Risk
9/11/2013
12:59 PM
50%
50%

NSA Vs. Your Smartphone: 5 Facts

No, the NSA can't magically hack all iPhones and smartphones, but just like malware developers, it has more than a few tricks up its sleeve for retrieving data stored on mobile devices.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Is your smartphone a sitting duck for government intelligence agencies?

Fears about the security afforded by smartphones rose sharply over the weekend, after excerpts of documents leaked by National Security Agency whistle-blower Edward Snowden revealed that the agency has successfully retrieved data from a number of different makes and models of smartphones. A report published Saturday by Der Spiegel outlined some of those capabilities.

Smartphones are no doubt an attractive target for intelligence agencies. They store not just contact information -- useful for charting a target's social network -- but also photographs, bank account numbers, passwords as well as Web searches that provide insight into people's interests. On top of that, the devices carry a GPS chip that reveals a user's location, and a camera and microphone that could be remotely activated and surreptitiously used to eavesdrop on targets in real time.

[ Are tax dollars being used to spy on taxpayers? Read NSA Paid Tech Companies Millions For Prism. ]

Of course, the NSA already has numerous non-technological means, such as a subpoena, for obtaining access to desired systems that operate inside the United States. Beyond that, however, are NSA smartphone spying worries founded?

Here are five related facts about what's known about the NSA's capabilities:

1. NSA Working Groups Develop Exploits.

The leaked documents revealed that the NSA maintains working groups for each of the major smartphone brands, including not just iPhone, Android and BlackBerry but also Nokia, which has reportedly been the most popular device for accessing extremist forums.

All models of smartphones appear to be vulnerable to some types of surveillance. For example, NSA analysts were reportedly able to retrieve vast quantities of location data from iOS users. That changed with the introduction of iOS version 4.3.3, which restricted the amount of location information stored in memory to just seven days, reported Der Speigel.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TerryB
50%
50%
TerryB,
User Rank: Ninja
12/17/2013 | 10:13:33 AM
re: NSA Vs. Your Smartphone: 5 Facts
Now who is naive? Or at least clueless on legal issues. You really think that would be evidence beyond reasonable doubt? Especially since my car would have no physical evidence of any accident. Besides, I don't text and drive, rarely even carry my smartphone with me unless traveling.

Your comment is the kind mindless fear mongering I'm talking about. What makes you think they wouldn't have satellite images of the accident anyway? Or street cameras? I think going to cell logs is the last thing you have to worry about.

One last point, maybe you should research what the NSA does. Investigating crime, even murder, is not their function. Do you have evidence the local police can subpoena these records for crime investigations? Of course you don't, because you can't do it. You do understand what "classified" access is, right?

All this said, as I clearly said in my first post, I don't think this is constitutional. And on news last night the first judge agrees with that stance. We'll see how appeals process plays out.

My point stands, unless you truely are a terrorist, or hang out with them, the NSA is nothing that should concern you.
TerryB
50%
50%
TerryB,
User Rank: Ninja
9/12/2013 | 5:48:08 PM
re: NSA Vs. Your Smartphone: 5 Facts
Why is that scary to ordinary people, Cara? I've always wondered what people are thinking when they make those comments. Are ordinary people scared the NSA will intercept plans with your friends for golf and steal your tee time?
I understand the theoretical arguments about right to privacy supposedly guaranteed by our constitution and don't necessarily disagree with those. But scared of NSA in my boring mid-western life? Nope.
What scares me is the total dysfunction of government in general. That seems to get worse every year, no matter what your political leanings are. :-)
Mathew
50%
50%
Mathew,
User Rank: Apprentice
9/12/2013 | 10:16:05 AM
re: NSA Vs. Your Smartphone: 5 Facts
Great question. I haven't gotten my hands on iOS 7 but am running this down.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
9/11/2013 | 7:52:14 PM
re: NSA Vs. Your Smartphone: 5 Facts
This seems to me like a blatant disregard of any privacy whatsoever. Essentially, regardless of what consumers do to protect themselves, the NSA will always find a way to gain access to their data, and that is scary.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
9/11/2013 | 7:25:51 PM
re: NSA Vs. Your Smartphone: 5 Facts
Mat, any thoughts on how the new iOS will fit in here? Does the location data remain hard to retrieve?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.