Lee writes: "In dangerous environments like war-torn Syria, smartphones
become indispensable tools for journalists, human rights workers, and
activists. But at the same time, they become especially potent tracking
devices that can put users in mortal danger by leaking their location. NSA
whistleblower Edward Snowden has been working with prominent hardware hacker
Andrew 'Bunnie' Huang to solve this problem."
Components of an iPhone. (photo: Andrew Huang)
Edward Snowden's New Research Aims to Keep Smartphones From Betraying Their
Owners
By Micah Lee, The Intercept
21 July 16
In early 2012, Marie Colvin, an acclaimed international journalist from New
York, entered the besieged city of Homs, Syria, while reporting for London's
Sunday Times. She wrote of a difficult journey involving "a smugglers'
route, which I promised not to reveal, climbing over walls in the dark and
slipping into muddy trenches." Despite the covert approach, Syrian forces
still managed to get to Colvin; under orders to "kill any journalist that
set foot on Syrian soil," they bombed the makeshift media center she was
working in, killing her and one other journalist and injuring two others.
Syrian forces may have found Colvin by tracing her phone, according to a
lawsuit filed by Colvin's family this month. Syrian military intelligence
used "signal interception devices to monitor satellite dish and cellphone
communications and trace journalists' locations," the suit says.
In dangerous environments like war-torn Syria, smartphones become
indispensable tools for journalists, human rights workers, and activists.
But at the same time, they become especially potent tracking devices that
can put users in mortal danger by leaking their location.
National Security Agency whistleblower Edward Snowden has been working with
prominent hardware hacker Andrew "Bunnie" Huang to solve this problem. The
pair are developing a way for potentially imperiled smartphone users to
monitor whether their devices are making any potentially compromising radio
transmissions. They argue that a smartphone's user interface can't be relied
on to tell you the truth about that state of its radios. Their initial
prototyping work uses an iPhone 6.
"We have to ensure that journalists can investigate and find the truth, even
in areas where governments prefer they don't," Snowden told me in a video
interview. "It's basically to make the phone work for you, how you want it,
when you want it, but only when."
Huang made a name for himself by using a technique known as reverse
engineering to hack into Microsoft's Xbox and other hardware devices locked
down using various forms of encryption, and Snowden said he's been an
invaluable research partner.
"When I worked at the NSA, I worked with some incredibly talented people,"
Snowden said, "but I've never worked with anybody who had such an incredible
outpouring of expertise than I have with Bunnie."
Snowden and Huang presented their findings in a talk at MIT Media Lab's
Forbidden Research event today and published a detailed paper.
Location Privacy and Smartphones
Smartphones come with a variety of different types of radio transmitters and
receivers: cellular modems (for phone calls, SMS messages, and mobile data),
wifi, bluetooth, and others. But using any of these radios could leak your
physical location to an adversary who is watching the airwaves.
Journalists and activists use their phones to communicate with sources and
colleagues, post updates and livestream to social media, and accomplish
countless other networked tasks. If they need to keep their location secret,
for example in a war zone, they need to turn off all of the radios within
their phones. Even so, phones can still be vital tools even when offline;
internet access is not needed to take photographs, record video or audio,
take notes, use certain maps, or manage schedules.
Snowden and Huang have been researching if it's possible to use a smartphone
in such an offline manner without leaking its location, starting with the
assumption that "a phone can and will be compromised." After all,
journalists and activists are often under-resourced and face off against
well-funded intelligence services. They also, necessarily, use their phones
to talk to, and open documents from, a wide variety of sources, leaving them
especially vulnerable to targeted phishing, or "spearphishing," attacks,
where an attacker baits a victim into opening an enticing document that
actually contains an exploit.
The research is necessary in part because the most common way to try to
silence a phone's radio - turning on airplane mode - can't be relied on to
squelch your phone's radio traffic. "Malware packages, peddled by hackers at
a price accessible by private individuals, can activate radios without any
indication from the user interface," Snowden and Huang explain in their blog
post. "Trusting a phone that has been hacked to go into airplane mode is
like trusting a drunk person to judge if they are sober enough to drive."
Introspection Engine
Since a smartphone can essentially be made to lie about that state of its
radios, the goal of Snowden and Huang's research, according to their post,
is to "provide field-ready tools that enable a reporter to observe and
investigate the status of the phone's radios directly and independently of
the phone's native hardware." In other words, they want to build an entirely
separate tiny computer that users can attach to a smartphone to alert them
if it's being dishonest about its radio emissions.
Snowden and Haung are calling this device an "introspection engine" because
it will inspect the inner-workings of the phone. The device will be
contained inside a battery case, looking similar to a smartphone with an
extra bulky battery, except with its own screen to update the user on the
status of the radios. Plans are for the device to be able to sound an
audible alarm and possibly also to come equipped with a "kill switch" that
can shut off power to the phone if any radio signals are detected. "The core
principle is simple," they wrote in the blog post. "If the reporter expects
radios to be off, alert the user when they are turned on."
The introspection engine also must fit a number of design goals, including:
It should be entirely open source, with open hardware, to make it easy for
experts to inspect; it should operate in a separate "security domain" than
the phone. Basically, the introspection engine should work even if the phone
is hacked and actively lying to you; it should have a simple and intuitive
user interface and require no special training to use; it should be usable
on a daily basis with minimal impact on workflow.
Introspection engines don't exist yet, and the research Snowden and Huang
presented today is only the beginning. In order to begin work on a
prototype, the pair needed to pick a specific model of smartphone to target.
They chose the 4.7-inch iPhone 6, based on their understanding of "the
current preferences and tastes of reporters." However, introspection engines
could be designed for any model phone.
Jacking Into the iPhone
Huang, an American who currently lives in Singapore, traveled to the
metropolis of Shenzhen, China, to explore the electronics markets of Hua
Qiang, which he described as "ground zero for the trade and practice of
iPhone repair." While there, he bought spare parts and repair manuals that
contained detailed blueprints of the target device.
Using information gleaned from these manuals, Snowden and Huang discovered
that the iPhone's logic board has several test points designed by the
manufacturer that can be exploited to learn the status of various on-board
radios. These test points, which are built-in to many consumer devices, are
crucial to improving customer experience. When a customer returns a
defective device, engineers rely on them to determine the cause of the
defect.
Snowden and Huang discovered 12 test points that could be used to monitor
the status of the cellular radios, the GPS radio, and the wifi and bluetooth
radios. While they didn't find a test point to monitor the Near Field
Communication chip, the part that makes Apple Pay possible, they discovered
that they could disconnect its antenna, vastly reducing its range.
They don't think that modifying an iPhone 6 to install an introspection
device could be done by just anyone, but "any technician with modest
soldering skills can be trained to perform these operations reliably in
about 1-2 days of practice on scrap motherboards."
Supply Chain
The next step is to develop a working prototype, which Snowden and Bunnie
hope to complete over the next year. Their blog post says that the project
is currently operating on a "shoestring budget" and "donated time."
If it proves successful, they may seek funding through the Freedom of the
Press Foundation to develop and maintain a supply chain. The nonprofit, of
which both Snowden and I are board members, could then distribute iPhones
that have been modified to include introspection devices to journalists who
work in dangerous environments to use in the field.
Error! Hyperlink reference not valid. Error! Hyperlink reference not valid.
Components of an iPhone. (photo: Andrew Huang)
https://theintercept.com/2016/07/21/edward-snowdens-new-research-aims-to-kee
p-smartphones-from-betraying-their-owners/https://theintercept.com/2016/07/2
1/edward-snowdens-new-research-aims-to-keep-smartphones-from-betraying-their
-owners/
Edward Snowden's New Research Aims to Keep Smartphones From Betraying Their
Owners
By Micah Lee, The Intercept
21 July 16
n early 2012, Marie Colvin, an acclaimed international journalist from New
York, entered the besieged city of Homs, Syria, while reporting for London's
Sunday Times. She wrote of a difficult journey involving "a smugglers'
route, which I promised not to reveal, climbing over walls in the dark and
slipping into muddy trenches." Despite the covert approach, Syrian forces
still managed to get to Colvin; under orders to "kill any journalist that
set foot on Syrian soil," they bombed the makeshift media center she was
working in, killing her and one other journalist and injuring two others.
Syrian forces may have found Colvin by tracing her phone, according to a
lawsuit filed by Colvin's family this month. Syrian military intelligence
used "signal interception devices to monitor satellite dish and cellphone
communications and trace journalists' locations," the suit says.
In dangerous environments like war-torn Syria, smartphones become
indispensable tools for journalists, human rights workers, and activists.
But at the same time, they become especially potent tracking devices that
can put users in mortal danger by leaking their location.
National Security Agency whistleblower Edward Snowden has been working with
prominent hardware hacker Andrew "Bunnie" Huang to solve this problem. The
pair are developing a way for potentially imperiled smartphone users to
monitor whether their devices are making any potentially compromising radio
transmissions. They argue that a smartphone's user interface can't be relied
on to tell you the truth about that state of its radios. Their initial
prototyping work uses an iPhone 6.
"We have to ensure that journalists can investigate and find the truth, even
in areas where governments prefer they don't," Snowden told me in a video
interview. "It's basically to make the phone work for you, how you want it,
when you want it, but only when."
Huang made a name for himself by using a technique known as reverse
engineering to hack into Microsoft's Xbox and other hardware devices locked
down using various forms of encryption, and Snowden said he's been an
invaluable research partner.
"When I worked at the NSA, I worked with some incredibly talented people,"
Snowden said, "but I've never worked with anybody who had such an incredible
outpouring of expertise than I have with Bunnie."
Snowden and Huang presented their findings in a talk at MIT Media Lab's
Forbidden Research event today and published a detailed paper.
Location Privacy and Smartphones
Smartphones come with a variety of different types of radio transmitters and
receivers: cellular modems (for phone calls, SMS messages, and mobile data),
wifi, bluetooth, and others. But using any of these radios could leak your
physical location to an adversary who is watching the airwaves.
Journalists and activists use their phones to communicate with sources and
colleagues, post updates and livestream to social media, and accomplish
countless other networked tasks. If they need to keep their location secret,
for example in a war zone, they need to turn off all of the radios within
their phones. Even so, phones can still be vital tools even when offline;
internet access is not needed to take photographs, record video or audio,
take notes, use certain maps, or manage schedules.
Snowden and Huang have been researching if it's possible to use a smartphone
in such an offline manner without leaking its location, starting with the
assumption that "a phone can and will be compromised." After all,
journalists and activists are often under-resourced and face off against
well-funded intelligence services. They also, necessarily, use their phones
to talk to, and open documents from, a wide variety of sources, leaving them
especially vulnerable to targeted phishing, or "spearphishing," attacks,
where an attacker baits a victim into opening an enticing document that
actually contains an exploit.
The research is necessary in part because the most common way to try to
silence a phone's radio - turning on airplane mode - can't be relied on to
squelch your phone's radio traffic. "Malware packages, peddled by hackers at
a price accessible by private individuals, can activate radios without any
indication from the user interface," Snowden and Huang explain in their blog
post. "Trusting a phone that has been hacked to go into airplane mode is
like trusting a drunk person to judge if they are sober enough to drive."
Introspection Engine
Since a smartphone can essentially be made to lie about that state of its
radios, the goal of Snowden and Huang's research, according to their post,
is to "provide field-ready tools that enable a reporter to observe and
investigate the status of the phone's radios directly and independently of
the phone's native hardware." In other words, they want to build an entirely
separate tiny computer that users can attach to a smartphone to alert them
if it's being dishonest about its radio emissions.
Snowden and Haung are calling this device an "introspection engine" because
it will inspect the inner-workings of the phone. The device will be
contained inside a battery case, looking similar to a smartphone with an
extra bulky battery, except with its own screen to update the user on the
status of the radios. Plans are for the device to be able to sound an
audible alarm and possibly also to come equipped with a "kill switch" that
can shut off power to the phone if any radio signals are detected. "The core
principle is simple," they wrote in the blog post. "If the reporter expects
radios to be off, alert the user when they are turned on."
The introspection engine also must fit a number of design goals, including:
It should be entirely open source, with open hardware, to make it easy for
experts to inspect; it should operate in a separate "security domain" than
the phone. Basically, the introspection engine should work even if the phone
is hacked and actively lying to you; it should have a simple and intuitive
user interface and require no special training to use; it should be usable
on a daily basis with minimal impact on workflow.
Introspection engines don't exist yet, and the research Snowden and Huang
presented today is only the beginning. In order to begin work on a
prototype, the pair needed to pick a specific model of smartphone to target.
They chose the 4.7-inch iPhone 6, based on their understanding of "the
current preferences and tastes of reporters." However, introspection engines
could be designed for any model phone.
Jacking Into the iPhone
Huang, an American who currently lives in Singapore, traveled to the
metropolis of Shenzhen, China, to explore the electronics markets of Hua
Qiang, which he described as "ground zero for the trade and practice of
iPhone repair." While there, he bought spare parts and repair manuals that
contained detailed blueprints of the target device.
Using information gleaned from these manuals, Snowden and Huang discovered
that the iPhone's logic board has several test points designed by the
manufacturer that can be exploited to learn the status of various on-board
radios. These test points, which are built-in to many consumer devices, are
crucial to improving customer experience. When a customer returns a
defective device, engineers rely on them to determine the cause of the
defect.
Snowden and Huang discovered 12 test points that could be used to monitor
the status of the cellular radios, the GPS radio, and the wifi and bluetooth
radios. While they didn't find a test point to monitor the Near Field
Communication chip, the part that makes Apple Pay possible, they discovered
that they could disconnect its antenna, vastly reducing its range.
They don't think that modifying an iPhone 6 to install an introspection
device could be done by just anyone, but "any technician with modest
soldering skills can be trained to perform these operations reliably in
about 1-2 days of practice on scrap motherboards."
Supply Chain
The next step is to develop a working prototype, which Snowden and Bunnie
hope to complete over the next year. Their blog post says that the project
is currently operating on a "shoestring budget" and "donated time."
If it proves successful, they may seek funding through the Freedom of the
Press Foundation to develop and maintain a supply chain. The nonprofit, of
which both Snowden and I are board members, could then distribute iPhones
that have been modified to include introspection devices to journalists who
work in dangerous environments to use in the field.
http://e-max.it/posizionamento-siti-web/socialize
http://e-max.it/posizionamento-siti-web/socialize
