informa
/
Risk
News

NSA Vs. Your Smartphone: 5 Facts

No, the NSA can't magically hack all iPhones and smartphones, but just like malware developers, it has more than a few tricks up its sleeve for retrieving data stored on mobile devices.
2. BlackBerry Enterprise Server: Hackable.

According to the released documents, thanks to a discovery by British partner agency GCHQ, the NSA also has the ability to intercept BlackBerry text messages sent using BlackBerry Internet Service (BIS), which are networks operated by telecommunications providers. All BIS traffic is compressed, but not encrypted.

By contrast, many enterprises rely on BlackBerry Enterprise Server (BES), which encrypts all data in transit. But according to a leaked presentation -- titled "Your target is using a BlackBerry? Now what?" -- the NSA can also intercept BES traffic, although it requires a "sustained" operation on the part of the agency's Tailored Access Operation department to "fully prosecute your target." One Mexican government agency email included in the report suggests that the capability has been put to the test.

3. Malware Already Turned Smartphones Into Listening Stations.

Reports into the NSA's smartphone hacking capabilities came on the heels of reports that the NSA had weakened unnamed encryption systems. In the information security realm, was nothing sacred?

But the NSA's reported hacking capabilities aren't exactly news. Notably, the British-built FinFisher malware that's sold to governments can be used to monitor all forms of communication on devices that run Apple iOS, BlackBerry OS, Google Android and Nokia's Symbian platform as well as Windows Mobile. According to teardowns of the software, which has been actively used to target dissidents in autocratic regimes, the software also can perform "silent calls" that remotely activate the device's built-in microphone.

4. Criminals Were Already Infecting Smartphones Via PCs.

According to the Der Spiegel report, the NSA's favored technique for retrieving information from phones is to infect a PC that synchronizes with the device. Again, however, this isn't a revolutionary approach. Criminals have long been infecting PCs with malware that then load malware onto Android smartphones, typically to help gangs intercept one-time codes sent by banks to authorize account transfers.

5. Like Hackers, The NSA Can Jailbreak.

If the NSA can't grab what it needs via malware, it can simply root a targeted Android smartphone, or jailbreak an iPhone or iPad. "Jailbreaking is when hackers unlock phones like the iPhone so that they can install software Apple doesn't approve of," said Robert David Graham, CEO of Errata Security, in a blog post. "Every time somebody releases a jailbreak for the iPhone, the NSA quietly copies the jailbreak into their malware. Indeed, some researchers simply sell their jailbreaks to the NSA instead of releasing them to the public."

Learn more about BYOD, MDM and other topics by attending the Interop conference track on Mobility in New York from Sept. 30 to Oct. 4.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5