Risk
9/11/2013
12:59 PM
Connect Directly
RSS
E-Mail
50%
50%

NSA Vs. Your Smartphone: 5 Facts

No, the NSA can't magically hack all iPhones and smartphones, but just like malware developers, it has more than a few tricks up its sleeve for retrieving data stored on mobile devices.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Is your smartphone a sitting duck for government intelligence agencies?

Fears about the security afforded by smartphones rose sharply over the weekend, after excerpts of documents leaked by National Security Agency whistle-blower Edward Snowden revealed that the agency has successfully retrieved data from a number of different makes and models of smartphones. A report published Saturday by Der Spiegel outlined some of those capabilities.

Smartphones are no doubt an attractive target for intelligence agencies. They store not just contact information -- useful for charting a target's social network -- but also photographs, bank account numbers, passwords as well as Web searches that provide insight into people's interests. On top of that, the devices carry a GPS chip that reveals a user's location, and a camera and microphone that could be remotely activated and surreptitiously used to eavesdrop on targets in real time.

[ Are tax dollars being used to spy on taxpayers? Read NSA Paid Tech Companies Millions For Prism. ]

Of course, the NSA already has numerous non-technological means, such as a subpoena, for obtaining access to desired systems that operate inside the United States. Beyond that, however, are NSA smartphone spying worries founded?

Here are five related facts about what's known about the NSA's capabilities:

1. NSA Working Groups Develop Exploits.

The leaked documents revealed that the NSA maintains working groups for each of the major smartphone brands, including not just iPhone, Android and BlackBerry but also Nokia, which has reportedly been the most popular device for accessing extremist forums.

All models of smartphones appear to be vulnerable to some types of surveillance. For example, NSA analysts were reportedly able to retrieve vast quantities of location data from iOS users. That changed with the introduction of iOS version 4.3.3, which restricted the amount of location information stored in memory to just seven days, reported Der Speigel.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TerryB
50%
50%
TerryB,
User Rank: Ninja
12/17/2013 | 10:13:33 AM
re: NSA Vs. Your Smartphone: 5 Facts
Now who is naive? Or at least clueless on legal issues. You really think that would be evidence beyond reasonable doubt? Especially since my car would have no physical evidence of any accident. Besides, I don't text and drive, rarely even carry my smartphone with me unless traveling.

Your comment is the kind mindless fear mongering I'm talking about. What makes you think they wouldn't have satellite images of the accident anyway? Or street cameras? I think going to cell logs is the last thing you have to worry about.

One last point, maybe you should research what the NSA does. Investigating crime, even murder, is not their function. Do you have evidence the local police can subpoena these records for crime investigations? Of course you don't, because you can't do it. You do understand what "classified" access is, right?

All this said, as I clearly said in my first post, I don't think this is constitutional. And on news last night the first judge agrees with that stance. We'll see how appeals process plays out.

My point stands, unless you truely are a terrorist, or hang out with them, the NSA is nothing that should concern you.
TerryB
50%
50%
TerryB,
User Rank: Ninja
9/12/2013 | 5:48:08 PM
re: NSA Vs. Your Smartphone: 5 Facts
Why is that scary to ordinary people, Cara? I've always wondered what people are thinking when they make those comments. Are ordinary people scared the NSA will intercept plans with your friends for golf and steal your tee time?
I understand the theoretical arguments about right to privacy supposedly guaranteed by our constitution and don't necessarily disagree with those. But scared of NSA in my boring mid-western life? Nope.
What scares me is the total dysfunction of government in general. That seems to get worse every year, no matter what your political leanings are. :-)
Mathew
50%
50%
Mathew,
User Rank: Apprentice
9/12/2013 | 10:16:05 AM
re: NSA Vs. Your Smartphone: 5 Facts
Great question. I haven't gotten my hands on iOS 7 but am running this down.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
9/11/2013 | 7:52:14 PM
re: NSA Vs. Your Smartphone: 5 Facts
This seems to me like a blatant disregard of any privacy whatsoever. Essentially, regardless of what consumers do to protect themselves, the NSA will always find a way to gain access to their data, and that is scary.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
9/11/2013 | 7:25:51 PM
re: NSA Vs. Your Smartphone: 5 Facts
Mat, any thoughts on how the new iOS will fit in here? Does the location data remain hard to retrieve?
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.