed to in standby), the battery drain would be obvious.
Some of the confusion probably arises from the distinction between power-down and standby modes. If anything but the supervisory processor that monitors the power button were active with the phone turned all the way off, it would be noticed, and give rise to a substantial (and well justified) outcry. Under normal conditions, that can happen only if the phone has been hacked.
What I personally am talking about, would apply when the phone is powered on, for example while it is in my pocket, available to receive calls or texts.
CALEA seems to be only about intercepting telecommunications, i.e., in this case, intercepting running phone calls. Nothing there about secretly turning on the microphone when no call is going on. (If the Wikipedia article is correct and mostly complete.)
Google around, there are plenty of public media stories indicating that the capability exists. In one case, the FBI arrested a mafia leader based on covert capture of all conversations that happened in a rental car equipped with OnStar.
I don't think the Air Force would just make something like that up. It's not just a USAF policy, not to permit cell phones in secure areas. I know lots of people with clearances, none of them are permitted to bring cell phones into their offices.
I applied to the Cyber Command in the Summer of 2008. What kinds of phones were in use at the time, in the United States?
And the video did specifically say "every cell phone".
How do you know that those policies aren't in place to prevent a person from knowingly recording sensitive data with their phone? Was there anything indicating that it was specifically for the reasons that you gave?
The "real" reason for a policy is always more exciting. Watch:
The real reason you have to turn your phone off on a plane is so that you can't record the takeoff and landing. That way, if there's a crash, there's no evidence to dispute the airline's black box version of the story.
That's completely bogus. You only need to turn off the broadcasting it does, and even that was declared unnecessary by the FAA recently(iirc). You can record the takeoff and landing all you want, as long as you aren't affecting other passengers.
Funny story: two years ago, back when anything electronic was banned during takeoff/landing, I was flying to Svalbard. If you don't know it, it's a very beautiful, very cold island north of Norway. During final approach, the sunset was so beautiful that the flight attendants went "ah, screw it" and turned on their phones to take pictures. Naturally everyone else did as well.
In airline accidents, the NTSB and first responders handle the black box recovery. The airline doesn't touch the unit itself. The NTSB techs read the data and CVR audio.
Airlines are not allowed to comment on the investigation (including interpreting black box data) so the only official version is that of the NTSB.
I've never heard of an airline accident in the US where public or passenger video (cellphone or otherwise) contradicted the black box data.
This policy is so widespread, and it has been the policy for so long, that I would be quite surprised were such a reason not to have leaked out by now.
People with clearances all know about this maintenance mode. None of them ever explain the error of my ways, when I discuss it with them.
Sorry for the late reply.
I would be very surprised if iPhones and most Android phones had this "maintenance mode". There are many people that are very familiar with every aspect of the hardware and software. When you have access to the bootloader, kernel, OS and even the init process before the bootloader, there isn't really anywhere to hide such a thing.
This just seems like outdated and paranoid policy to me.
There are other reasons that cell phones would not be allowed in such a location. For instance, it makes it more difficult for an insider to remove sensitive information.
While I expect you are correct, the USAF recruiting film specifically pointed out that cell phones aren't permitted in secure areas because of that maintenance mode.
How do you know that a pedometer is really just a pedometer?
That's how Bradley Manning made off with 800,00 diplomatic cables. He used a CD label printer to print CD-R blanks so that they looked like the albums from all his favorite bands, put the CD-R media into a portable player, then burned the CDs at his PC after downloading the cables over the Internet.
Oddly, he was always searched on the way in, never on the way out.
If they did use a user account system with capabilities (CD burning would be one of them) this couldn't have happened. That probably a million other possibilities.
Alternatively, they could crack open an Internet RFC or two.
Internet Protocol packets have a field for the security classification - unclassified, confidential, secret, top secret, there are other classifications that are themselves classified, as top secret ultra once was - as well as the compartment.
I expect Bradley Manning had a top secret clearance, but I doubt he had the same compartment as was required to read diplomatic cables.
Quite likely everyone was using commodity routers, such as one can purchase at Fry's. It must be expensive to purchase routers that enforce what has been in the Internet Protocol since the 1970s.
> Internet Protocol packets have a field for the security classification - unclassified, confidential, secret, top secret ...
I'm not sure how these would have helped contain Manning. The access-control part of this infosec failure was on a higher level (Manning's admin access crossed compartments). "Server-side" access control didn't fail, it functioned as expected. Monitoring did fail, but that's another story.
Zooming out a bit to the security bits of IP packets, that I had completely forgotten about - are those actually used/useful in this Layer 7 era? How?
I can't think of a single use case. I would expect even the sensitive/non-sensitive routing decisions to happen on a per-host/subnet basis (e.g. 30.x.x.x stuff goes through this pipe, other stuff goes through the outside-world pipe)
For one thing, you don't permit information that has different classifications, or is in different compartment to be stored together on one computer.
So if he has access to top secret information, he shouldn't also be able to download Easy CD Creator with Internet Explorer, nor should he have been permitted to put what appeared to be audio CDs into the burner.
While one could argue his PC should not have a burner, there are good reasons for top secret computers to have them, however one should not be permitted to insert any but top secret CDs, and after burning there should be a way to enforce that they are stamped "top secret", and finally he should have been searched on the way out.
EDIT: After writing this I realised that Manning !== Snowden, and that the sysadmin feller was the latter. Manning was an analyst, so you couldn't restrict his access to really sensitive stuff, just exfiltration methods. The system was so lax that he actually had unfettered (and probably unmonitored) internet access. If he could chat with Adrian Lamo, he could upload bits and bobs at a time through stego selfies or however else. Bandwidth/risk ratio make camouflaged CD-Rs a much saner and convenient choice. So, part of this applies to why you couldn't stop Snowden from exfiltrating, not Manning. Carry on :) Sorry about my confusion.
So a sys-admin wouldn't have full access to install software on his own machine? Which they wouldn't have been able to override, even given long periods of time alone with the hardware?
It is hard to imagine that the tools provided by the factory image (however heavily modded and supplemented that may be) would enable him to do everything he needs to do, without needing this or that approved by someone all the time. They are the guys who, in most other organizations, would approve or reject the third-party application. It is certainly a curious concept to me, to have a sysadmin without admin privileges (on his client, at least). I guess you could pull it off if you reduced the sysadmin's job to "look at some status output -> press GUI button. occasionally, call someone", but I'm fairly certain that you can't do that with everyone. What about the DB admins?
In any case. I dare say that you couldn't have stopped him. You may have contained his information access to a more limited scope[1], you may have limited his "bandwidth/throughput", but you just can't stop a dedicated whistleblower. You can't stop data exfiltrations, period. After all is said and done, and you remove all tools that could have been used to exfiltrate data (everything), the guy will memorize the document, go into the toilet, and write it on his thigh, or whatever[2]. Even though I suppose that at that time, it is info exfiltration, and it has less press value.
Manning's method was almost 0 risk to him (at the time, and "considering...") and offered 740MB bandwidth per round trip (if it wasn't actually DVDs). That's a pretty good bandwidth/risk ratio. Some more extreme alternatives would include SDs, micro SDs, tiny USB drives, and.. well, I don't need to paint you a picture - just look at drug mule tricks for inspiration.
[1] Snowden, not Manning. Analysts need info.
[2] There are several hundred steps between the current status quo and that extreme I just mentioned, but at the end of the day - you can't plug the analog hole that is the human brain unless we start wiping memories. And even then...
> There is a maintenance mode in every cell phone that allows it to be remotely turned on, that is, used as a listening device, without your knowledge.
Sounds tin-foily, any references? This conspiracy theory has been making the rounds for a long time and there's no evidence for it so far. Some problems immediately come to mind:
- would eat phone battery quickly to keep radio listening for these things
- would be vulnerable to discovery, eg leaks from phone industry engineers, reverse engineering by tinkerers, etc - yet has stayed secret for a long time (assuming this isn't a new thing)
More realistic would be exploiting a bug in the phone baseband firmware to get remote code execution, and then reprogramming the phone to do what you want. And reason enough to treat phones like you observed.
> More realistic would be exploiting a bug in the phone baseband firmware to get remote code execution, and then reprogramming the phone to do what you want.
Or using baseband as intended to get remote code execution, and then on the cell company side wrap it up in a nice GUI or set of scripts, and voilà - you have the "maintenance mode" mentioned.
I wasn't claiming that this maintenance mode turns on the power to a phone, rather that if the phone is already powered on, the maintenance mode silently and invisibly turns on the phone's microphone, then transmits audio back to the cell tower.
So if you leave your cell powered on, anyone who knows how to activate that maintenance mode can listen to what you are saying, without your knowledge.
> that depicted a couple officers locking their phones into a grounded metal box - a faraday cage
I once tried that using a metal lunchbox, with a tight fitting metal lid - the phone rang anyway.
Anyone else ever tried it?
And as a side note, be sure and turn off (or airplane mode) your phone if you do put it in an effective faraday cage, or you will rapidly drain the battery as the phone constantly tries - at full power - to find a base station.
That also to stop the oficers from recording the meeting - a mate of mine worked for qinetiq and they have strict rules on phones being found with a phone with a camera inside his work place woudl have been a gross misconduct offence.
I have been for DV clearnce job interviews (The FO at Milton keynes) and you can have NO electronics on your person past the reception area.
My understanding is that it was this facility (in part) which was used to track & monitor ex-US Marine Toby Studabaker when he went "missing" around 12 years ago with 12 year old Shevaun Pennington. He was 'found' in a hotel room in Germany - despite his phone being turned off.
I don't know what authentication is required. I expect that it was designed so that only your cell carrier could enable it, however whatever may have been secret about it, quite likely has leaked out by now.
If you don't want to be listened-to, don't have _any_ cell phones anywhere near you. Not just your own - say you want a private conversation in a public place; the phones of other people in your general vicinity could be switched on to listen to you.
I learned this from a well-known left-wing radical organization known as the United States Air Force, when I applied for the USAF Cyber Command. Their site had a recruiting video, that depicted a couple officers locking their phones into a grounded metal box - a faraday cage - before entering a secure area, that is, a room where secrets were openly discussed.