Edward Snowden Proposes Smartphone Privacy

Uploaded on 2016-08-31 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Whistle-blower turned Russia-based privacy advocate Edward Snowden has proposed a device that will inform users when their phones are tracking or disclosing their location.

Named “The Introspection Engine”, this will be an open source, user-inspectable and field-verifiable module attached to an existing smart phone “that makes no assumptions about the trustability of the phone’s operating system”.

In a lengthy article, Snowden said: “Turning off radios by entering airplane mode is no defense. Furthermore, airplane mode is a “soft switch”; the graphics on the screen have no essential correlation with the hardware state. Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface; trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”

Snowden intended the application to be for journalists working in sensitive areas, as “smartphones are extremely complex and present a large, porous attack surface” and “even a perfectly secure phone will not save a reporter from ‘victim-operated’ exploits such as spear-phishing”.

He intended the Introspection Engine to monitor radio activity using a measurement tool contained in a phone-mounted battery case, which engine has the capability to alert a reporter of a dangerous situation in real-time. “The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on,” he said.

“This work is not just an academic exercise; ultimately we must provide a field-ready introspection solution to protect reporters at work. Although the general principles underlying this work can be applied to any phone, reducing these principles to practice requires a significant amount of reverse engineering, as there are no broadly supported open source phone solutions on the market.”

He said that from the outside, the Introspection Engine will look and behave like a typical battery case for the iPhone 6 and as well as providing extra power to the iPhone 6, the case will contain the introspection engine’s electronics core.

“The electronics core will likely consist of a small FPGA and an independent CPU running a code base completely separate from the iPhone 6’s CPU,” he said. “This physical isolation of CPU cores minimizes the chance of malware from the phone infecting the introspection engine.”

Snowden intends to build a prototype over the coming year, and verify the introspection engine’s abilities, and will be built for the iPhone 6 and later for other makes and models of phones.

“By grouping radio control test points together, leaving them exposed, and publishing a terse description of each test point, direct introspection engines can be more rapidly deployed and retrofitted into future smartphones,” he said.

However Cesare Garlati, chief security strategist at the prpl Foundation, doubted how this would aid the confidentiality, integrity and authenticity of mobile communications.

He said: “There is an easier way to make sure your mobile device doesn't send unwanted communications: turn it off and remove the battery, and if you really care about this, don't buy ‘sealed’ devices that don't allow you to remove the battery.”

Infosecurity: http://bit.ly/2aiZrNz

« Psychological Warfare On Social Media
Humans And The Robotic Future »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.