FBI director lashes out at Apple, Google for encrypting smartphones

Screen Shot 2014-09-27 at 12.27.54 PM
The companies responsible for powering nearly 95 percent of the smart phones in the United States say they’re embracing encryption for the sake of their customers’ privacy, and that’s concerning to the head of the FBI.

On Thursday this week, FBI Director James Comey attacked recent reports regarding both Apple and Google’s efforts to provide customers of their respective operating systems with the ability to secure data with encryption unlike anything previously available for mainstream mobile devices: Apple claims that even its own Palo Alto, California engineers can’t crack into locked phones running the iOS 8 platform released this month, and Google says its new Android devices will offer data encryption by default.

Speaking to reporters during a briefing in Washington on Thursday, Comey outright complained about the companies’ announcements and insisted that their efforts will severely hinder law enforcement operations.

“There will come a day — well it comes every day in this business — when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device,” the Huffington Post quoted Comey as saying. “I just want to make sure we have a good conversation in this country before that day comes.”

“I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘how come you can’t do this thing,’” he added.

Unfortunately for the Obama-appointed head of the FBI, however, that day may have already come and gone, at least with respect to Apple. Upon release of the company’s latest operating system last week, Apple said in a statement that “personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes and reminders is placed under the protection of your passcode,” adding, “Apple cannot bypass your passcode and therefore cannot access this data.”

“So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8,” Apple said.

Reuters / Adrees Latif Reuters / Adrees Latif

On Sept. 18, Google announced they’d be adopting now security-minded practices as well. “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” spokeswoman Niki Christoff said to the Post. “As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”

According to a recent study conducted by digital pollsters comScore, Android and Apple control a 52.1 percent and 41.9 percent share of the market, respectively, with regards to operating systems in the US as of May 2014.

Big names from within the FBI and Justice Department at large have previously spoken out about the federal government’s desire to eavesdrop on conversations conducted in the digital realm, be it on websites or with text messages sent between cell phones, but Comey’s latest remarks may be the most direct yet to come from an individual as high up in the executive branch.

“I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone’s closet or their smart phone,” HuffPo quoted Comey. “The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”

“Google is marketing their Android the same way: Buy our phone and law-enforcement, even with legal process, can never get access to it,” he said.

Reuters / Beck DiefenbachReuters / Beck Diefenbach

According to the Washington Post, Comey told reporter that he said he could not understand why companies would “market something expressly to allow people to place themselves beyond the law” — a quip that quickly attracted criticism.

“Um, what ‘law’ is that?” Hanni Fakhoury, a former federal public defender who currently works as a staff attorney for the Electronic Frontier Foundation, tweeted on Thursday.

“It’s disappointing that the FBI has chosen to focus on examples where encryption might potentially slow hypothetical investigations, while ignoring the fact that strong, reliable encryption is the only way we have to prevent a wide range of very real and very serious crimes,” Matt Blaze, a computer security researcher and professor at the University of Pennsylvania, told the Associated Press. “We rely on smartphones to manage and protect more and more aspects of our business, personal and financial lives.”

Indeed, the American Civil Liberties Union’s chief technologist, Christopher Soghoian, wrote on Twitter on Thursday that “it wasn’t so long ago that top FBI officials were advising people to encrypt data to protect it from hackers,” along with a link to remarks made by then-FBI Executive Assistant Director Shawn Henry about “some of the most critical threats facing our nation” in 2011.

Screen Shot 2014-09-27 at 12.30.02 PM
“Managing the consequences of a cyberattack entails minimizing the harm that results when an adversary does break into a system,” Henry said at the time. “An example would be encrypting data so the hacker can’t read it, or having redundant systems that can readily be reconstituted in the event of an attack.”

In the three years since those remarks were first made, however, the revelations concerning the US National Security Agency’s widespread surveillance programs has prompted an increasing amount of people worldwide to adopt standards intended to protect themselves against eavesdroppers, be they government agents or otherwise. Leaked NSA documents have shown that government agencies have adopted spy practices that may range from tapping into data sent to Google’s massive server warehouses to breaking into iPhones with a 100 percent success rate, the likes of which have been attributed with the marketing of ultra-secure mobile devices as well as a surge in the number of people turning to online anonymity solutions, such as the Tor browser.

As Georgetown University law professor Orin Kerr told the Washington Post, however, the FBI wants to be able to pry into the phones and ergo the lives of Americans — but first with an individualized order, and not a blanket issue like the kind that lets the NSA sweep up phones records of millions of Americans on a regular basis.

“The outrage is directed at warrantless mass surveillance, and this is a very different context. It’s searching a device with a warrant,” Kerr told the paper.

Earlier this year in July, the US Supreme Court ruled that police, in most circumstances, must get a search warrant before they can scoop up data from cellphones. Los Angeles Police Department Detective Brian Collins told the Washington Post this week that he does forensic analysis on about 30 smartphones a month for the LAPD’s anti-gang and narcotics investigations and fears being unable to further aid law enforcement if Apple, Google and other tech companies increasingly turn towards encryption.

“I’ve been an investigator for almost 27 years,” Collins said, “It’s concerning that we’re beginning to go backwards with this technology.”

“Apple will become the phone of choice for the pedophile,” John J. Escalante, the chief of detectives for Chicago’s police department, added to the paper. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

Revealed: How governments can take control of smartphones

Revealed: How governments can take control of smartphones

‘Legal malware’ produced by the Italian firm Hacking Team can take total control of your mobile phone. That’s according to Russian security firm Kaspersky Lab and University of Toronto’s Citizen Lab(which also obtained a user manual).

Operating since 2001, the Milan-based Hacking Team employs over 50 people and offers clients the ability to “take control of your targets and monitor them regardless of encryption and mobility,” while “keeping an eye on all your targets and manage them remotely, all from a single screen.”

It’s the first time Remote Control Systems (RCS) malware has been positively linked with mobile phones and it opens up a new privacy threat potential to mobile phone users.

“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS,” wrote Kaspersky researcher Sergey Golovanov.

“These modules are installed using infectors – special executables for either Windows or Macs that run on already infected computers. They translate into complete control over the environment in and near a victim’s computer. Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target – which is much more powerful than traditional cloak and dagger operations.”

Police can install the spy malware directly into the phone if there is direct access to the device, or if the owner of the phone connects to an already infected computer, according to Wired.

Various softwares can also lure users to download targeted fake apps.

Once inside an iPhone, for instance, it can access and activate all of the following: control of Wi-Fi, GPS, GPRS, recording voice, e-mail, SMS, MMS, listing files, cookies, visited URLs, cached web pages, address book, call history, notes, calendar, clipboard, list of apps, SIM change, live microphone, camera shots, support chats, WhatsApp, Skype, and Viber.

While the malware can be spotted by some of the more sophisticated anti-virus software, it takes special measures to avoid detection – such as “scouting” a victim before installation, “obfuscating” its presence, and removing traces of its activity.
Hacking Team has maintained that its products are used for lawful governmental interceptions, adding that it does not sell items to countries blacklisted by NATO or repressive regimes.

Wired reported that there have been cases where the spying apps were used in illegal ways in Turkey, Morocco, and Saudi Arabia.

Citizen Lab discovered spying malware hiding in a legitimate news app for Qatif Today, an Arabic-language news and information service that reports on events in Saudi Arabia’s eastern Qatif region. It also argued that circumstantial evidence pointed to Saudi Arabia’s government using the spying malware against Shia protesters in the area.

“This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments. An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats for those with access to Hacking Team and Gamma Group toolkits,” Citizen Lab said in its report.

Hacking Team controls the spying malware remotely via command-and-control servers. Kaspersky has discovered more than 350 such servers in more than 40 countries. A total of 64 servers were found in the US – more than in any other country. Kazakhstan came in second, with a total of 49 servers found. Thirty-five were found in Ecuador and 32 in the UK.

NSA can easily bug your switched-off iPhone: Here’s how you can stop them

NSA can easily bug your switched-off iPhone: Here's how you can stop them

Edward Snowden’s recent revelation that the NSA can bug cell phones even when they are turned off left some experts split on whether it is true or not. But a group of hackers claim that at least there is a way to protect your phone from spies’ ears.

Snowden, who exposed the American government’s secret mass surveillance program, has been making headlines in the media for almost a year with shocking details about the scale of snooping by the National Security Agency (NSA).

In last week’s interview with NBC, the former CIA employee yet again added to the spreading privacy panic when he said the NSA can actually eavesdrop on cellphones even when they are turned off.

“Can anyone turn it on remotely if it’s off?” Williams asked Snowden referring to the smartphone he used for travel to Russia for the interview. “Can they turn on apps? Did anyone know or care that I Googled the final score of the Rangers-Canadiens game last night because I was traveling here?”

“I would say yes to all of those,” Snowden replied. “They can absolutely turn them on with the power turned off to the device,” he added.

It is not news that American (and possibly not only American) special services have been able to use mobile phones as a spying tool for at least a decade.

Back in 2006, media reported that the FBI applied a technique known as a “roving bug” which allowed them to remotely activate a cell phone’s microphone and listen to nearby conversations.

Pinpointing a person’s location to within just a few meters has not been a problem either thanks to a tracking device built into mobile phones. This option, a party-spoiler for criminals, has also been helpful in finding people who have gone missing or got into trouble. The general belief has been that removing a battery would make tracking impossible.

In July last year, Washington Post wrote that “By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off.”

The agency used it to help American forces in Iraq. Joint Special Operations Command (JSOC) called the method “The Find,” and “it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” the paper wrote.

It is very likely that the scale of the use of such techniques has grown much bigger and more sophisticated due to SciTech developments. And with millions of people getting addicted to their smartphones – which they carry with them literally everywhere – it is much easier to spy on them.

But, according to a piece published in Wired magazine, there is a way to make sure that no one is listening to you. The article, citing security researchers, says that if an attacker had a chance to install malware before the phone is turned off, the software could make it only look like the phone is shutting down. Instead, it “enters a low-power mode that leaves its baseband chip—which controls communication with the carrier—on”.

Such “playing dead” state would allow the phone to receive commands, including one to activate its microphone, says Eric McDonald, a hardware engineer in Los Angeles told the news outlet. It also gives practical advice on how to deal with the situation. Whether it works or not – is another question.

If you’ve got totally paranoid about your iPhone, you can try to put it into device firmware upgrade (DFU) mode, Eric McDonald, a hardware engineer, told Wired. In this mode, all elements of the phone are shut down except for the USB port which waits for iTunes to install new firmware.

To enter the mode, use any power outlet or computer USB port to plug in the iPhone. Then hold the power button for three seconds, after start holding the home button, too. After 10 seconds, release the power button, but not the home button. Wait for another 10-15 seconds.

The routine is to send “hardware reset” to the phone’s power management unit that overrides any running software, including any malware designed to fake a shutdown, McDonald says.

Now the phone won’t turn on when someone holds the power button or power up when the phone is plugged into a power source and you can leak some NSA secrets to a Glenn Greenwald. But if you decide to make a phone call at some point, you will have to hold the power button and home button together until the Apple logo appears.

The video below explains it with the use of a real iPhone.

There are easier ways to enter a complete shutdown, according to Wired. You can hold the home and power buttons simultaneously for 10 seconds without the DFU button sequence. This will put the phone in too low level a state for anything to able to interact with its baseband.

NSA TO LISTEN TO CONVERSATIONS IN REAL TIME VIA CELLPHONE MIC

New Facebook app another backdoor for government snooping

by PAUL JOSEPH WATSON | MAY 23, 2014

Facebook’s new mobile spy app which listens to a user’s background noise by utilizing the device’s microphone is merely another backdoor via which the NSA and other government agencies will be able to spy on conversations in real time, a technique that we warned about eight years ago.

“Each time I think they’ve become as creepy as possible, somehow they find a way to be even creepier than that,” joked comedian Jimmy Kimmel in response to the announcement, before a skit about how Facebook would soon automatically post your thoughts as a status update.

“Facebook is to release a new feature on its mobile app that “listens” to your music and TV shows,” reports BBC News. “The feature, which will be available in a few weeks’ time, uses the microphones inside users’ smartphones to detect nearby music or TV shows.”

Although Facebook claims the app cannot record conversations, the user agreement for Facebook’s messenger service includes a term that necessitates users to agree to allow their audio to be recorded without permission. Given that microphones on cellphones exist for the sole reason of sending audio of speech, Facebook’s claim that its new app cannot also do so is dubious to say the least.

Such technology was already being mooted eight years ago, when we published an article entitled, Government, Industry To Use Computer Microphones To Spy On 150 Million Americans, in which we explained how, “Private industry and eventually government is planning to use microphones in the computers of an estimated 150 million-plus Internet active Americans to spy on their lifestyle choices and build psychological profiles which will be used for surveillance and minority report style invasive advertising and data mining.”

Given new reports based on the latest Edward Snowden documents which show that the NSA is recording nearly every phone call in entire countries, to think that the federal agency isn’t already utilizing or at least planning to use open microphones on cellphones to spy on Americans would be incredibly naive.

Back in March it was revealed that the NSA is masquerading as Facebook in order to infect millions of computers around the world with malware as part of its mass surveillance program.

“We are sure this will not be abused or hacked by the NSA… and we are sure there will be plenty of small digital print that users will understand… One wonders though, is there any way for non-Facebook users to know that they are being eavesdropped upon?” asks Zero Hedge.

The answer is that every virtually single user of smartphones has given their permission to have their conversations listened to via the device’s microphone. As we have previously highlighted, terms of agreement for both Android and iPhone apps now require users to agree to allow their microphone to be activated at any time without confirmation before they can download the app.

Earlier this year we also reported on how a computer programmer discovered that Google’s Chrome browser had the ability to record conversations without the user’s knowledge.

Gun Confiscati​on Hits U.S. East Coast

The State of Connecticut seems poised to be the first battleground of a new US Civil War as the state is using the Sandy Hook shooting hoax in an attempt to illegally take away the guns of law-abiding American citizens. With the 2nd Amendment and the US Constitution heavily under fire by Socialist politicians and law enforcement who are neglecting their oaths, will Connecticut soon turn into a literal battleground if and when Connecticut police attempt to illegally confiscate guns from Americans who KNOW that THEY are in the right while police and politicians are clearly on the WRONG side of the law and the US Constitution? Before It’s News does not condone violence of any kind but is a strong supporter of the 2nd Amendment and the US Constitution.

Apple security flaw could be a backdoor for the NSA

Apple security flaw could be a backdoor for the NSA

Was the National Security Agency exploiting two just-discovered security flaws to hack into the iPhones and Apple computers of certain targets? Some skeptics are saying there is cause to be concerned about recent coincidences regarding the NSA and Apple.

Within hours of one another over the weekend, Apple acknowledged that it had discovered critical vulnerabilities in both its iOS and OSX operating systems that, if exploited correctly, would put thought-to-be-secure communications into the hands of skilled hackers.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” the company announced.

Apple has since taken steps to supposedly patch up the flaw that affected mobile devices running its iOS operating system, such as iPhones, but has yet to unveil any fix for the OSX used by desktop and laptop computers. As experts investigated the issue through the weekend, though, many couldn’t help but consider the likelihood — no matter how modicum — that the United States’ secretive spy agency exploited those security flaws to conduct surveillance on targets.

On Saturday, Apple enthusiast and blogger John Gruber noted on his personal website that information contained within internal NSA documents leaked by former intelligence contractor Edward Snowden last year coincide closely with the release of the affected mobile operating system, iOS 6.

According to a NSA slideshow leaked by Mr. Snowden last June, the US government has since 2007 relied on a program named PRISM that enables the agency to collect data “directly from the servers” of Microsoft, Yahoo, Google, Facebook and others. The most recent addition to that list, however, was Apple, which the NSA said it was only able to exploit using PRISM since October 2012.

The affected operating system — iOS 6.0 — was released days earlier on September 24, 2012.

These facts, Gruber blogged, “prove nothing” and are “purely circumstantial.” Nevertheless, he wrote, “the shoe fits.”

With the iOS vulnerability being blamed on a single line of erroneous code, Gruber considered a number of possibilities to explain how that happened.

“Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer,” he wrote.

“Once the bug was in place, the NSA wouldn’t even have needed to find it by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets ‘added’ to PRISM.”

Gruber said he sees five possible scenarios, or “levels of paranoia,” as he put it:

Nothing. The NSA was not aware of this vulnerability.
The NSA knew about it, but never exploited it.
The NSA knew about it, and exploited it.
NSA itself planted it surreptitiously.
Apple, complicit with the NSA, added it.

Of course, Guber added, there is always the possibility that “this is all a coincidence.” He certainly wasn’t the only one to consider it, though.

“Again, all of this is circumstantial and speculative, and Apple has come out numerous times vehemently denying its involvement in any NSA program,” iDownloadblog’s Cody Lee wrote on Monday. “But the timing is rather odd, and it makes you wonder how such a serious bug went undiscovered for over a year.”

Indeed, Apple has since the start of the Snowden leaks adamantly fended off allegations concerning a possible collusion with the NSA. On December 31, 2013, the company even issued a statement insisting “Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone.”

“We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them,” Apple said then — nearly two months after acknowledging the major security vulnerability discovered last week.

At the time, though, Apple was responding to another serious allegation that, if correct, gives much more credence to the latest accusations. The Dec. 31 statement was sent hours after security researcher Jacob Appelbaum presented previously unpublished NSA slides at a hacking conference in Germany, including some where the spy agency boasted about being able to infiltrate any iPhone owned by a targeted person.

The NSA, Appelbaum said, “literally claim that any time they target an iOS device, that it will succeed for implantation.”

“Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves.”

Last year, RT reported that the NSA entered into a contract in 2012 with VUPEN, a French security company that sells so-called 0-day exploits to governments and agencies so that vulnerabilities and flaws can be abused before the affected product’s owner is even made aware. It’s likely just another major coincidence that fits the timeframe eerily well, but that contract was signed only days before iOS 6 was released — and, coincidentally, days before the NSA boasted about being able to access Apple communications through its PRISM program.