Friday, June 2, 2017

security - Can my Android device become - remotely and without my permission - a wiretap and get used as surveillance device?


I saw the following article:



An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call.




Is this possible one Android phones and is there a way to block it?



Answer



Ahh, Schneier on Security, Unvy gb gur Xvat. :-)


tl;dr


It may be possible, no one can say for sure. And since no one knows if it's possible you can't block it, because you don't know what and therefore how to block.


But first, let use investigate the statement step by step:


Note that the Article is from 2006



...said mobile providers can...




Google is certainly able to do so, if you are using a Google Services enabled device (usually the ones with "by Google" on the back). But basically every hardware/software manufacturer, whose parts are placed within smartphone (or traditional mobile phone), is able to install backdoors in his products, which could by used third parties to manipulate the device. Either because they bought this access or because the manufacturer is forced to, for example by a (secret) government regulation.



..."remotely install a piece of software on to any handset,..



That's possible and every time you install an app over the Play Store web interface you use this technique.



..without the owner's knowledge,..



Usually you will see visual feedback about the installation process, at least until it's running. But the notification about the new app stays in the notification bar. But no one can rule out that there is a silent install method too.




..which will activate the microphone even when its owner is not making a call...



Android apps are able to activiate the microphone if they have the permission to to so. But if the app came with a silent install method, who knows if the permission for the microphone was also silently given?


And now, how can I protect my privacy?


As soon as you buy a piece of hardware/software without having the ability to verify the hardware and software components for surveillance backdoors, you are lost.


But there are alternatives. There have been attempts to create open source hardware and software for smartphones. Therefore allowing you to review the components for unwanted modules. See for example Opoenmoko.


No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...