Posts Taged smartphone

Surely we can find, and stop, high-tech spies

It’s rumored that the U.S. intelligence community has commissioned The Eagles to rewrite some of their famous lyrics to serve as a deterrent to Russia and China. The hope is that this new song will stop the apparently unabated espionage activities occurring in the National Capital Region, known as the NCR. It’s called “You Can’t Hide Your Spyin’ Eyes.”

BY MORGAN WRIGHT

Concerns about enhanced technical espionage have circulated for a long time. A very provocative technology, currently being used by law enforcement and our military, is a cell-site simulator. Known as an IMSI-catcher, or commercially as a Stingray, it’s a box about the size of an oversized pair of sneakers.

 

IMSI stands for International Mobile Subscriber Identity. This is how the Global System for Mobile Communications (GSM) finds you, regardless of country, and delivers a call to you or allows you to make one to a destination of your choice. Several reports surfaced in 2017 that showed the Department of Homeland Security was worried about IMSI catchers. 

 

In a Nov. 17, 2017, letter, Sen. Ron Wyden (D-Ore.) asked the DHS National Protection and Programs Directorate if there was any evidence of foreign IMSI catchers operating in the National Capital Region. A pilot study had been conducted from January to November of the same year. The short answer was yes. The longer, typical government response was:

“The Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) has observed anomalous activity in the National Capital Region (NCR) that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers. NPPD has not validated or attributed such activity to specific entities or devices. This information was reported to our Federal partners at the time it was observed.”

Now that it’s been established that nefarious electronic hijinks abound in the NCR, surely there must be a way to find it and stop it. Right? The short answer is no. The government answer is even more terrifying:

“NPPD is not aware of any current DHS technical capability to detect IMSI catchers. To support such a capability, DHS would require funding to procure, deploy, operate and maintain the capability, which includes the cost of hardware, software, and labor.”

The previous statement might make you think this is a newly discovered problem of which DHS is just becoming aware. But our Canadian neighbors found the same activity near their Parliament in 2017. In 2014, the Harvard Journal of Law and Technology said that “Hostile foreign intelligence services can and, almost certainly, are using the technology in this country for espionage.”

About two weeks ago, the Senate passed a spending bill that included language directing the Pentagon to divulge the use of IMSI catchers near U.S. bases and facilities. It’s not the first time the use of electronics has caused security concerns. A 20-year-old Australian student discovered the location of several military bases overseas by simply looking at the heatmap posted by Strava of running routes that had been shared.

You’d have to go back almost another 20 years to find when the threat of IMSI catchers became a real issue. The notorious hacker Kevin Mitnick was captured in 1996 using the same technology DHS is worried about in 2018. The hacking victim who helped the FBI track Mitnick down — Tsutomu Shimomura — was very well acquainted with the technology.

“Later that night, the FBI radio surveillance team from Quantico, Virginia, arrived at the Sprint cellular telephone switch office. The team talked to me a little about the technology they had toted along in the station wagon, especially something called a cell-site simulator, which was packed in a large travel case. The simulator was a technician’s device normally used for testing cell phones, but it could also be used to page Mitnick’s cell phone without ringing it, as long as he had the phone turned on but not in use. The phone would then act as a transmitter that they could home in on with a Triggerfish cellular radio direction-finding system that they were using.”

This wasn’t Shimomura’s first brush with cell phones. In 1993, in front of a congressional oversight committee, he showed how easy it was to use a software hack to listen in on the calls of nearby cellular phones. The problem isn’t new. In fact, it’s quite old.

If you take DHS’s response at face value, it appears NPPD does not have its own technical capability. If DHS has no organic ability, how did it detect anything in the first place? With a little help from other solutions. Project Overwatch, for example.

According to the RSA presentation, “Project Overwatch has been a multinational effort between USA, Germany, and Australia to create a solution leveraging GSMK’s patented Baseband Firewall technology.” This began six years ago.

In February 2017, at the RSA Security Conference in San Francisco, a demonstration of Project Overwatch showed the detection of rogue IMSI catchers — the same technology DHS used, but did not disclose, in its letter to Sen. Wyden.

The warnings were there. The threat was there. Six years ago, we worked with our allies to develop a solution to counter this growing form of technical espionage. So why is Congress just now worried about this?

It’s inconceivable that this electronic eavesdropping that targeted the White House, Congress, our federal law enforcement and intelligence agencies, and who knows what else, should have gone on for this long without a warning to the relevant oversight committees. And the public.

When it comes to our national security, no one should be allowed to, as The Eagles might say, “Take It Easy.”

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.

This smartphone cuts off your camera and microphone so no spy agencies can watch you

  • Cybersecurity firm DarkMatter has unveiled its first smartphone

  • Katim is designed to stop spy agencies listening to you

  • It is an Android smartphone with a 5.2-inch display and strong encryption

  • One security feature called “shield mode” disconnects power from the microphone and camera on the device, so nobody can spy on your conversations

Cybersecurity firm DarkMatter has launched its first smartphone, designed to stop spy agencies listening to you.

An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption.

DarkMatter unveiled the phone concept last year but has now brought it to market.

 
One security feature built by the Middle East-based firm is called “shield mode,” which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations.

“If you are to enter a secure meeting or a very confidential meeting as a business, you are striking a secret deal, or as a government having a secret meeting in that regard… you always tend to find people leaving their phone outside the meeting,” Faisal Al Bannai, CEO of DarkMatter, told CNBC in an interview Tuesday.

“It’s because you can’t trust that no one, no super agencies are able to turn on that mic while you are sitting in the room.”

Al Bannai said the company has built the Katim smartphone from the “ground up” with security.

Shield mode is activated by flicking a button on the side of the device; the CEO said this makes it more secure.

“This button will physically disconnect the power from the mic and camera, which means unless that super agency has a way of physically shifting that button back, there is no way that mic is turning on and listening to what you’re saying,” Al Bannai said.

Privacy and spying via devices was thrust into the spotlight in 2016 when a photoemerged showing that Facebook CEO Mark Zuckerbergtapes up the webcam of his laptop.

DarkMatter is not the only provider of security-focused devices. On Tuesday, cybersecurity firm Sikur announced what it claims is a hack-proof smartphone designed to store cryptocurrencies securely. And at Mobile World Congress, Chinese electronics maker Huawei unveiled a new laptop called the MateBook X Pro that has a camera hidden in the keyboard.

Al Bannai also revealed that 2017 revenue hit $400 million, up from $200 million the year before.

Arjun Kharpal
Source: CNBC