Cellphone surveillance

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Cellphone surveillance, also known as cellphone spying, may involve the tracking, bugging, monitoring, interception and recording of conversations and text messages on mobile phones.[1] It also encompasses the monitoring of people's movements, which can be tracked using mobile phone signals when phones are turned on.[2] In the United States, law enforcement agencies can legally monitor the movements of people from their mobile phone signals upon obtaining a court order to do so.[2] Cellphone spying software is software that is surreptitiously installed on mobile phones that can enable these actions.

Mobile phone tracking[edit]

StingRay devices are used by law enforcement agencies to track people's movements, and intercept and record conversations, names, phone numbers and text messages from mobile phones.[1] Their use entails the monitoring and collection of data from all mobile phones within a target area.[1] Law enforcement agencies in Northern California that have purchased StingRay devices include the Oakland Police Department, San Francisco Police Department, Sacramento County Sheriff's Department, San Jose Police Department and the Fremont Police Department.[1] The Fremont Police Department's use of a StingRay device is in a partnership with the Oakland Police Department and the Alameda County District Attorney's Office.[1]

In 2007, StingRay devices assisted the Oakland Police Department in Oakland, California in making 21 arrests, and in 2008, 19 arrests were made in unison with the use of StingRay devices.[1]

StingRay devices are often used in combination with Hailstorm towers that jam the mobile phone signals forcing phones to drop down from 4G and 3G network bands to older, more insecure 2G bands.[3]

In most states, police can get many kinds of cellphone data without obtaining a warrant. Law-enforcement records show, police can use initial data from a tower dump to ask for another court order for more information, including addresses, billing records and logs of calls, texts and locations.[4]

Hidden cellphones[edit]

Bugging[edit]

Cellphone bugs can be created by disabling the ringing feature on a mobile phone, allowing a caller to call a phone to access its microphone and listen in. Intentionally hiding a cell phone in a location is a bugging technique. Some hidden cellphone bugs rely on Wifi hotspots, rather than celluar data, where the tracker rootkit software periodically "wakes up" and signs into a public wifi hotspot to upload tracker data onto a public internet server. In the United States, the FBI has used "roving bugs", which entails the activation of microphones on mobile phones to enable the monitoring of conversations.[5]

Cellphone spying software[edit]

Cellphone spying software[6] is a type of cellphone bugging, tracking, and monitoring software that is surreptitiously installed on mobile phones. This software can enable conversations to be heard and recorded from phones upon which it is installed.[7] Cellphone spying software can be downloaded onto cellphones.[8] Cellphone spying software enables the monitoring or stalking of a target cellphone from a remote location with some of the following techniques:[9]

  • Allowing remote observation of the target cellphone position in real-time on a map
  • Remotely enabling microphones to capture and forward conversations. Microphones can be activated during a call or when the phone is on standby for capturing conversations near the cellphone.
  • Receiving remote alerts and/or text messages each time somebody dials a number on the cellphone
  • Remotely reading text messages and call logs

Cellphone spying software can enable microphones on mobile phones when phones are not being used, and can be installed by mobile providers.[5]

Occurrences[edit]

In 2005, the prime minister of Greece was advised that his, over 100 dignitaries' and the mayor of Athens' mobile phones were bugged.[7] Kostas Tsalikidis, a Vodafone-Panafon employee, was implicated in the matter as using his position as head of the company's network planning to assist in the bugging.[7] Tsalikidis was found hanged in his apartment the day before the leaders were notified regarding the bugging, which was reported as "an apparent suicide."[10][11][12][13]

Security holes within Signalling System No. 7 (SS7), called Common Channel Signalling System 7 (CCSS7) in the US and Common Channel Interoffice Signaling 7 (CCIS7) in the UK, were demonstrated at Chaos Communication Congress, Hamburg in 2014.[14][15]

Detection[edit]

Some indications of possible cellphone surveillance occurring may include a mobile phone waking up unexpectedly, using a lot of the CPU when on idle or when not in use, hearing clicking or beeping sounds when conversations are occurring and the circuit board of the phone being warm despite the phone not being used.[8][16][15][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35]

Prevention[edit]

Preventative measures against cellphone surveillance include not losing or allowing strangers to use a mobile phone and the utilization of an access password.[8][9] Turning off and then also removing the battery from a phone when not in use is another technique.[8][9] Jamming or a Faraday cage may also work, the latter obviating removal of the battery.

Disconnecting the microphone from the circuit board (or smashing the mic with a needle and hammer), and then using an external plug-in or bluetooth mic when you want to make calls, is a solution.

Another solution is turning the MIC input to the DAC off. However, this requires operating system and in some cases, kernel modification in order to prevent MIC input.

See also[edit]

References[edit]

  1. ^ a b c d e f Bott, Michael; Jensen, Thom (March 6, 2014). "9 Calif. law enforcement agencies connected to cellphone spying technology". ABC News, News10. Retrieved 26 March 2014. 
  2. ^ a b Richtel, Matt (December 10, 2005). "Live Tracking of Mobile Phones Prompts Court Fights on Privacy" (PDF). The New York Times. Retrieved 26 March 2014. 
  3. ^ Mysterious Fake Cellphone Towers Are Intercepting Calls All Over The US, Business Insider, Jack Dutton, Sep 3, 2014
  4. ^ John Kelly (13 June 2014). "Cellphone data spying: It's not just the NSA". USA today. 
  5. ^ a b McCullagh, Declan; Broache, Anne (December 1, 2006). "FBI taps cell phone mic as eavesdropping tool". CNET. Retrieved 26 March 2014. 
  6. ^ "Cell Phone Spying Software". Cell Phone Spying. 
  7. ^ a b c V., Prevelakis; D., Spinellis (July 2007). "The Athens Affair". Volume:44, Issue: 7. Spectrum, IEEE. pp. 26–33. Retrieved 26 March 2014.  (subscription required)
  8. ^ a b c d Segall, Bob (June 29, 2009). "Tapping your cell phone". WTHR13 News (NBC). Retrieved 26 March 2014. 
  9. ^ a b c News report. WTHR News. (YouTube video)
  10. ^ Bamford2015-09-29T02:01:02+00:00, James BamfordJames. "Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?". The Intercept. Retrieved 7 June 2017. 
  11. ^ "Story of the Greek Wiretapping Scandal - Schneier on Security". www.schneier.com. Retrieved 7 June 2017. 
  12. ^ "Software engineer?s body exhumed, results in a month - Kathimerini". ekathimerini.com. Retrieved 7 June 2017. 
  13. ^ "Ericsson's Greek branch fined over wire-tapping scandal". thelocal.se. 6 September 2007. Retrieved 7 June 2017. 
  14. ^ Gibbs, Samuel (19 April 2016). "SS7 hack explained: what can you do about it?". Retrieved 7 June 2017 – via The Guardian. 
  15. ^ a b Zetter, Kim. "The Critical Hole at the Heart of Our Cell Phone Networks". wired.com. Retrieved 7 June 2017. 
  16. ^ "Common security vulnerabilities of mobile devices - Information Age". information-age.com. 21 February 2017. Retrieved 7 June 2017. 
  17. ^ https://www.us-cert.gov/sites/default/files/publications/cyber_threats-to_mobile_phones.pdf
  18. ^ "Hackers Can Control Your Phone Using a Tool That's Already Built Into It - WIRED". www.wired.com. Retrieved 7 June 2017. 
  19. ^ http://www.jsums.edu/research/files/2013/06/Cell-Phone-Vulnerabilities-1.pdf?x52307
  20. ^ "Baseband vulnerability could mean undetectable, unblockable attacks on mobile phones". Boing Boing. Retrieved 7 June 2017. 
  21. ^ "So Hey You Should Stop Using Texts for Two-Factor Authentication - WIRED". www.wired.com. Retrieved 7 June 2017. 
  22. ^ "How to Protect Yourself from SS7 and Other Cellular Network Vulnerabilities". blackberry.com. Retrieved 7 June 2017. 
  23. ^ Beekman, Jethro G.; Thompson, Christopher. "Breaking Cell Phone Authentication: Vulnerabilities in AKA, IMS and Android". Retrieved 7 June 2017 – via CiteSeer. 
  24. ^ "Security Vulnerabilities in Mobile MAC Randomization - Schneier on Security". www.schneier.com. Retrieved 7 June 2017. 
  25. ^ Newman, Lily Hay. "A Cell Network Flaw Lets Hackers Drain Bank Accounts. Here’s How to Fix It". wired.com. Retrieved 7 June 2017. 
  26. ^ "iPhone spying flaw: What you need to know about Apple's critical security update". telegraph.co.uk. Retrieved 7 June 2017. 
  27. ^ Perlroth, Nicole (25 August 2016). "IPhone Users Urged to Update Software After Security Flaws Are Found". Retrieved 7 June 2017 – via NYTimes.com. 
  28. ^ Barrett, Brian. "Update Your iPhone Right Now". wired.com. Retrieved 7 June 2017. 
  29. ^ Kelly, Heather (25 August 2016). "iPhone vulnerability used to target journalists, aid workers". CNNMoney. Retrieved 7 June 2017. 
  30. ^ Heisler, Yoni (8 March 2017). "Apple responds to CIA iPhone exploits uncovered in new WikiLeaks data dump". bgr.com. Retrieved 7 June 2017. 
  31. ^ "Current Activity - US-CERT". www.us-cert.gov. Retrieved 7 June 2017. 
  32. ^ Ivy. "Apple: iOS 10.3.1 fixes WLAN security vulnerabilities". cubot.net. Retrieved 7 June 2017. 
  33. ^ "iOS 10.3.2 arrives with nearly two dozen security fixes". arstechnica.com. Retrieved 7 June 2017. 
  34. ^ "NVD - Home". nvd.nist.gov. Retrieved 7 June 2017. 
  35. ^ "Apple users advised to update their software now, as new security patches released". welivesecurity.com. 16 May 2017. Retrieved 7 June 2017. 

Further reading[edit]