When I place my smartphone on the desk near the computer speakers any time it is going to ring the speakers start making a funny noise a second or two before the ringing starts. So I presume it must be possible to DIY a cheap sensor for GSM signal detection based on a little speaker.
This is a silly question but I'd like to understand if it's possible for a human to sense those same signals. So many times I have had a sensation that my phone will ring and then moments later it does.
Probably confirmation bias or maybe I'm subconsciously hearing the interference in speakers and taking the hint from there. It doesn't happen every time and I don't receive a lot of calls.
HN seems a decent place to settle it once and for all.
Use old style opamps for this btw, they are more susceptible to this, like LM741 NE553, LM883, ... If you are ok with putting your cellphone on the detection box, all you need is an opamp driving a small speaker, and the opamp requires no input. Or you could just hook an antenna on it. If you want I could try, but I have more exiting things to do :)
its probably signal interference because i get it too. " beep-beep-beep ; beep-beep-beep ; beep-beep-beep ; beeeeeeeeee" then call or text comes through
The poor mans way of stopping your iDevice from transmitting, is by putting it in DFU mode [0]. This regretfully will prevent you from using it for anything else too, unlike airplane mode. And some will probably argue that a nation state could mimic DFU on an active phone, but it is a viable option that anyone afraid of being under surveillance could chose. The timing of DFU mode can be quite difficult, this video [1] has been help to millions.
Alternatively some use an iPod with only Signal installed. As stubborn Moxie requires access to the address book [2], the iPod address book is exclusively used for Signal addressees.
This advice does not make much sense, DFU Mode is for performing a full restore on a device. It is not a way you'd just carry a device around, I believe it actually reboots after a certain amount of time.
At that point just walking around with a powered off device makes more sense than DFU.
Probably just showing my ignorance, but there is a processor running in the phone, and it is connected to the various chips on the board, and you can run your own apps that could query the chips directly? If the OS disallows this, I'd be hacking the OS, rather than the hardware.
How did we get to this point, where our personal computing devices are completely out of our basic control? We live in bizarro world.
The point happened when those devices were being common enough so that there is a good enough opportunity to use it as an intelligence and information gathering tool.
Not saying it's right or wrong, but until around 2010, smartphones were not mainstream enough for the government to be interested. If you're a government and you have a lot of resources, things get done pretty quickly, especially in sensitive matters like this one.
You can buy unlocked Android phones and run whatever custom Android ROM you want (Cyanogenmod, Paranoid Android, etc.). The situation isn't as dire as you make it seem.
No disrespect to Snowden and Bunnie, but it seems to me that a much simpler solution giving you a much higher OPSEC is to buy a smartphone with a removable battery. No battery, no radios are on.
And if you are truly paranoid, it's simple to disassemble the phone and look for/remove any backup batteries. I know, I had to pull the backup battery from my wife's Moto G after it fell in the sink.
+1. If you are trying to detect surveillance by considering RF emissions but only some of the time, a sane attacker will simply have the bug record what it needs and transmit it in a burst later when you will not find RF activity suspicious.
You need to prevent the thing from recording you in the first place.
A metal case will block any unwanted RF emission. That said, the article states that the goal is to make it possible for users to still use their smartphones as camera, GPS, or whatever tool you need on it, while being safe.
As someone who knows a bit about computer security I find it mindblowing that journalists would go into war zones and expect to be stealthy with their smartphones in their pockets but they apparently are willing to risk their lives for their iPhones, so the best we can do is offer tools to mitigate the risks.
Snowden explained that the CMOS button battery is enough to send a transponder signal that can be heard by a drone. He said the only way to shut it down is to put it in a freezer.
I mean, I'm a programmer, I am not an expert on sigint stuff, but I don't think it's very hard to innovate in intelligence gathering technologies.
Better yet, install a small custom switch that enables you to physically disconnect power from the battery without actually having to remove it from the phone.
Much less conspicuous if you're in public under physical surveillance, and provides options for phones with non-removable batteries assuming the right modifications are made.
Actually, regardless of whether or not smartphones have a removable battery, there's always a small second battery connected to the baseband for emergency purposes. I've confirmed this firsthand by taking apart several models, and you make out small coin cells on most online disassembly documentation as well.
The Neo900 is designed to detect unauthorized radio transmission from the modem and power the modem down in a fraction of a second, and notify you. It seems to be the only device that will have that capability.
Why go through test points rather than directly detecting RF emission?
In addition to the required hardware modification, a sufficiently nefarious attacker might be able to spoof test points. RF power detection, on the other hand, can't lie. If it's going to communicate, the phone must transmit.
An RF-detection tool would be as easy as a phone case (and could double as a backup battery for the phone). It'd be far simpler and easier to adopt than directly hacking on the hardware.
One nefarious method malware could use to get data off the device without RF would be to play sub 20kHz audio through the speakers, assuming there was a device with a microphone near by that's able to receive the signal, and of course that the speakers can play a frequency that low.
Along the same lines, but only successful if the user isn't looking, would be to use the flashlight LED.
Or maybe very short low power vibrations, if the receiving microphone is on the same surface.
All of these require somewhat particular situations, but fun to think about in any case :)
> Why go through test points rather than directly detecting RF emission?
I'm guessing it comes down to making sure the signal is from the phone and not from an external source.
All modern wireless protocols have multiple devices share a single frequency range. Thus just listening for traffic on those ranges with an antenna will produce false positives.
In addition to the other things people have mentioned, the NSA appears to be fond of retroreflective bugs that don't transmit anything, but reflect incoming signals with modulation.
The problem that got Colvin killed is at the RF/layer 1 layer in the OSI stack... Iridium and Inmarsat phones operate in the L and S bands (1.2 to 2.0 GHz) which is not difficult to do radio frequency direction finding on, if the Tx source remains active. Particularly easy if you have access to Russian military grade DF equipment. The protocol layers and crypto are moot if you are radiating and have a determined DF adversary.
Yeah, I'm not sure if the article starting that way was meant to suggest this device would have saved Colvin or if it was just meant as a vague illustration. Because as it points out, journalists do actually use their phones for calling people and receiving calls quite a lot, so the utility of a phone that is forced offline - for a journalist - would seem to be very low. Why have it powered at all, in that case? Couldn't you just buy a tablet that doesn't have any long-range radios to begin with? WiFi signals don't travel far.
If you can't trust your phone, how would you ensure that it doesn't just record everything (audio, etc.) when in airplane mode and uploads it somewhere later, once you disable airplane mode.
Seems to me that removing the battery would be safer.
This does seem feasible for the specific use case of a protected phone for "clandestine" meetings.
My initial thought was they'd have to redesign it for every phone, but that's not necessarily the case. If eaves dropping is such a concern for you, I would think you would be okay with not having the latest gen phone. Or having an old one just for these sorts cases.
I suppose the concern then shifts to whether this device is easily subverted, or whether it's easy to determine if it has been subverted.
How hard would it be to make the following after-market modifications?
1. add a physical "off" switch that cuts battery power to everything
2. (Hard Mode) Cut power to all radio chips/subsystems (GSM, WIFI, bluetooth) while leaving the rest smartphone operational for taking pictures or recording audio?
How does this address masking "bad" transmissions behind "good" ones? Instead, the spooks will just make sure not to upload your chat logs until you start Tindering the next time, or something.
Interestingly in the paper they address this somewhat for alternatives they discarded. Since they are proposing an introspection engine it should also drown-out the mic and cover the cameras. But then you still have the shock sensor that could record steps. I'm really inclined that a true power switch with introspection engine to verify things are really off is a better approach.
Almost like you need a faraday cage for the phone, with an internal antenna, a "router" through the faraday cage that you have hardware/software control, and then an antenna to rebroadcast outside the cage.
Basically, a radio firewall. So you can enforce absolute radio silence if needed. And log the signals.
You know, if we had source access and hardware blueprints to these devices and actually owned them, this wouldn't be a problem.
But trying to solve an obvious problem (proprietary basebands, phones, and hardware) with bandage solutions kicks the problem down the road. We need to liberate the hardware eventually for liberty's sake.
If Freedom of the Press Foundation set up a supply chain of modified phones then the NSA and their ilk will likely intercept and compromise any mailed devices before they reach the intended recipients.
[+] [-] jakobdabo|9 years ago|reply
[+] [-] retox|9 years ago|reply
Probably confirmation bias or maybe I'm subconsciously hearing the interference in speakers and taking the hint from there. It doesn't happen every time and I don't receive a lot of calls.
HN seems a decent place to settle it once and for all.
[+] [-] vincnetas|9 years ago|reply
[EDIT] http://electronics.stackexchange.com/questions/38838/powerin...
[+] [-] secfirstmd|9 years ago|reply
[+] [-] Qantourisc|9 years ago|reply
[+] [-] agumonkey|9 years ago|reply
[+] [-] roflchoppa|9 years ago|reply
[+] [-] smartbit|9 years ago|reply
Alternatively some use an iPod with only Signal installed. As stubborn Moxie requires access to the address book [2], the iPod address book is exclusively used for Signal addressees.
[0] https://www.theiphonewiki.com/wiki/DFU_Mode#Entering_DFU_Mod...
[1] https://youtu.be/bITIiGswjF
[2] https://whispersystems.org/blog/contact-discovery/
[+] [-] willstrafach|9 years ago|reply
At that point just walking around with a powered off device makes more sense than DFU.
[+] [-] mikeevans|9 years ago|reply
[+] [-] dewster|9 years ago|reply
How did we get to this point, where our personal computing devices are completely out of our basic control? We live in bizarro world.
[+] [-] digi_owl|9 years ago|reply
The phone OS is as much in control of that radio (at best) as your laptop is in control of the ISP router.
[+] [-] jokoon|9 years ago|reply
The point happened when those devices were being common enough so that there is a good enough opportunity to use it as an intelligence and information gathering tool.
Not saying it's right or wrong, but until around 2010, smartphones were not mainstream enough for the government to be interested. If you're a government and you have a lot of resources, things get done pretty quickly, especially in sensitive matters like this one.
[+] [-] dcposch|9 years ago|reply
That's why they're using a completely separate piece of hardware.
[+] [-] heartsucker|9 years ago|reply
[+] [-] SixSigma|9 years ago|reply
https://www.sparkfun.com/products/9533
[+] [-] semi-extrinsic|9 years ago|reply
And if you are truly paranoid, it's simple to disassemble the phone and look for/remove any backup batteries. I know, I had to pull the backup battery from my wife's Moto G after it fell in the sink.
[+] [-] awqrre|9 years ago|reply
0: http://www.popsci.com/sites/popsci.com/files/styles/large_1x...
[+] [-] superuser2|9 years ago|reply
You need to prevent the thing from recording you in the first place.
[+] [-] Iv|9 years ago|reply
As someone who knows a bit about computer security I find it mindblowing that journalists would go into war zones and expect to be stealthy with their smartphones in their pockets but they apparently are willing to risk their lives for their iPhones, so the best we can do is offer tools to mitigate the risks.
[+] [-] jokoon|9 years ago|reply
I mean, I'm a programmer, I am not an expert on sigint stuff, but I don't think it's very hard to innovate in intelligence gathering technologies.
[+] [-] ashitlerferad|9 years ago|reply
[+] [-] rl3|9 years ago|reply
Much less conspicuous if you're in public under physical surveillance, and provides options for phones with non-removable batteries assuming the right modifications are made.
[+] [-] nfjstjstns|9 years ago|reply
The one in my old Atrix was a good 250mAh.
[+] [-] vhdjdjvhdhd|9 years ago|reply
[deleted]
[+] [-] pigeons|9 years ago|reply
https://neo900.org/
http://neo900.org/stuff/cccamp15/ccc2015talk/neo900-wpwrak_C...
[+] [-] 01Michael10|9 years ago|reply
[deleted]
[+] [-] ISL|9 years ago|reply
In addition to the required hardware modification, a sufficiently nefarious attacker might be able to spoof test points. RF power detection, on the other hand, can't lie. If it's going to communicate, the phone must transmit.
An RF-detection tool would be as easy as a phone case (and could double as a backup battery for the phone). It'd be far simpler and easier to adopt than directly hacking on the hardware.
Edit: My concerns are partially addressed in the actual paper: https://www.pubpub.org/pub/direct-radio-introspection
[+] [-] milesokeefe|9 years ago|reply
Along the same lines, but only successful if the user isn't looking, would be to use the flashlight LED.
Or maybe very short low power vibrations, if the receiving microphone is on the same surface.
All of these require somewhat particular situations, but fun to think about in any case :)
[+] [-] digi_owl|9 years ago|reply
I'm guessing it comes down to making sure the signal is from the phone and not from an external source.
All modern wireless protocols have multiple devices share a single frequency range. Thus just listening for traffic on those ranges with an antenna will produce false positives.
[+] [-] Vexs|9 years ago|reply
[+] [-] walrus01|9 years ago|reply
[+] [-] sievebrain|9 years ago|reply
[+] [-] jmiserez|9 years ago|reply
Seems to me that removing the battery would be safer.
[+] [-] phones|9 years ago|reply
https://github.com/mtker/MT6735_Longcheer
Actually there is some .o files in the baseband but easy to pull apart in IDA. Each one relates to a single .c and there are export symbols.
[+] [-] DigitalJack|9 years ago|reply
My initial thought was they'd have to redesign it for every phone, but that's not necessarily the case. If eaves dropping is such a concern for you, I would think you would be okay with not having the latest gen phone. Or having an old one just for these sorts cases.
I suppose the concern then shifts to whether this device is easily subverted, or whether it's easy to determine if it has been subverted.
[+] [-] sangnoir|9 years ago|reply
1. add a physical "off" switch that cuts battery power to everything
2. (Hard Mode) Cut power to all radio chips/subsystems (GSM, WIFI, bluetooth) while leaving the rest smartphone operational for taking pictures or recording audio?
[+] [-] rosser|9 years ago|reply
[+] [-] mzs|9 years ago|reply
[+] [-] cowardlydragon|9 years ago|reply
Basically, a radio firewall. So you can enforce absolute radio silence if needed. And log the signals.
[+] [-] zanny|9 years ago|reply
But trying to solve an obvious problem (proprietary basebands, phones, and hardware) with bandage solutions kicks the problem down the road. We need to liberate the hardware eventually for liberty's sake.
[+] [-] contingencies|9 years ago|reply
[+] [-] venomsnake|9 years ago|reply
And if you are in war zone - using a phone with removable battery is absolutely mandatory IMO.
[+] [-] milesokeefe|9 years ago|reply
[+] [-] frockwearer|9 years ago|reply
[+] [-] misnome|9 years ago|reply
[+] [-] cowardlydragon|9 years ago|reply
[deleted]
[+] [-] cowardlydragon|9 years ago|reply
[deleted]
[+] [-] influx|9 years ago|reply
[deleted]