Wednesday, June 4, 2014

How the NSA Could Bug Your Powered-Off iPhone, and How to Stop Them

Photo: Josh Valcarcel/WIRED 

Just because you turned off your phone doesn’t mean the NSA isn’t using it to spy on you.

Edward Snowden’s latest revelation about the NSA’s snooping inspired an extra dose of shock and disbelief when he said the agency’s hackers can use a mobile phone as a bug even after it’s been turned off. The whistleblower made that eye-opening claim when Brian Williams of NBC Nightly News, holding his iPhone aloft during last Wednesday’s interview, asked, “What can the NSA do with this device if they want to get into my life? Can anyone turn it on remotely if it’s off? Can they turn on apps?

“They can absolutely turn them on with the power turned off to the device,” Snowden replied.

Snowden didn’t offer any details on this seemingly magical feat. But a group of particularly cunning iPhone hackers say it’s possible. They also say you can totally and completely turn off your iPhone so no one—not even the NSA—can use it to spy on you.

Your Phone Is Playing Dead

Like any magic trick, the most plausible method of eavesdropping through a switched-off phone starts with an illusion. Security researchers posit that if an attacker has a chance to install malware before you shut down your phone, that software could make the phone look like it’s shutting down—complete with a fake “slide to power off” screen. Instead of powering down, it enters a low-power mode that leaves its baseband chip—which controls communication with the carrier—on.
“If you’re going to be paranoid, you might as well be super-paranoid.”
This “playing dead” state would allow the phone to receive commands, including one to activate its microphone, says Eric McDonald, a hardware engineer in Los Angeles. McDonald is also a member of the Evad3rs, a team of iPhone hackers who created jailbreaks for the two previous iPhone operating systems. If the NSA used an exploit like those McDonald’s worked on to infect phone with malware that fakes a shutdown, “the screen would look black and nothing would happen if you pressed buttons,” he says. “But it’s conceivable that the baseband is still on, or turns on periodically. And it would be very difficult to know whether the phone has been compromised.”

For the rest of the story: http://www.wired.com/2014/06/nsa-bug-iphone/

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...