NSA Is In Ur Smartphone, Sharing Ur Selfies (Paranoia news roundup.)

First off, some good news — from Europe, at least. 20,000 people turned out for an anti-spy protest in Berlin: http://www.securityweek.com/thousands-german-anti-nsa-protes

If you still thought there was any privacy to be had wielding a glass-and-plastic brick, guess again. The NSA/GCHQ can indeed hack all the major smartphones. Even Blackberries, the generally more security conscious Canadian outlier of the pay-$400-to-get-ADD world.

Which, frankly, is no surprise… that smartphones can have firmware updated over-the-air has been known for some time. Presumably that bit isn’t in the Snowden docs, or this particular capability doesn’t require complicity from the cell operator.

Some/all crypto is probably broken, not just backdoored: It looks like I missed something in my coverage of “the NSA backdoors the world.” Specifically, the following quote strongly implies a cryptographic break — read, actually breaking well implemented crypto, instead of relying on bug-doors — against some common and highly-desirable-to-crack system. (HTTPS/SSL is the obvious choice, but I feel like that would have fallen earlier than 2010)

Specifically, a break that’s both fast and that doesn’t rely on souper-seekret quantum bio-soup stolen-from-the-Venusians hardware to work, so you can apply it en masse and give the result to Jerry the Average Analyst.

“A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made “vast amounts” of data collected through internet cable taps newly “exploitable”.”” http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

And, just in case you were wondering, Tor isn’t necessarily the solution either: http://arstechnica.com/security/2013/09/majority-of-tor-crypto-keys-could-be-broken-by-nsa-researcher-says/


“The United States’ National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. Top secret NSA documents that SPIEGEL has seen explicitly note that the NSA can tap into such information on Apple iPhones, BlackBerry devices and Google’s Android mobile operating system.

The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been.

The documents also indicate that the NSA has set up specific working groups to deal with each operating system, with the goal of gaining secret access to the data held on the phones.

In the internal documents, experts boast about successful access to iPhone data in instances where the NSA is able to infiltrate the computer a person uses to sync their iPhone. Mini-programs, so-called “scripts,” then enable additional access to at least 38 iPhone features.

The documents suggest the intelligence specialists have also had similar success in hacking into BlackBerrys. A 2009 NSA document states that it can “see and read SMS traffic.” It also notes there was a period in 2009 when the NSA was temporarily unable to access BlackBerry devices. After the Canadian company acquired another firm the same year, it changed the way in compresses its data. But in March 2010, the department responsible at Britain’s GCHQ intelligence agency declared in a top secret document it had regained access to BlackBerry data and celebrated with the word, “champagne!”

The documents also state that the NSA has succeeded in accessing the BlackBerry mail system, which is known to be very secure. This could mark a huge setback for the company, which has always claimed that its mail system is uncrackable.

In response to questions from SPIEGEL, BlackBerry officials stated, “It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic.” The company said it had not programmed a “‘back door’ pipeline to our platform.”

The material viewed by SPIEGEL suggests that the spying on smart phones has not been a mass phenomenon. It has been targeted, in some cases in an individually tailored manner and without the knowledge of the smart phone companies. “

%d bloggers like this: