Categories  Cyber

Public officials risk national security by using cellphones

Professional spyware is capable of remotely activating cellphones to tap into data and conversations – without turning on screens

It’s recently been disclosed that White House Chief of Staff John Kelly’s personal cellphone was compromised last December (see news here from Politico), a period of 9 to 10 months in which he likely carried the device around with him. What does this mean? Kelly’s personal calls and data were hacked and his private life would be exposed to foreign hackers who could use the information in many different ways.

It also means that wherever Kelly carried the phone, his location would be known to hackers. If he was with the President, a major part of Kelly’s job, then the President’s location could be pinpointed within a few meters, thanks to GPS.

It’s highly significant because reports suggest the malware on Kelly’s phone was even functional when the phone was turned off. This is a characteristic of professional spyware known as a “spyphone.” Basically, the phone is capable of being activated remotely even when it is switched off. And the best spyphone malware does not activate the cellphone’s screen when it is turned on this way. Sometimes activation is timed to coincide with certain events. It can not only record conversations or turn the camera on, but it can also transmit immediately or wait until the early hours of the morning when the user is unlikely to detect the activity.

Spyphone malware can also record conversations in a room whether the device is on or off, meaning sensitive conversations can be picked up unknown to the user.

World leaders use cellphones and there are many cases in which they have been compromised. Included in this list are current or former world leaders such as Angela Merkel, Nicolas Sarkozy, Recep Tayyip Erdogan, Silvio Berlusconi and John Kerry. Victoria Nuland, a former State Department official, had her phone hacked, revealing a sensitive Ukrainian conversation. Even President Trump flirts with danger when he uses an old Samsung III for tweeting. Is this phone in his office or his bedroom?

Even so-called secure cellphones may have been hacked. Chancellor Merkel’s phones (she has gone through at least five of them) are supposedly secure, but according to Edward Snowden and others, these devices have also been breached, although the Germans are claiming this did not happen.

Cellphones are poorly designed for security. Without exception, data can be intercepted using tools like Stingray, which is a class of tool known as an IMSI Catcher. This software acts like a cellular transmission tower and fools the phone into establishing a connection. Even if the phone’s voice and data lines are encrypted (rarely the case), the location of the user, the target in his conversation and other information can be tracked by intelligence agencies. But mostly entire conversations can be recorded and there is no easy way for users to know this is happening. Phone to cell tower communications may be encrypted but these systems have been broken and all were designed with big backdoors to satisfy government requirements.

Intercepts are only one part of the problem. The communication architecture of cellphones, the presence of many radios (for voice, data in multiple radio channels, GPS which is a radio receiver, WIFI, Bluetooth) all expose the phone and create a host of opportunities for bugging. In addition, cellphone operating systems (Apple iOS, Android, etc.) are hardly secure or intended to be. Cellphones are designed to facilitate entertainment because entertainment drives sales. Whether entertainment is in the form of talk, social media, music, video, photography – it is all there for the picking. Entertainment always takes precedence over security. Social media companies such as Facebook have already shown they are capable of compromise.

Malware is often buried in smartphone Apps, many of which are deliberately designed to collect personal and private information. Even the ride service Uber allegedly did a deal with Apple to collect all sorts of private information. Malware is also planted on cellphones as a result of phishing schemes and other similar tricks.

Recently cellphones in the hands of NATO troops have been allegedly exploited by Russian hackers as a means of determining troop strength and following military activity in Eastern Europe. The same sort of thing happened to Israeli troops who were followed by the Palestinian intelligence services using equipment they got from the CIA. NATO troops are apparently wrapping their cellphones in condoms to thwart hacking, and while this will make the cameras less useful, condoms do not appear to provide any electronic protection.

Today the only practical solution for governments (and the military) is to replace cellphones with secure encrypted radios that are purpose-built by government organizations with strong security. This means top leaders need to trash their cellphones – sooner rather than later. The risk to national security is too great to do otherwise.

By STEPHEN BRYEN

Comments are closed.