Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

NSA can easily bug your switched-off iPhone: Here's how you can stop them

Published time: June 04, 2014 23:56
Edited time: June 06, 2014 23:24
Reuters/Pawel Kopczynski

Reuters/Pawel Kopczynski

Edward Snowden’s recent revelation that the NSA can bug cell phones even when they are turned off left some experts split on whether it is true or not. But a group of hackers claim that at least there is a way to protect your phone from spies’ ears.

Snowden, who exposed the American government’s secret mass surveillance program, has been making headlines in the media for almost a year with shocking details about the scale of snooping by the National Security Agency (NSA).

In last week’s interview with NBC, the former CIA employee yet again added to the spreading privacy panic when he said the NSA can actually eavesdrop on cellphones even when they are turned off.

“Can anyone turn it on remotely if it's off?” Williams asked Snowden referring to the smartphone he used for travel to Russia for the interview. “Can they turn on apps? Did anyone know or care that I Googled the final score of the Rangers-Canadiens game last night because I was traveling here?”

“I would say yes to all of those,” Snowden replied. “They can absolutely turn them on with the power turned off to the device,” he added.

It is not news that American (and possibly not only American) special services have been able to use mobile phones as a spying tool for at least a decade.

Back in 2006, media reported that the FBI applied a technique known as a “roving bug” which allowed them to remotely activate a cell phone’s microphone and listen to nearby conversations.

Pinpointing a person’s location to within just a few meters has not been a problem either thanks to a tracking device built into mobile phones. This option, a party-spoiler for criminals, has also been helpful in finding people who have gone missing or got into trouble. The general belief has been that removing a battery would make tracking impossible.

In July last year, Washington Post wrote that “By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off.”

The agency used it to help American forces in Iraq. Joint Special Operations Command (JSOC) called the method “The Find,” and “it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” the paper wrote.

Reuters / Mike Blake

It is very likely that the scale of the use of such techniques has grown much bigger and more sophisticated due to SciTech developments. And with millions of people getting addicted to their smartphones – which they carry with them literally everywhere – it is much easier to spy on them.

But, according to a piece published in Wired magazine, there is a way to make sure that no one is listening to you. The article, citing security researchers, says that if an attacker had a chance to install malware before the phone is turned off, the software could make it only look like the phone is shutting down. Instead, it “enters a low-power mode that leaves its baseband chip—which controls communication with the carrier—on”.

Such “playing dead” state would allow the phone to receive commands, including one to activate its microphone, says Eric McDonald, a hardware engineer in Los Angeles told the news outlet. It also gives practical advice on how to deal with the situation. Whether it works or not – is another question.

If you've got totally paranoid about your iPhone, you can try to put it into device firmware upgrade (DFU) mode, Eric McDonald, a hardware engineer, told Wired. In this mode, all elements of the phone are shut down except for the USB port which waits for iTunes to install new firmware.

To enter the mode, use any power outlet or computer USB port to plug in the iPhone. Then hold the power button for three seconds, after start holding the home button, too. After 10 seconds, release the power button, but not the home button. Wait for another 10-15 seconds.

The routine is to send “hardware reset” to the phone’s power management unit that overrides any running software, including any malware designed to fake a shutdown, McDonald says.

Now the phone won’t turn on when someone holds the power button or power up when the phone is plugged into a power source and you can leak some NSA secrets to a Glenn Greenwald. But if you decide to make a phone call at some point, you will have to hold the power button and home button together until the Apple logo appears.

The video below explains it with the use of a real iPhone.

There are easier ways to enter a complete shutdown, according to Wired. You can hold the home and power buttons simultaneously for 10 seconds without the DFU button sequence. This will put the phone in too low level a state for anything to able to interact with its baseband.

Comments (57)

 

Erik Trete 31.08.2014 08:56

happilea 30.08.2014 16:43

Just take the battery out?

  

Many newer smart phones have built in non-removable batteries. So removal is not a option, however, after 'powering off the phone' just put it in a metal case, tin foil etc and then no communication with the phone is possible.

With all the i-Accessories manufacturers on the market, I see a business opportunity! the RF shielded carrying case or the microphone silencing carrying case! :)

 

happilea 30.08.2014 16:43

Just take the battery out?

 

Bear 07.07.2014 14:07

I recently installed on my home computer a program I used back in my day with two governments of the world. What this program found to 97 minutes to remove from my computer which was supposedly safe by the anti-virus/firewall programs I have. This opened my eyes to the 'fact' that even the anti-virus/firewall programs we 'ALL' use is showing the government everything you store in your computer.

View all comments (57)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us

Follow us