How do you secure your smartphone from government spies? The only sure answer might be to remove the battery, then crush the phone with a sledgehammer.
Leaked documents from the Snowden files, provided to German magazine Spiegel show that the NSA has, and continues to, hack into every major smartphone platform, including security stalwart BlackBerry. The hacks range from decrypting secure messages to gathering stored location data.
The agency has working groups that target each platform, adapting their hacks and malware for each security update. The most common method of injecting NSA malware is through one's computer, which transmits the snooping software when the device is synced.
Extent of the Cracks
For many, the most surprising hack was the NSA's storage and decryption of encrypted Blackberry Enterprise Server (BES) data, a fortress previously thought to be impregnable. The internal memos note that while BES data is crackable, it does require a "sustained" operation, which indicates that the process is rarely used. The NSA also lost access to BlackBerry data for a short while in 2009, when the company updated its code. By early 2010, however, the NSA was back in.
Conversely, many of the documents mock Apple and Steve Jobs, calling him "Big Brother" and referring to his paying customers as "zombies." Unsurprising was the NSA's collection of Apple's accidental long-term storage of location data in phones running anything earlier than iOS 4.3.3. Since Apple fixed that "error," the phones only store such data for seven days. Then again, the NSA docs also mention how casually users grant access to location data to apps, such as camera apps and Facebook, so ongoing tracking of location data is likely.
The scariest possibility, however, are silent calls, where the NSA can initiate a one-way call using your phone's microphone, with no alert to you, according to InformationWeek.
Priority of the Cracks
Oddly enough, despite the NSA's efforts to crack Blackberries, they are not a particularly popular device with extremists. That mantle belongs (or belonged, since these documents seem to be a bit dated) to Nokia, and its now-defunct Symbian OS (Nokia now makes Windows-based phones and the phone division was recently acquired by Microsoft). Apple came in third, while BlackBerry was ninth.
Avoiding the Cracks
Is there any way to regain your privacy? So long as you are using a smartphone, probably not. In fact, we already know that the NSA was tracking call logs, regardless of whether your phone was smart or dumb. There may be steps you can take to minimize intrusion, however.
For one, always use the latest and greatest updates available for your phone. The leaked Snowden docs frequently mention iOS 3 and 4, while the current version is iOS 7. Any sort of jailbreak could make your phone vulnerable as well. Also, only use trusted, signed apps (NSA or not, that is always a good tip). And though the NSA has cracked Blackberry's BES, it still seems to be the most secure, if not perfectly secure, platform for messaging.
- NSA can reportedly tap smartphone users' data (C|Net)
- NSA Phone Tracking is Even More Extensive Than We Thought (FindLaw's Technologist Blog)
- All Private Everything: PRISM-Free Phones and Operating Systems (FindLaw's Technologist Blog)