New revelations show that Iran has posted apps found on Google’s Play Store which give the Iranians the ability to easily spy on anyone who downloads them to their smartphone. Some say these are “weaponized” smartphone apps.
Most people don’t realize that the mobile phone is probably the most dangerous device available today. It is more powerful than any conventional computer, and it is totally vulnerable to hacking.
The modern smartphone combines significant computing power made up of a very fast microprocessor and graphics engine plus memory with a host of sensors and radios, including GPS.
The cameras are high resolution and compete with digital cameras and in some cases outperform them. And the device’s sensors, including at least two microphones, guarantee the possibility of an intruder listening to conversations, even when the user thinks the smartphone is turned off.
In fact, so long as there is a battery in a smartphone, a type of malware known as a “spy phone” can switch the phone on, and record and transmit conversations. Spy phone apps can be planted on phones in a variety of way, or even built in by third-party device makers.
You can buy a spy phone on the web or from an app outlet although most of those sold commercially require manual installation and lack the attributes of a professional-grade version.
These can either be engineered into the smartphone from the point of manufacture. They can also be slipped in through an app or a vulnerability in the phone’s operating system, or by human error – the result of a phishing attack.
There is, in practice almost no way to mitigate the spy phone risk. Many modern smartphones, to keep them thin and gain the maximum screen coverage, have sealed in batteries that cannot be removed or serviced. This means that an embedded spy phone can take it over at any time without the user being able to kill the phone.
Sensitive meetings
The best strategy is not to take a smartphone into sensitive meetings, but this “strategy” only blocks out the conversations in the meeting, not the spy phone capability itself.
At the Pentagon and other government agencies in the United States, users are asked to put their smartphones in a storage box if they attend a classified meeting.
Certainly, this is only a half measure, since otherwise, the phone can record just about any activity, a boon to foreign spies who want to know more about the Pentagon players, and the plans and programs that otherwise are hidden from view.
Even the White House, until a few weeks ago was not restricting personal smartphones at all but now, the chief of staff, General John F. Kelly, has banned the White House staff use of personal smartphones.
Unfortunately, for the White House, and probably across the US government, banning personal smartphones is coming rather too late.
By now, foreign spying agencies and many others already have picked off lots of information, such as phone books and call logs, emails and text messages and plenty of passwords as well as other sensitive personal information that can be exploited.
In fact, the smartphone has created an unprecedented bonanza for foreign spy agencies, investigators, government agencies and commercial enterprises seeking a leg up in a competition for getting their hands on sensitive technology.
Consider, as an example, the US Patent Office. Workers there who have smartphones open a window on Patent Office activity that can tip off a spy agency or a techno-bandit to new developments that might be of great military or commercial significance. This applies especially to patents that the US Government may choose to classify and not openly publish.
America is very slow to wake up to the danger and other countries are equally insensitive to the risks. This past week, the FBI, CIA and NSA gave another warning about certain Chinese smartphones made by Huawei and ZTE.
But most smartphones are made, in whole or in part in China, so the possibility of infecting them at the point of manufacture looms large for virtually all models.
This, of course, is only the beginning of risks to smartphones. Some manufacturers openly embed software into the phones they sell loaded with advertising apps that pop up here and there and often annoy users.
Probably, it is a good rule that the cheaper the phone is at the point of sale the more likely it is going to loaded with junk apps. But this rule of thumb doesn’t mean that other apps can’t be bugged and still promoted by top manufacturers.
The truth is there is no systematic or sound vetting system to clean out junkware and spyware, and sometimes it is impossible to delete – or can only be partially deleted or disabled leaving behind the really bad stuff.
Software for phones, including operating systems, is full of bugs and vulnerabilities. For example, many modern smartphones come with sophisticated photo editing and location-linked APPS, and these can be, and sometimes are, not only bugged but infected.
Software codes, including operating systems, are often put together with various elements, some old, some new and some from third parties. Especially popular is so-called community-sourced code, which is available free of charge, and some of these and algorithms wind up in smartphones.
The Heartbleed Bug got on to smartphones and computers in precisely this way. In this case, the major vulnerability compromised SSL encryption, the type commonly used for secure email and for banking and credit card transactions.
Unknown sources
Worse still, industry was relying on what it calls “Open SSL” for cryptography, in other words, relying on encryption coming from unknown sources for security.
Encryption from unknown sources is not only inherently dangerous because its sources are not known and there is no accountability. But it is especially reckless to use this code in a security application.
But it gets worse. Most commercial software and operating systems are produced by teams of programmers from around the world without any solid way to detect bugs and malware.
Still, it is interesting to note that the Pentagon recently identified three phones as safe: the Samsung’s Galaxy phone with Knox (a type of security partition), Apple’s iPhone and the latest Blackberry. How the Pentagon came to this conclusion is impossible to say.
But the Pentagon has put itself into a deep, dark hole because it is relying on smartphones and smartphone technology for combat missions, for drones and for other systems and it still allows private smartphones in the Pentagon, government laboratories and military bases (not to mention on the premises of defense contractors).
Secretary of Defense James Mattis is said to want to ban smartphones, but he has not yet acted. He should do so, but he also should clean out all the smartphones and related devices from the US military arsenal.
Then there is the probability of third-party apps. The Google Play Store and the Apple Store feature thousands of apps of all kinds, including even spy phones. Neither company has either the manpower or the skill to properly vet apps that show up in its outlets. Thus it is caveat emptor for users, but even they can make mistakes.
What is really needed is a far better security system for smartphones. It is up to governments to provide leadership to make this happen. Unfortunately, the incentives are perverse, because too many governments are invested too heavily in the spy business, so they don’t want to wake up and address the threat.
Yet another stupid western alarmist antic. Cut off all internet and wifi connection then, and go bury yourself 6ft under.
Your stupid Zionist, we all know about that , we know in the first place this comes from CIA, Mossad , MI6……, Your stupid Zionist have you heared from 5 eyes?
It is not the Iranians or the Chinese or the Russians that we should be worried about. It is the Western intelligence agencies that have long weaponized computers, and other information systems such as the internet, mobile phones or even the ‘smart tv’. And the typical person in the West has already effectively lost all their privacy rights. Stephen Bryen should not be barking at Iran, China or Russia. He should be barking at the usual suspects: CIA, NSA, FBI, and their loyal British intelligence dogs.
"..And the device’s sensors, including at least two microphones, guarantee the possibility of an intruder listening to conversations, even when the user thinks the smartphone is turned off."
This capability of "listening" even when the phone is turned off appeared on US media the journalist demonstrated this on live TV. After turning off his smart phone, he drove around DC then attached the phone to kind of encrypting device and within a few minutes everything he said when the phone was turned off, was recorded, including places where he stopped.
He concluded that the advice to turn off smart phones on planes can be misleading since they have this feature.
My comment to that article is that this is yet another example of the blatant violation of our 4th Amendment (the right to privacy). We have none. We lost that right when we set up around 17 intelligence agencies. I doubt if Americans would ever get back our right to privacy with intrustive technology such as this.
The NSA, along with the US’s alphabet soup of intelligence agencies, run the biggest internet surveillance system in the world, sucking up each & every byte of data. They also conduct industrial espionage, which their European partners have complained about. Even tapped Merkel’s phone. But god help us if anyone else did what they do. Got a ballistic missile? Red alert. Got a stealth fighter? Warning! They make smartphone? Ban ’em. Producing long-range drones? Danger! Get a grip already.
The chipsets are usually from from Qualcomm or Samsung. The 5 top operating systems are Android OS – Google Inc. Mobile Operating Systems – Android. iOS – Apple Inc. Mobile Operating Systems – iOS. Series 40 [S40] OS – Nokia Inc. Mobile Operating Systems – S40 Nokia OS. BlackBerry OS – BlackBerry Ltd. Mobile Operating Systems – BlackBerry. Windows OS – Microsoft Corporation.
More and more news about backdoors are emerging. These backdoor are probably deliberately designed to allow spying and collection of data.
Intel is facing at least 32 lawsuits over the Meltdown and Spectre CPU flaws
For anyone travelling to China do not bring your cell phone or laptop as it will immediately get infected by their government as soon as you get there. Buy a cheap phone there. Surprised the author didn’t cover this.
I help you make it easy-peasy for you, Do not travel to China because Chinease people will infect you, Dont eat their food, dont shake hands, dont touch them , dont take shower with chinease water…….more…
Got 1 single word for this stupid article: Stuxnet.
funny, no mention of US hacking whatsoever? it is almost as if Snowden doesn’t exist. I guess that is what the US want or trying to make it happen.
Beginning by unnecessarily naming Iran and only Iran as "the bad actor" discredits this alarmist article to the point that I didn’t much care what else it had to say.