Snowden iPhone Case Alerts Users To Surveillance

Uploaded on 2016-07-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Edward Snowden has helped design a mobile phone case called the “introspection engine” that, he claims, will show when a smartphone is transmitting information that could be monitored.

Presenting via video link to event at the MIT Media Lab in Cambridge, Massachusetts, Snowden and co-designer Andrew “Bunnie” Huang showed how the device connects to a phone’s different radio transmitters, showing its owner knows when a cellular, Wi-Fi or Bluetooth connection is being used to share or receive data. 

Initial mockups of the introspection engine show a small, monochromatic display built into its casing shows whether the phone is “dark”, or whether it is transmitting, and it also can supply an iPhone with extra battery power and cover the rear-facing camera.

It could be developed to act as a sort of “kill switch” that would disconnect a phone’s power supply when it detects that a radio is transmitting data after its owner has attempted to turn it off.

The device is an academic project and nowhere near ready for the mass market, but could still influence how consumers view the “tracking devices” – otherwise known as smartphones that they rely on every day.

“If you have a phone in your pocket that’s turned on, a long-lived record of your movements has been created,” Snowden said. “As a result of the way the cell network functions your device is constantly shouting into the air by means of radio signals a unique identity that validates you to the phone company. And this unique identity is not only saved by that phone company, but it can also be observed as it travels over the air by independent, even more dangerous third parties.”

Most smartphones disable Wi-Fi, Bluetooth and cellular transmission when in airplane mode, but Snowden and Huang say that can’t be trusted.

“Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface,” they write in their paper on the device. “Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”

The project is an extension of Snowden’s work to inform the public about the surveillance capabilities available to governments around the world. In June 2013 he revealed information about mass surveillance programs from the National Security Agency, where he was a contractor, and he has since become the closest thing digital security has to Neil DeGrasse Tyson or Bill Nye: a recognizable name that can explain these issues in a way the average person can understand.

In addition to educating people about security risks, he now wants to help citizens defend themselves – if the introspection engine ever becomes a reality.

Snowden and Huang say there’s no guarantee the device will ever be more than a mockup. “Over the coming year, we hope to prototype and verify the introspection engine’s abilities,” they write. “As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time.” If they do receive the proper funding, they could release the device in partnership with the Freedom of the Press Foundation media advocacy group.

Snowden said the introspection engine was designed to help protect journalists. “One good journalist in the right place at the right time can change history. One good journalist can move the needle in the context of an election. One well-placed journalist can influence the outcome of a war,” he said.

“This makes them a target, and increasingly the tools of their trade [are] being used against them. Our technology is beginning to betray us not just as individuals but as classes of workers, particularly those who are putting a lot on the line in the public interest.”

Sunday Times war correspondent Marie Colvin was reportedly killed in Syria after government forces were able to trace her position, according to a new lawsuit.

Snowden and Huang are concentrating on working with Apple’s iPhone, but also said the device could be modified to work on other smartphones. It’s not immediately clear how Apple will respond to the introspection engine; while it has worked to give consumers security features meant to thwart even sophisticated attackers, the company might not be fond of a device that can separate an iPhone from all networks. Apple has not responded to a request for comment.

Still, the connection to Snowden and the rush of attention following MIT Media Lab’s event might inspire others to work on devices similar to the introspection engine. Even if the tool never becomes more than an interesting subject discussed at an academic conference, it could lead to consumers having more control over what exactly their iPhone is sharing from their pockets.

Guardian

« US Cyber Mission Force Nearly Ready for Action
US Carmakers Want Hackers To Help Them Improve Cybesecurity »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

CSC Cyber Games

CSC Cyber Games

CSC Cyber Games is an innovative platform dedicated to empowering individuals with the tools and knowledge to excel in the ever-evolving world of cybersecurity.

Cyber Defense Agency (CDA)

Cyber Defense Agency (CDA)

Cyber Defense Agency is a premier professional services firm specializing in cyber security, computer network defense, and information security.

PROOF

PROOF

PROOF is a Brazilian leader in cybersecurity. Our goal is to assist our Customers in managing security efficiently and in tune with business needs.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

Argenta Talent Acquisition

Argenta Talent Acquisition

Argenta Talent Acquisition is a recruitment partner specializing in Space and Defense, Intelligence Community, all things Technical, Cyber, and Logistics.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.