Snowden iPhone Case Alerts Users To Surveillance

Uploaded on 2016-07-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Edward Snowden has helped design a mobile phone case called the “introspection engine” that, he claims, will show when a smartphone is transmitting information that could be monitored.

Presenting via video link to event at the MIT Media Lab in Cambridge, Massachusetts, Snowden and co-designer Andrew “Bunnie” Huang showed how the device connects to a phone’s different radio transmitters, showing its owner knows when a cellular, Wi-Fi or Bluetooth connection is being used to share or receive data. 

Initial mockups of the introspection engine show a small, monochromatic display built into its casing shows whether the phone is “dark”, or whether it is transmitting, and it also can supply an iPhone with extra battery power and cover the rear-facing camera.

It could be developed to act as a sort of “kill switch” that would disconnect a phone’s power supply when it detects that a radio is transmitting data after its owner has attempted to turn it off.

The device is an academic project and nowhere near ready for the mass market, but could still influence how consumers view the “tracking devices” – otherwise known as smartphones that they rely on every day.

“If you have a phone in your pocket that’s turned on, a long-lived record of your movements has been created,” Snowden said. “As a result of the way the cell network functions your device is constantly shouting into the air by means of radio signals a unique identity that validates you to the phone company. And this unique identity is not only saved by that phone company, but it can also be observed as it travels over the air by independent, even more dangerous third parties.”

Most smartphones disable Wi-Fi, Bluetooth and cellular transmission when in airplane mode, but Snowden and Huang say that can’t be trusted.

“Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface,” they write in their paper on the device. “Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”

The project is an extension of Snowden’s work to inform the public about the surveillance capabilities available to governments around the world. In June 2013 he revealed information about mass surveillance programs from the National Security Agency, where he was a contractor, and he has since become the closest thing digital security has to Neil DeGrasse Tyson or Bill Nye: a recognizable name that can explain these issues in a way the average person can understand.

In addition to educating people about security risks, he now wants to help citizens defend themselves – if the introspection engine ever becomes a reality.

Snowden and Huang say there’s no guarantee the device will ever be more than a mockup. “Over the coming year, we hope to prototype and verify the introspection engine’s abilities,” they write. “As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time.” If they do receive the proper funding, they could release the device in partnership with the Freedom of the Press Foundation media advocacy group.

Snowden said the introspection engine was designed to help protect journalists. “One good journalist in the right place at the right time can change history. One good journalist can move the needle in the context of an election. One well-placed journalist can influence the outcome of a war,” he said.

“This makes them a target, and increasingly the tools of their trade [are] being used against them. Our technology is beginning to betray us not just as individuals but as classes of workers, particularly those who are putting a lot on the line in the public interest.”

Sunday Times war correspondent Marie Colvin was reportedly killed in Syria after government forces were able to trace her position, according to a new lawsuit.

Snowden and Huang are concentrating on working with Apple’s iPhone, but also said the device could be modified to work on other smartphones. It’s not immediately clear how Apple will respond to the introspection engine; while it has worked to give consumers security features meant to thwart even sophisticated attackers, the company might not be fond of a device that can separate an iPhone from all networks. Apple has not responded to a request for comment.

Still, the connection to Snowden and the rush of attention following MIT Media Lab’s event might inspire others to work on devices similar to the introspection engine. Even if the tool never becomes more than an interesting subject discussed at an academic conference, it could lead to consumers having more control over what exactly their iPhone is sharing from their pockets.

Guardian

« US Cyber Mission Force Nearly Ready for Action
US Carmakers Want Hackers To Help Them Improve Cybesecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

Allianz

Allianz

Allianz Cyber Protect is a comprehensive cyber insurance provided internationally and tailored to your company´s risk profile.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

CyberRisk Alliance (CRA)

CyberRisk Alliance (CRA)

CyberRisk Alliance is a business intelligence company created to serve the rapidly evolving cybersecurity and information risk management marketplace.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Nudge Security

Nudge Security

Nudge Security offer the world's first-ever SaaS security solution to discover shadow IT and curb SaaS sprawl across any device or location and nudges employees towards optimal security behavior.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.