Slashdot Mirror
Edward Snowden's New Research Aims To Keep Smartphones From Betraying Their Owners (theintercept.com)
Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.
I'm not that concerned that my phone might transmit while in airplane mode. My phone usually isn't in airplane mode. It's far more concerning what's being transmitted while the phone is operating normally. I'd be far more interested to know, for example, whether my phone is secretly recording my conversations and acting as a bug.
Prolific, savior of humanity.
The dangers of knowledge trigger emotional distress in human beings.
This won't do anything. It's not like people are only using their phones to make an outgoing calls and then turning them off. People use smart phones to DO things. Whether that's accessing the internet or communicating with people via text or voice, the phone NEEDS radio signals to do that. "Man in the middle" systems exploit that for tracking. What Snowden and Huang are recommending isn't going to change that at all.
"Growing old is inevitable; growing up is optional."
Well, unlike everyone else, he puts the issue into the spotlight for everyone to see.
Since he has some privileged insights on how our intelligence agencies like to do things, this makes his opinion a bit more useful than the folks who merely theorized at what our government was doing.
One of my greatest interests lie in those documents we've never seen made public. What information did he obtain that he thought was extremely relevant, but has never been released to the public by those he trusted with that very task ? Of the thousands of documents he had access to, we've seen what a dozen or so ?
What and why would they still withhold that information ?
The difficulty seems to be that they're trying to hack privacy onto phones that are not really designed for it.
The vast majority of phones seem to be designed around the idea of apps, particularly social apps.
The hardware on these phones are typically black boxes and the software is designed in the interests of the vendors.
It's not difficult to make your computer private. You can build it from component pieces and put an open source OS on it.
In contrast, I've found a little information on building your own phone.
https://www.raspberrypi.org/bl...
That's the best I could find and it's a long way from being a practical phone.
For starters I can't find any CDMA circuit boards so you can't use it with Verizon. As bad as they are they have the best network in the US.
But ultimately being able to really own our phones is the only way to insure privacy on them.
Scenario 1
You are one of the subversives. You wish to prevent your phone from leaking your location or the curently open document. You attach one of these detectors, turn airplane mode on. In about 20 minutes since you left home, as if on a timer, your detector beeps and you see RF activity. You scramble to turn it off, wondering if it leaked your location and / or open document.
Scenario 2
You are one of the subversives. You pull the battery out. You write with a pen on paper.
Scenario 3
You are one of the subversives. You place the phone in a makeshift Faraday cage. You write with a pen on paper.
I don't really understand the first scenario. Are we talking about sensitive enough info ? Then why risk using the phone ? What app (with no network access required) would be absolutely vital to a subversive meeting ?
Also, would it beep if it got excited by other RF, possibly emitted by those looking for subversives ?
I appreciate privacy but this device seems to give a false sense of security. If a person doesn't have the discipline to enforce a "battery out" or "leave phone home" policy, would they have the discipline to randomly test this device, to keep it charged, to inspect it for rogue electronics, etc ?
I should be paranoid about my phone, but not about this device ? Also, it seems a bit narrow in scope. Does it check for inaudible sounds from the phone's speaker ? Does it check for CPU load that modifies the phone's thermal print ? Does it check for blitz pulses ? Does it check for the phone quietly recording everyhing ? Does it check for.. uhh, I'll stop.
Data exfiltration (wooo...) isn't just a real time problem.
The NSA is one of the world's leading secret agencies, what should you expect?
Probably lots of NSA employees are experts on security. Being experts is their job. Even if you aren't one if you start at NSA, their training will make you an expert, at least if compared to what the public knows about these things.
This would be an ideal solution, however...
In an NSA/corporation controlled world, we must be mindful of what smartphone manufacturers define as "hardware switch". By definition, such a switch would use physical/mechanical hardware to completely deactivate the hardware itself (in this case, the radio). However, I can tell you now that if smartphone manufacturers have any say, any hardware switch" would merely trigger a software action that would put the phone into Airplane mode. Thus, we end up needing Snowden's device to make sure the radio is truly deactivated.
I've thought about this a bit. Consider a consortium of like-minded privacy-concerned people that has a pool of virtual SIM cards (exceeding the user base by perhaps 2x or more). The group pays for the whole pool of SIM cards (end users pay the group, perhaps through bitcoin). Participating phones check out random virtual SIM cards (using some kind of cryptographic signature perhaps similar to blockchains to assure anonymity) periodically in order to ensure apparently random distribution. All transactions flow over a VPN to a common network and the phone itself is disabled (use VoIP). Web access runs through Privoxy or similar filtering to ensure there are no traceable bits. This should be fine until you start installing other apps.
This probably requires special hardware in order to "spoof" the consortium's SIM cards and swap between them with minimal downtime.
Use my userscript to add story images to Slashdot. There's no going back.
If you actually read the page you linked:
Snowden instructed top officials and military officers on how to defend their networks from Chinese hackers. During his four years with Dell, he rose [..] to working as what his résumé termed a "cyberstrategist" and an "expert in cyber counterintelligence" at several U.S. locations.
He wasn't just hired as security expert, he was hired for doing counterintelligence. Which is what he does now as well.
He was also too scared to sign a pardon for him. Which is what should happen. What Snowden did was a service for the public.
I thought he was just a pretty average govt. tech employee that decided to leak a bunch of documents. Now he seems to be treated like a leading expert on security? Is there something I missed here? Is his research something beyond a Google search?
How does one become an expert on security? Spend lots of time reading, thinking and studying. What else do you think Snowden has been doing for the last three years? He may not have been a security expert before collecting and leaking the documents, but he's clearly a pretty smart guy, and very motivated to care about security and privacy issues. He's been trying to use the pulpit his fame has given him to highlight those issues, and he's also clearly been doing his homework.
Aside from all of that, though, what's the point in questioning his expertise? If what he's saying doesn't make sense, say so. Your post isn't "insightful", it's just a variation of the argument from authority fallacy... in this case trying to discredit his ideas by citing his lack of authority, rather than addressing the ideas themselves.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.