Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data

Posted by samzenpus on from the always-watching dept.

schwit1 writes "New leaked NSA documents shed a new light on the agency's assault on the data controls of smartphone apps. Using app data permissions as a jumping off point, the documents show agency staffers building huge quantities of data, including 'intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.' One slide lists capabilities for 'hot mic' recording, high precision geotracking, and file retrieval which would reach any content stored locally on the phone, including text messages, emails and calendar entries. As the slide notes in a parenthetical aside, 'if it's on the phone, we can get it.'"

26 of 144 comments (clear)

  1. Now we finally know... by Anonymous Coward · · Score: 3, Funny

    what those birds are so angry about

  2. Can you hear me now? by RotateLeftByte · · Score: 4, Interesting

    Why are you listening?
    Do you understand me now?
    Why are you still listening?
    Do you think I have something to hide?
    Remember, I'm on your side
    So bugger off like a good man
    and snoop on the Taleban

    --
    I'd rather be riding my '63 Triumph T120.
    1. Re:Can you hear me now? by SirGarlon · · Score: 3, Insightful

      Remember, I'm on your side

      Correction: I'm on the side you *claim to be on*.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    2. Re:Can you hear me now? by morgauxo · · Score: 3, Informative

      And that's an excuse to make the moves that actually ARE wrong?

  3. Smurftastic! by GPLDAN · · Score: 4, Informative

    The NSA has all the actual slides from the internal presentation:
    http://www.theguardian.com/wor...

    From what I gather, TRACKER SMURF module of the WARRIOR PRIDE rootkit for both IOS and Android sort of grabs pin positions of places you search for in Google Maps as well as where you actually ARE. What's interesting is the seeming fascination with sexual orientation and clubs. I guess if there is dirt to be had on an operative or a politician, it might be if they are secretly a wild and crazy guy, or perhaps visiting a mistress in South America instead of being lost on the Appalachian trail.

    I know it's fashionable to be angry and all that, but the more of these slides they release, the more you understand how good these guys are at spycraft. It's a solid rootkit base with modules for various device driver interaction, it's pulling back info to be sorted in databases specifically at dossier building on targets, etc etc. It's a well organized program of information gathering, actually.

    1. Re:Smurftastic! by MightyMartian · · Score: 5, Insightful

      And a police officer has the technical capacity to walk into my house and shoot me dead. That I can appreciate his likely skill with a service revolver doesn't mean he gets to shoot me dead at a whim.

      The same applies to the NSA. That it has some bright brains who have some impressive technical capabilities does not mean that they should be permitted to wantonly do it without proper civilian oversight, including the requirement that no US citizen's data be collected without an explicit and accurate warrant.

      In other words; capacity is only part of the equation.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Smurftastic! by GPLDAN · · Score: 2

      Mister President, we must not allow a mine shaft gap!

    3. Re:Smurftastic! by bob_super · · Score: 3, Insightful

      While that's a bit of an exaggeration since NSA is only collecting (once the data comes up/who cares where the hammer falls down/it's not my department/says NSA von braun), it fits in a more worrisome pattern.

      There was never a doubt in the European's mind that waterboarding is torture, because that's what was used by the Reich on the resistance. When you add a KGB/Stasi-on-steroids NSA, that makes for a nasty vibe.

    4. Re:Smurftastic! by 0123456 · · Score: 2

      The "exigent circumstances" exemption to the 4th amendment effectively nullifies it.

      Weird. I don't see that one in my copy of the Constitution. Are you using Constitution 2.0?

    5. Re:Smurftastic! by fritsd · · Score: 2

      There is precedent in the Amsterdam city archive keeping track of what religion everyone had. That was also only data collection, with only beneficial purpose. Then the government ahem "changed", and they sent a group of SSers over to write down where all the Jews lived.

      --
      To be, or not to be: isn't that quite logical, Slashdot Beta?
  4. So what. by RightSaidFred99 · · Score: 3, Insightful

    People seem to be freaking out that all these capabilities exist when anyone with half a wit or more knew that this was all possible.

    The question is regarding the set of controls over how and when this is done.

    I mean, by golly, did you know that 5 years ago they could listen in on your phone conversations and even determine where you were located when you were making the phone call?!

    Carrying on about these capabilities (as opposed to the way they are used) is going to look as quaint to people in 20 years as the above concern about land-line phone calls looks now.

    1. Re:So what. by bob_super · · Score: 2

      But but... Hollywood keeps telling me I have 59 seconds before they can complete the trace?

    2. Re:So what. by bob_super · · Score: 5, Insightful

      Yes, but it's only in the last couple decades that they've been able to regroup all the data from all the forms of communication attached to every single user.
      The scale of the task used to keep people focused on potential targets. Now it's about having everything on everyone, because nobody ever got fired for having too much data when shit happens.

    3. Re:So what. by fuzzyfuzzyfungus · · Score: 5, Insightful

      "The question is regarding the set of controls over how and when this is done."

      Yes, about those... The secret ones, that you'd need access to secret information to verify compliance with, based on a classified interpretation of a massive hodgepodge of assorted laws, executive orders, and precedents, as interpreted by a secret court that doesn't release opinions and hears only testimony from the state agents requesting authorization? Those ones... Forgive me if I'm... less than 100% reassured.

      Internal regulation and discipline can't even keep the officers of Hickville PD from periodic abuses that end up drawing big civil suits, and those guys are both nearly powerless and highly vulnerable to 3rd party scrutiny. Why would anyone expect 'controls' on an agency that can just stamp 'Double Top Secret' on anything embarassing and bury it forever to be more than a joke for the break room?

  5. Ever wonder why US unscrambled GPS Signals. by gurps_npc · · Score: 5, Funny
    I, May of 2000, President Clinton unscrambled GPS for civilian usage.

    I always wondered why he did this. To create the GPS industry? I don't think so. Instead I think it was with the full knowledge that in a short time, the NSA could track people using it.

    --
    excitingthingstodo.blogspot.com
    1. Re:Ever wonder why US unscrambled GPS Signals. by fuzzyfuzzyfungus · · Score: 3, Insightful

      What? GPS receivers don't transmit. How do you track a GPS receiver?

      You don't(well, somebody with an indistinguishable-from-magic antenna array and a truck full of DSPs might be able to pick up some effect of your antenna and RF circuitry against background; but it'd be dubiously practical at best); but a great many GPS receivers are connected to cellphones that are delightfully cooperative about providing those data for you. Now, even without GPS, cell tower triangulation would provide rough data; but GPS neatens it up nicely.

    2. Re:Ever wonder why US unscrambled GPS Signals. by Baloroth · · Score: 2

      I, May of 2000, President Clinton unscrambled GPS for civilian usage.

      I always wondered why he did this. To create the GPS industry? I don't think so. Instead I think it was with the full knowledge that in a short time, the NSA could track people using it.

      Not exactly. GPS was always available for public usage, they just turn off "selective availability", which increased the accuracy of civilian GPS (from the ~50 meter accuracy down to meter or sub-meter accuracy).

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:Ever wonder why US unscrambled GPS Signals. by nctritech · · Score: 5, Insightful

      This is why the FIRMWARE of phone radio CPUs needs to be fully open-sourced. Until they are, there is no way to audit them for privacy concerns nor modify them to close such loopholes.

    4. Re:Ever wonder why US unscrambled GPS Signals. by jddeluxe · · Score: 2

      While they don't transmit, per se, if GPS is enabled (and sometimes even if disabled) the most recent GPS fix is typically stored in memory.

  6. Re:Angry Birds by bob_super · · Score: 2

    I approve the part about the pigs being the target.

  7. And the collusion continues.... by Anachragnome · · Score: 5, Interesting

    From the following linked article:
    "During a recent interview session I had with Mikko Hypponen, the chief research officer for digital security company F-Secure Corp, he shared that he was friends with the men behind Rovio, the creators behind another massive success story--Angry Birds."

    http://www.thestar.com.my/stor...

    A couple of years ago I tried, in earnest, to inform Mikko Hypponen of evidence I had acquired (first-hand) that proved that Sony Entertainment was gathering data from computers that had Sony software installed, after being referred to him by Mark Russinovich (of Microsoft/Sysinternals fame). I was stone-walled completely, even after providing crash-dumps that held all the evidence he needed to go public-- now, I know why.

  8. mod up. They used to target key suspects. by raymorris · · Score: 5, Insightful

    Indeed, that's the difference. When they had to show up with a warrant for a specific individual and have agents sit and listen, they did that for high value suspects. Now it's all of us, all the time, who are the targets.

  9. You read /. so you already knew this right? by Trax3001BBS · · Score: 4, Informative

    The file "Computer_Forensics_for_Prosecutors_(2013)_Part_1".pdf has this gem in it.

    "Users of mobile devices and cloud storage sign off on their rights to data scanning, There is no opt-out option."

    This file showed up when a question of True Crypt being back doored came up, as out of the blue it mentions it is; if not set up correctly I would tend to agree.

    Page 16 http://www.techarp.com/article...
    article lies about Phil ZImermann but the only place I could find the file.

    1. Re:You read /. so you already knew this right? by Trax3001BBS · · Score: 2

      if not set up correctly I would tend to agree.

      What does the set up have to do with it? If the backdoor is built-in already, it's built in. Right?

      Page 15 of the PDF mentioned...

      What is a backdoor?

      A method to bypass data encryption or security.

      Blah blah blah

      "Currently available for major encryption software - Microsoft
      BitLocker, FIleVault, BestCrypt, TrueCrypt, etc." - the paragraph is a direct quote.

      ------------- True Crypt shouldn't of been added/listed -----------------

      First TrueCrypt hasn't been backdoored. The fact they even mentioned it I figure
      if it's setup up wrong it can be accessed, or worry you.

      I reinstall OS's a lot, I had a TrueCrypt volume but after switching OS's it never would
      show again. (I didn't try to recover it).

      Given it's the opposite of back dooring, but I lost a lot of work in the process. That's when
      I felt I should RTFM. One needs to be very careful with TrueCrypt, NTFS isn't that secure, and
      TrueCrypt will tell you that, In fact a lot of precautions are required

      ----- Not back doored by reading memory block ------

      A recent /. article mentioned TrueCrypt was back doored by reading a memory block.
      http://it.slashdot.org/story/1...

      A post and link by MidSpeck negated the claim:

      "Still working as intended
      by MidSpeck (1516577)
      While good to know these types of attacks exist, TrueCrypt's security model is still holding strong. http://www.truecrypt.org/docs/... "

      Which states, "TrueCrypt does not:
      Encrypt or secure any portion of RAM (the main memory of a computer)."

      ----
      True Crypt needs to be audited to set matters straight once and for all.

      A lot of disinformation is being released to where one doesn't know what to believe.

  10. easy to circumvent by UnanimousCoward · · Score: 2

    I often type in and drive to strip clubs and card rooms just to throw the NSA off since those searches are in complete contradiction of my choir boy profile.

    --
    Twelve-and-three-quarter inches. Unyielding. This wand belonged to Bellatrix Lestrange.
  11. All that trouble... by Greyfox · · Score: 2

    Just to get a picture of my dong. They could have just asked, I mean, if it was for national security and all that...

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?