Monday, April 18, 2016

Your Phone's back door is wide open.

CBS news has a piece on just how much info bad guys can get from your cell phone. Basically, anything they want.

Sharyn Alfonsi: Is one phone more secure than another? Is an iPhone more secure than an Android?

Karsten Nohl: All phones are the same.

Sharyn Alfonsi: If you just have somebody's phone number, what could you do?

Karsten Nohl: Track their whereabouts, know where they go for work, which other people they meet when-- You can spy on whom they call and what they say over the phone. And you can read their texts.


Now, doesn't this little revelation make the FBI insisting they need a special key to get into an iPhone seem extra stupid?

This is a non-government research group, they seem to have stumbled on a wide-open back door built into the cell network internationally. Imagine what the FBI and the NSA can do above and beyond what we see here.

The Phantom

4 comments:

WiFi Lunchbox Guy said...

Have you heard that the RCMP had the keys to
Blackberry's network since 2010
...that they'll
admit to?

If there's ever a major war, a hostile power could
turn the cell network into an Internet of Botnets.

Blah.

The Phantom said...

I have always assumed that the RCMP and CSIS had the keys to the Blackberry Kingdom. As it says in the article, half the government works on BB so it's no surprise they'd bend over backward to keep Ottawa happy.

There will come a time when all this shit will come unglued, and it will no doubt be in a war situation. I can't imagine an enemy passing up the opportunity to screw their opponent's coms.

To that end, I've been thinking about a shadow-web type application. Little el-cheapo throw away wifi servers. If every car in town had a file sharing device plugged in to the cigarette lighter, and if the fire department and local cop shop had a client, you could still communicate locally even if the Interwebz and the cell network were f-ed.

Pirate Box is one way to do it, I'm sure there are lots more. And pretty much all phones/tablets have wifi. Put up a few Pringles can antennas, and you're in business.

WiFi Lunchbox Guy said...

Now that I think of it...having a master password for something
like this is literally the equivalent of the "self-destruct button"
in every cartoon villain's lair.

The Phantom said...

Self destruct button... yeah. Like 007 is never going to sneak in and push that.

I've been thinking about that a little bit. I think the prepared individual would do well to have some means to create an ad-hock local wireless web in his or her town.

See Pirate Box https://piratebox.cc/raspberry_pi:diy for the kind of thing I'm thinking of.

Now, that example uses a Raspberry Pi computer, which is cheap. $50~ give or take. I'm thinking of something MUCH cheaper. The ESP8266 http://www.esp8266.com/ is like $4-$6 depending where you get it, and it's a full-on wifi router.