Surveillance companies can use your iPhone to take photos of you and your surroundings without your knowledge, said a representative from the Bureau of Investigative Journalism at a panel chaired by Julian Assange™ today. Companies also sell products that will let them change the messages you write, track your location and nick …
With such an acknowledged security expert as St. Julian, how could we not heed his words as anything but Holy Writ?
I'm a network engineer with 30 years of experiance in the field of Information Security. Computer Forensics and penetration testing of various devices and netwoeks is what I do for a living.
I can confirm EVERYTHING that Julian Assange made reference to in that article.
You can either stick your head back in the sand, or open your eyes to reality and decide where to draw the line, or you can be perfectly okay with it all, but you have no right to complain later, as you would be accepting it now.
Not everything is as much an issue as first made out.
"Speaking on the panel, Pratap Chatterjee of the Bureau of Investigative Journalism (which works out of City University, but is an independent organisation) said that your phone could be used to record and send information about you even when it is in stand-by mode."
Blackberry devices still have removable batteries - the only way to ensure something is off rather than in low power mode and it's a bit difficult to do with no power. iPhone users are definitely fucked.
I would have thought you could spell experience what with 30 years of it.
Assange is slowly becoming a caricature. He'll be joining forces with David Icke next.
So where is the proof for these claims? Oh, right. There is none. Damn the tin foil hat brigade. there almost as bad as the greens for fudging the true issues the world faces.
For a conspiracy: No evidence is needed.
However, there is little here that is new. e-mails can be intercepted, read, altered and faked, and that's been available since the first e-mail client was written. 20+ years ago, students were getting shocked by e-mails they apparently sent to themselves while they were asleep... or were sent from... no one.
Just about everything they claim about phones already exists, has existed for years and has been abused by students and others for years. It just hasn't been associated with phones until recently when phones became 'smart' enough to run such applications.
Proof - Media exposes
Here's the proof - published in physical newspapers as well. A la News Of The World , if a paper says mobile hacking happens then they know what they are talking about :)
From the Business Standard newspaper, India :
The two men behind India's 'secret' surveillance industry by Akshat Kaushal & Surajeet Das Gupta / New Delhi December 3, 2011, 0:39 IST
URL : http://business-standard.com/india/news/the-two-men-behind-india%60s-%60secret%60-surveillance-industry/457443/
Another article with a video showing OEM spy software on your phone.
Your Android-based smartphone could be watching just about everything you do, Android security researcher Trevor Eckhart argues in a video posted earlier this week.
In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.
Although Eckhart's data comes from Android devices, it's worth noting that Carrier IQ's software is running on over 130 million mobile devices worldwide, including those made by Nokia and Research In Motion.
Vast majority of newspaper "hacking" has been shown to be accessing the user's voicemail via an unchanged default network password.
umm, it was mentioned in the article
287 documents from 160 companies in 25 countries.
Pretty through evidence really. Now you can say he forged it, but for all their faults, Wikileaks is kinda known for leaking things (hence the name) not forging them.
As opposed to foil hat bridge, I would propose that you acting like an ostrich and putting your head in the ground, as I pretty sure most people assuming that this was indeed going on, it just wasn't proven with evidence until now.
BTW don't the Palm products on this list, or mentioned in Carrier IQ discussions either.....
On the register, all the various articles about Carrier IQ surely (don't call me shirley!) demonstrate the capabilities?
I really do not know what to say.
How the fuck we are supposed to protect ourselves against this kind of shite if all the mobilephone/os producers are in on this game is something that really leaves me at a loss. Has anyone got any suggestions?
Simply slip the battery out of your iPhone whenever you're discussing anything really confidential.
Er... hang on ...
It's funny you mention the iPhone when it's Android users who are the most exposed. There's a nice opt out setting on the iPhone, what about Android?
I thought open source was supposed to stop this sort of thing? how can so many people who roll their own ROMs and tinker with the OS have missed this?
Stick to dumb phones -- and yes, leave it out of the room when discussing anything important or confidential.
Re: "How the fuck we are supposed to protect ourselves"
Simple - turn it off when you don't want to be monitored. It can only track you if it's switched on (including in standby). No power to the device = no way for it to run apps or be connected to remotely. Same as with bluetooth - security hole so you turn it off when not using it.
Has anyone got any suggestions?
Don't carry a mobile. Don't trust telcos.
Works for me.
Please point me to where in the article it mentions Android...?
I'm no conspiracist but....
How do you know that the off switch really switches the phone off?
A good old-fashioned 2oz tobacco tin is your friend - also the place for your 'smart' passport and contactless credit card.
Works for you?
"My toilet shocks me whenever I sit on it...Solution, Put a cover over it when not in use."
Sounds dumb doesn't it? Thats exact how your so called solution sounds.
i do. run android.
At the risk of sounding like I have a beard, pure FOSS -based phones would make it harder to pull this kind of cunning stunt.
Get a Windows Phone 7, they weren't mentioned so therefore must be safe and Microsoft are well known for not cooperating with the government.
There was a time when your only guarantee of having a private conversation was face-to-face in the middle of nowhere. Satellite surveillance put an end to that years ago, but it's hellish expensive. It's far more cost effective in these hard economic times for government and corporate spooks to bribe a few OEMs to facilitate cellphone and tablet spying to monitor our collective arses 24/7.
And, as smartphones are now computers on which we can install software...
We'll no doubt soon be able to buy apps to detect and remove surveillance software, or perhaps more amusingly, send it spoof info.
Spookmaster: 'Are we getting the surveillance feeds from Brannigan's phone?'
Spook: Loud and clear. He's on top of the Empire State Building. I can't make out the conversation - those aardvark mating calls are too loud. Very clear pictures though - don't you think he has an uncanny resemblance to Kim Kardashian?
Install our own software to monitor the activities?
-- the police logging your porn to build a prospective "likely child molester/serial killer db"
-- your care provider snooping your dining habits
-- your creditors/lenders poking around finding reasons to raise interest rates on YOU or a CLASS of "yous"
-- imagine your employer paying to get wind of your shopping around for a new job
-- imagine your ISP sussing out your feelings and creating sneaky campaings tailored JUST to keep you from defecting, but rooking you 6 months later
Imagine some or all of just THOSE examples getting loose.
The only GOOD thing about aggregation of all this information is that so long as no one is out the F*CK YOU, you have corroborative trails exonerating YOU (for now, for now) of something you were initially going to be accused of or placed into an open, non-closing, never-let-go-cold-case file.
But, wait till a killer with money finds a broker who'll pay to cascade tampered evidence down a number of backups and live data stores -- even into credit card and other companies -- to find a fall guy. It may not be YOU as in YOU because of YOU, but just that your patterns fit a nice distractive or diversionary path to take attention off the real killer or kidnapper or molestor or swindler or whatever. Even if you are eventually cleared and never brought to a court, it'll still be hell proving you're not sabotaging your own trail to wrongfully cast doubt on yourself.
Yep, these may be movie-grade ideas, but for people with VERY SHALLOW footprints, it might become VERY easy to be selected as a mark to fall for someone else, whether it's a bad guy or an investigator wanting to close a case... Wait, if you're lucky, your truthfully used DNA may exonerate you, too.
Maybe a nexus of universal hell-evil has to come together to be your (or someone else's) undoing.
Enjoy those pictures of the inside of my pocket.
HOLY NUT SHOT
Ewwwww... there's a hole in your pocket... or maybe those are walnuts?
Story sounds like a real nail biter Dickens :D
Truly you are the next Cuger Brant.
Who was the last one?
The last one was.. Cuger Brant:
Buckle up, may contain terrible writing.. and some quite sweary people.
D'ya think probie
Sorry, but if a device has the capability to do something, then you can write software to use it. This applies to any software driven computing device.
I worked all this out two nanoseconds after I knew some phones had GPS locations in them. You can either take it as a benefit, that your phone can always be found, or not, if you don't want geolocation, buy a phone without it.
BTW Tom Tom Live can also report your location, as it has a 3G connection for live trafic updates.
You should also realise that because there are so many people out there, and so few security people to watch you, you are just noise until you do something to come to their notice, like plant a bomb, or rob a bank.
Alternately you can forbid this practice and have a tax hike to pay for all the extra officers required to keep you safe.
Who needs GPS?
The cell carriers...and anyone using thier information...can track ANY cell phone, simply by looking at the cell sites the phone has/is connected to.
THIS IS NOTHING NEW.
Sorry Julian...you’re tilting at windmills once again. Now...go outside and get some Sun. You look awfully PALE!
But how do we know...
...it was really you saying that? For all we know it was some software on your phone auto-shilling a third-party's opinions out to your subscribed lists in your name.
Seeing as how all phones in the US are required to have GPS for E911, how do you propose I get a phone without it?
@Is it me
"You should also realise that because there are so many people out there, and so few security people to watch you..."
That argument might have carried water 30 years ago, but not today. With things like face-recognition software, behavioural-analysis software and the massive storage capabilities of today's computers, you don't need "security people" to watch you - the software does all that for them. Effectively, you ARE being watched all the time, and the moment you do or say something that the ruling elite don't like, that software will flag you up and turn you in within a heartbeat.
"You can either take it as a benefit, that your phone can always be found, or not, if you don't want geolocation, buy a phone without it"
What if all the phones have it? What if you can no longer get one without it?
Don't like breathing air with the chemicals in it? DON'T breath. It's YOUR choice. You HAVE the option.
Did you just suggest that you would actually die without a cell phone?
Not like metaphorically, but actually be dead? Not breathing, no heartbeat dead? Pushin up daisies?
"Don't like breathing air with the chemicals in it? DON'T breath. It's YOUR choice. You HAVE the option."
Given the choice of not breathing, or downloading the Android source and working out how to build it myself, with only what I put in there, I know which I'd choose.
Is there actual evidence for this?
Or is it just conspiracy-theory panic?
Well, there are a few...
Commercially available, but they have to be installed (see: mobile spy) This is not an OtA type thing where your phone suddenly gets pwned. Target doesn't have a screen lock key enabled, or leaves their desktop unlocked, and does not have any idea how many junkie apps they have either. The exploit requires physical access, but once installed you are "live."
There are various spheres of desktop snoop software. The "legal" snoop-on-your-spouse crap and then malware like Zeus and SpyEye.
I guess I should read the rest of the comments, but yours caught me thinking, "Hey right! Is this something new? Where is the proof?"
I knew my paranioa was well founded :)
Well that's it then.
Nothing but Cyanogenmod, and just a few closely monitored utilities for my phone :)
Now, if only I was doing something worth being surveilled :) :)
Checked the source?
And built it yourself?
Or did you take a cyanogen build, and you trust that the cyanogen build is free from snooping software.
The source maybe open, but that does not mean that the available binaries match the available software.
"Now, if only I was doing something worth being surveilled :) :)"
That depends on the agenda of those watching you. They may decide to come after you because of your ethnicity, but if they do, it will be too late for you to do anything about. The potential for abuse is all in their hands, and none of it is in yours.
and it's YOUR fault.
Last year I was on a boat trip up and down the Thames, I took lots of photos on my plain old Samsung U600 feature phone, including several of Vaxhaul Cross (MI6 HQ).
When I got home and downloaded the pics from my SD card there were NO photos of Vaxhaul Cross, but all of the pics up to that point were there, as well as all of those taken after when we left the boat...
What's more; the filenames were still in sequential numbered order, with no numbers missing in the middle.
The handset had no wifi, can't remember if bluetooth was turned on but I think not as I generally keep it off by default.
So - what happened there...?
I can only hope that I've had a sarcasm fail and your post is a joke.
The idea that MI6 care about some tourist photos of a building that they publicly state is their HQ is laughable.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft refuses to nip 'Windows 9' unzip lip slip
- Netflix swallows yet another bitter pill, inks peering deal with TWC
- Special Report Roll up for El Reg's 3G/4G MONOPOLY DATA PUB CRAWL