Slashdot Mirror
Nobody's Cellphone Is Really That Secure, Bruce Schneier Reminds (theatlantic.com)
Earlier this week, The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one, writes Bruce Schneier. From a story: Security experts have been talking about the potential security vulnerabilities in Trump's cellphone use since he became president. And President Barack Obama bristled at -- but acquiesced to -- the security rules prohibiting him from using a "regular" cellphone throughout his presidency. Three broader questions obviously emerge from the story. Who else is listening in on Trump's cellphone calls? What about the cellphones of other world leaders and senior government officials? And -- most personal of all -- what about my cellphone calls?
There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet's major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing "target selectors": phone numbers the NSA searches for and records. These included senior government officials of Germany -- among them Chancellor Angela Merkel -- France, Japan, and other countries.
Other countries don't have the same worldwide reach that the NSA has, and must use other methods to intercept cellphone calls. We don't know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a U.S. congressman's phone live on camera in 2016. Back in 2005, unknown attackers targeted the cellphones of many Greek politicians by hacking the country's phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company. Alternatively, an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don't think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.
There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet's major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing "target selectors": phone numbers the NSA searches for and records. These included senior government officials of Germany -- among them Chancellor Angela Merkel -- France, Japan, and other countries.
Other countries don't have the same worldwide reach that the NSA has, and must use other methods to intercept cellphone calls. We don't know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a U.S. congressman's phone live on camera in 2016. Back in 2005, unknown attackers targeted the cellphones of many Greek politicians by hacking the country's phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company. Alternatively, an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don't think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.
and you failed miserably. The lesson is never try.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
So if you're ever tempted to take a picture of your penis and send it to someone, keep in mind that US, Russian and Chinese intelligence agencies will all have a picture of your penis the moment you hit "send."
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This is just more proof that the Republican outrage over Clinton's emails is just completely phony. And that Trump's supporters are complete imbeciles.
The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one, writes Bruce Schneier.
My $0.02 why I am not surprised: -
Our government does routinely spy on friends
Our friends in the Mideast once returned the favor!
I guess we are getting a taste of our own MO.
... how this guy is such an expert at stating the obvious. Careful mix-in of empty scarewords ("hacking!") and that makes him the world-class authority. If this is the best we have, no wonder our security is shit.
Remember all the whining and hand wringing over Hillary Clinton using an unsecured email server? Remember how people said she was giving away state secrets and should be in jail?
Funny how those same people are absolutely silent when the con artist gives away national secrets every day over an unsecured phone.
Nowadays consumer grade devices can be actually protected enough that a person without significant value if attacked won't be done so, simply because attacking them doesn't worth it. However if the protocol is flawed, even the most secure systems practically will implement the flawed protocol, which deliberately introduces certain security holes. For example stingrays on common phones.
Everyone who values their security seriously should use at least WhatsApp, Signal or something comparable.
Is to deem your smartphone compromised by default and if you're really concerned about the privacy and security of your communications then you deal with the interested parties vis-a-vis or use off-the-shelf computers with trusted software like e.g. Linux/*BSD and communication software which is known to be secure, like ring.cx, signal or wire. In order to protect yourself from compromised hardware you need to set up an internet router (any Wi-Fi access point which supports *WRT) and make sure that your traffic goes exactly where you intended it to go and not to some third parties.
If you know you're being spied on (I find it hard to believe that the Times would find out before the U.S. government) wouldn't that just motivate you to feed bad information through those channels? Sure, you could try to block the spying, but that just means that the spy tries something else and you're uncertain as to whether or not they're intercepting your communication again. Also, they're faced with the difficulty of trying to determine if there's another line of communication that they don't have access to where all of the real information is being passed and have to question the value of all of the communications that they do intercept.
This can be extended to any network: they aren't secure. The purpose of a network is to communicate, not hide communications. It sounds strange, but true. You can attempt to add security to it, but the concept of a network means sharing information.
News media loves to find fault with Trump but Hillary Clinton then SOS for the US seem to get a pass for exchanging classified material via a person server. How worse can it be what Trump is doing?? Not to mention Obama's staff were hacked a few times and again nobody ever disclosed or knew what the hackers got.
Yeah its a problem for leaders now who use several devices for communications. But Trump is not the first to be possibly careless, and in fact government in general probably does not take security as seriously as they should.
I agree.
The three letter agencies (not counting their other internal and external allies) are watching from the satellites, intercepting at NAP points, and sniffing lots of everything else. It's a big industry with lots of contractors across the planet. They watch each other, looking for new and interesting techniques. They sift and sniff the gargantuan amount of data looking for stuff, and sometimes they're successful, allies or not.
The latest SDRs are full of fun and mirth for those wishing to do trivial decodes and intercepts. The ways around identification are non-trivial, and worse where cameras can correlate physical identification. If you travel, chances are you're seen dozens, even hundreds of times. It's not paranoia, it's a matter of stitching data together to weave correlation.
It keeps them busy, albeit expensively. The rest of us just go to work and wonder what tiny amount of actual national security gets done, given the enormous poundage of data generated each moment. The reason for AI and neural learning isn't really about anything more than sifting and reacting. Lots of dead bodies this past week whose murderers didn't get detected.
---- Teach Peace. It's Cheaper Than War.
As soon as you put something in electronic form, the last person you would want to see it is looking at it.
Everyone has got to know about this international intelligence sharing agreement Echelon UKUSA/SIGINT that created 5 eyes by now. Surely? It has been in operation since the 1940's. I shouldn't be surprised that not even the article mentions it. It is the governance document for this kind of telecommunications surveillance.
I have a scan of the agreement however I've found it difficult to find the text online. The NSA links to the UK/USA seems to be broken for me. Maybe they're just interested in who is interested. ;). However a bit more digging and I found this article from the guardian that link to UK National Archive copy of the agreement. It was not available online for some time after I got it - so I suggest you grab a copy to get some idea how this agreement works. After all that's one reason it was kept secret for so long.
Essentially agencies can't spy on domestic citizens so they ask a counterpart agency to spy for them. I read somewhere that even back as far as the 90's it was doing signal processing to "gist" (as in get the gist of) about 500,000 phone conversations using data centers the size of football fields and promote them to analysts automatically. They had two nuclear submarines that would be positioned over undersea fibre optic telecommunications nodes so I think you can surmise just how well funded this agreement is if five western nations are involved.
It is like a Berlin wall of surveillance for the western world.
My ism, it's full of beliefs.
I guess nobody cares about the truth anymore. Thanks, Slashdot, for being just another propaganda tool.
Here's what Trump wrote on this Twitter:
"The New York Times has a new Fake Story that now the Russians and Chinese (glad they finally added China) are listening to all of my calls on cellphones. Except that I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines. Just more made up Fake News!"
Cell phones have been possible to listen in to, even by citizens (with some skills, and expensive equipment) for quite some time now.
The technology is the same that it has been using for the last 10-15 years, the encryption back then was too hard for that time, but today - with insanely strong GPU's and CPU's - heck...even FPGA's with a little specialized design - can crack that stream open like a tunnel wide gate, and there's even open source software so you can experiment with your "own" equipment and algorithms. Figure this - you can purchase a 2$ cellphone module complete with IMEI number, receiver/transceiver, data module, parser, encryption/decryption all-in-one-chips on eBay for the longest time. Did anyone really think these would have such processing capacity in 2018 that it couldn't be hacked today with our insane home computers (insane in comparison to 10+ years ago)?
There was even this instance where there were an old Nokia Telephone (33xx I think, not sure - but it's googleable), that had a bug that enabled you to get into monitoring mode, that phone was sought after for sinister purposes back then - and hard to find, but it was quite true.
What this world is coming to - is for you and me to decide.
That assumes a level of intelligence that I suspect the subject in this case does not possess.
Log in, and let's talk about it.
Who else is listening in on Trump's cellphone calls? What about the cellphones of other world leaders and senior government officials? And -- most personal of all -- what about my cellphone calls?
About the first: one would hope that the americans are listening to Trump's calls. Not just so that they know what every other world power learns from their eavesdropping, but also to gauge how well their own manipulation of his thought processes are proceeding, too.
Regarding the second point, one hopes - expects, even - that other world leaders are more circumspect. Since we don't hear about Xi on weibo or Merkel on twitter, we can assume that they are doing the statesmanlike thing and not blabbing stupidity to the world. They keep their stupidity firmly under wraps.
Finally - about your cellphone? You simply aren't important enough to waste effort on. So long as you don't do anything utterly stupid and reckless - like running your personal banking on your phone - there is no reason anyone else in the entire world would pay you any attention. But you already know that, since few people reply to your messages and nobody picks up when you call them.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
The spies know that you know they are spying and likely feeding them bad info. They probably assign low value to anything heard on a Trump phone call unless they can corroborate it. It's still very useful intel though, because even knowing what they want you to know has value, not to mention all the stuff that is true and more general stuff like the President's mood/state of mind, speech patterns and unfiltered reactions. Well, okay, the latter is usually on Twitter 10 minutes later, but still...
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
He should not use any means of communication for anything which is not secure and encrypted.
https://www.youtube.com/c/BrendaEM
If knowing what they want you to know is valuable and they know that you know that what you know is only what they want you to know but that you know that then they might let you know things that influence what you think you know about what you don't know.
The Russian Embassy is close to the White House, as the US Embassy in Paris is ( or at least was) to the Elysée, with a fake last floor.
If you know you're being spied on (I find it hard to believe that the Times would find out before the U.S. government) wouldn't that just motivate you to feed bad information through those channels?
Indeed, this is the strategy being used by the White House: Owing to Trump's level of sheer incompetence, most everything that comes out of his mouth is bad information.
Why would we believe a known liar?
Damn you, you caused me to just form a brief, false hope.
I imagined a carefully constructed misinformation campaign where our real government is healthy and functioning, and this entire absurdity of Trump and congress is just there to feed false intelligence to our enemies.
Sounds like an old Yes, Prime Minister dialogue:
Sir Humphrey: With Trident we could obliterate the whole of Eastern Europe.
Jim Hacker: I don't want to obliterate the whole of Eastern Europe.
Sir Humphrey: It's a deterrent.
Jim Hacker: It's a bluff. I probably wouldn't use it.
Sir Humphrey: Yes, but they don't know that you probably wouldn't.
Jim Hacker: They probably do.
Sir Humphrey: Yes, they probably know that you probably wouldn't. But they can't certainly know.
Jim Hacker: They probably certainly know that I probably wouldn't.
Sir Humphrey: Yes, but even though they probably certainly know that you probably wouldn't, they don't certainly know that, although you probably wouldn't, there is no probability that you certainly would.
https://www.youtube.com/watch?...
Remember, "Lock her up!" Be not deceived; ... for whatsoever a man soweth, that shall he also reap.
How many people from the Trump campaign and/or administration so far have plead guilty and are now cooperating with Mueller? I think (hope) that the way to taking Donald Trump down is by first going after his kids.
There is no sense of irony among Trump supporters.
I can't think of a more reliable source than Donald Trump
Of course your phone is insecure....you're running software you don't understand on a device you don't understand, using networks you don't understand. Why anyone would think they could do this "securely" is beyond me.
So sure- some of you install a firewall and anti-virus program and think that that's going to fix all those aforementioned problems. It won't.
The fact is that there's a very, very good chance that your phone is running something you don't want, never asked for, and can't detect let alone control. Half the apps in the Apple store have skanky shit going on inside them, the Android stores (Google Play, etc) aren't much better.
Now we also know that a lot of gadgets come with purpose-made malware in them, including phones, chargers, USB hubs, HDMI adapters, screen-casting gadgets, USB drives, charging cables, video systems, Blu-Ray players, etc etc etc.
Why anyone would think that they have a handle on what their electronics are doing is always amazing to me. You don't know what your gear is doing. You just don't.
Just cruising through this digital world at 33 1/3 rpm...
This seems a little simplistic considering public carriers are businesses out to make a buck and stay in the government's good graces, and methods to breach security can be had easily, if deliciously while adding security pretty much just subtracts from their bottom line.
But what about the phone he was *supposed* to be using? I'd think that the NSA would be able to configure/vet that to be inversely as secure as the public carrier networks aren't.
I still facepalm a bit when I see people whinging about: "Oh noes! Apple/Google might be monitoring your phone calls, location, or whatever. Targeted ads and Siri suggestions are CREEPY!". This, when they're carrying around a cell phone... ANY cell phone... in the first place.
Look... Apple may or may not be spying on you. Tim Cook's fight against the FBI and all his remarks about privacy may or may not be just for show. Google definitely IS spying on you. But it's primarily so they can better target ads to you. And they may or may not be feeding your information to the government. But the phone companies are 100%, without a doubt, confirmed to be spying on you... openly and brazenly... and feeding that information to the government. AT&T, for example, has been conspiring against you with the government for DECADES. The government doesn't even have to "tap" your line anymore. AT&T has built functionality for the NSA and their ilk to spy on you into their PSTN switches ever since they switched from analog to digital. They've built the same functionality into their cellular and data networks as well. They even provide space in their facilities to make playing Big Brother that much easier on the government:
https://en.wikipedia.org/wiki/...
And even before E911 rules, simple cell-tower triangulation could trace your location with startling accuracy. Remember how the first iPhone didn't have GPS? Well, it still had maps and location services. And it would show your position on said map based on signal strengths from the surrounding cell towers. It was startlingly accurate... down to 50 meters or less, I'd estimate. And anything Apple had on you, AT&T had on you as well; not because Apple necessarily shared it, but because of the way cellular networks work in the first place. And AT&T, with ZERO doubt (again... room 641A) was feeding that data to the government.
So, seriously... stop getting your panties all up in a wad over what Apple and Google may have or may do. AT&T's already sold you up the river. And they did so before smartphones were even a thing.
BTW: I pick on AT&T specifically, because they're the one that got caught red-handed. But if you doubt that Verizon and the rest are also conspiring with the NSA/FBI/etc. against you... well... I've got some fine beachfront resort land west of Miami that I think you'd just LOVE. Hit me up, and I'll tell you where to wire the money. Trust me, it'll be a steal!
Imagine all the people...
Here's what Trump wrote on this Twitter: "The New York Times has a new Fake Story that now the Russians and Chinese (glad they finally added China) are listening to all of my calls on cellphones. Except that I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines. Just more made up Fake News!"
He tweeted from a hard line? Cool tech!!!
Perhaps he still uses dialup? :)
Maybe all he uses the phone for is twitter?
The reality is these computers we are all walking around with in our pockets are wildly insecure. Hell a few weeks ago someone was reporting how many manufactures had tied down the internal debug USB bus to the external USB port. As I was explaining to the people I work with now (bankers) yes that is wide open. You pretty much have root access at the cell chip level with that thing. This is common knowledge in the telcom realm. With a basic 'you do not do that' we would fail the modem for that. Apparently the tests have become a bit lax over the years.
Trump is used to everyone spying on him. They have been for a long time. He deals with millions of dollars all the time in contracts. He knows people will do anything to steal money. He deals in misdirects and feigns to push his opponents off balance. People like to 'think' he is dumb. He knows how to part you from your money. He also knows how everyone is screwing everyone. He knows how to find people who leak. He knows how to make you talk about what he wants. When he called it a swamp he meant it. He strikes me as a billionaire who has decided he was tired of the game and is using it to put on the biggest political show we have seen in a long time. We are getting screwed 6 ways from sunday. The gov liked to pretend they were not doing it. They like to call it campaign contributions. The tech companies liked to pretend they were making the world a better place. When the reality is they were making a surveillance machine that would make Lenin jizz his pants just hearing about it.
Still think it is not a game? Look at what they did to Gab. A poormans rip off twitter. They shut it down. Any excuse to do so. The 'new' man is the same as the old one. Looking to cement their power for the 'power' of 'controlling the peoples voice'. Hell I do not even use either and think what they are doing is a gross power play. Watching them dismantle the network we have spent the past 25 years building is sad. All because they got called out for ripping everyone off.
I'm sure Apple loves this little love note from the tech community. They have been pretending for the past 30 years how secure their shit is. When the reality is very different.
Trump's Lies
All False statements involving Donald Trump
Trump’s Lies Have Grown Far More Frequent—and More Dangerous
The 25 Worst Lies From Donald Trump’s First 200 Days
Donald Trump has said 3084 false things as U.S. president
How Trump Gets Away with Lying, as Explained by a Magician
The Other Side: President Trump’s lies a clear and present danger
Trump lies about having ‘no financial interests in Saudi Arabia’
Trump's Relentless Lying Threatens Our Democracy.
This Is as Obvious and Blatant a Presidential Lie as You're Going to See
It’s True: Trump Is Lying More, and He’s Doing It on Purpose
President Trump Made 1,950 Untrue Claims in 2017. That's Making His Job Harder
Now the Russians and the Chinese get to be as confused as we are about U.S. policy.
If you know you're being spied on (I find it hard to believe that the Times would find out before the U.S. government) wouldn't that just motivate you to feed bad information through those channels?
Indeed, this is the strategy being used by the White House: Owing to Trump's level of sheer incompetence, most everything that comes out of his mouth is bad information.
It doesn’t have to be about government or politics to be useful information. Trump has little interest in those topics, anyway. I wouldn't be surprised if Trump wants to use his own phone because he’s more worried about his own government spying on him, (although I’m sure laziness is a factor). If he’s using that phone to run his always shady business deals, that could be very compromising information.
-- sudon't
Air-ride Equipped
"An idiot" that beat seasoned Hillary, and got the economy moving to a point Obama said wasn't possible 'ya need a magic want to get over 3%'. North Korea, successfully renegotiating trade deals, embassy in Jerusalem, huge number of kept campaign promises over previous administrations....
I'm afraid reality is not matching your little movie/perception of it. It's perhaps why you keep losing and he/America keep winning.
Here's what Trump wrote on this Twitter:
"The New York Times has a new Fake Story that now the Russians and Chinese (glad they finally added China) are listening to all of my calls on cellphones. Except that I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines. Just more made up Fake News!"
Which he sent from his iPhone. Use TweetDeck. It’ll tell you which phone he’s using.
-- sudon't
Air-ride Equipped
Proof?
The proof is Trump. The answer is because Trump.
Trump is talking about top secret stuff because Trump. He blabbed to the Russians top secret stuff, we know that already (this was the Israeli provided intelligence). With that on the table, I think that either you or Trump needs to prove that he isn't blabbing about more stuff to anyone else.
What I expect as an answer from you or Trump? Same as we got after the Russian disclosure debacle: "Oh, it's OK because he's the President, and Deplorables gotta be Deplorable! You... you didn't expect someone Presidential... did you?!"