Edward Snowden Proposes Smartphone Privacy

Uploaded on 2016-08-31 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Whistle-blower turned Russia-based privacy advocate Edward Snowden has proposed a device that will inform users when their phones are tracking or disclosing their location.

Named “The Introspection Engine”, this will be an open source, user-inspectable and field-verifiable module attached to an existing smart phone “that makes no assumptions about the trustability of the phone’s operating system”.

In a lengthy article, Snowden said: “Turning off radios by entering airplane mode is no defense. Furthermore, airplane mode is a “soft switch”; the graphics on the screen have no essential correlation with the hardware state. Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface; trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”

Snowden intended the application to be for journalists working in sensitive areas, as “smartphones are extremely complex and present a large, porous attack surface” and “even a perfectly secure phone will not save a reporter from ‘victim-operated’ exploits such as spear-phishing”.

He intended the Introspection Engine to monitor radio activity using a measurement tool contained in a phone-mounted battery case, which engine has the capability to alert a reporter of a dangerous situation in real-time. “The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on,” he said.

“This work is not just an academic exercise; ultimately we must provide a field-ready introspection solution to protect reporters at work. Although the general principles underlying this work can be applied to any phone, reducing these principles to practice requires a significant amount of reverse engineering, as there are no broadly supported open source phone solutions on the market.”

He said that from the outside, the Introspection Engine will look and behave like a typical battery case for the iPhone 6 and as well as providing extra power to the iPhone 6, the case will contain the introspection engine’s electronics core.

“The electronics core will likely consist of a small FPGA and an independent CPU running a code base completely separate from the iPhone 6’s CPU,” he said. “This physical isolation of CPU cores minimizes the chance of malware from the phone infecting the introspection engine.”

Snowden intends to build a prototype over the coming year, and verify the introspection engine’s abilities, and will be built for the iPhone 6 and later for other makes and models of phones.

“By grouping radio control test points together, leaving them exposed, and publishing a terse description of each test point, direct introspection engines can be more rapidly deployed and retrofitted into future smartphones,” he said.

However Cesare Garlati, chief security strategist at the prpl Foundation, doubted how this would aid the confidentiality, integrity and authenticity of mobile communications.

He said: “There is an easier way to make sure your mobile device doesn't send unwanted communications: turn it off and remove the battery, and if you really care about this, don't buy ‘sealed’ devices that don't allow you to remove the battery.”

Infosecurity: http://bit.ly/2aiZrNz

« Psychological Warfare On Social Media
Humans And The Robotic Future »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Cyber Crucible

Cyber Crucible

Cyber Crucible is a cybersecurity Software as a Service company definitively removing the risk of data extortion from customer environments.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

Bluerydge

Bluerydge

Bluerydge specialises in cyber security and technology, focusing on the delivery of innovative sovereign solutions through trusted, cleared and experienced professionals.

Staris

Staris

Human based defense is dead. Staris is reinventing application security for an increasingly AI driven world.