Man
Professional
- Messages
- 3,222
- Reaction score
- 832
- Points
- 113
The problem of "Armor and shell" is not the exclusive prerogative of the military alone, a similar struggle is underway in many areas. Drivers struggle with traffic rules, the brain develops banner blindness, bureaucrats struggle with coronavirus statistics.
Information security is no exception, a centuries-old battle is being waged on this battlefield, although not as noisy as military actions, but no less fierce. The popular story about how Nathan Rothschild made a fortune based on exclusive access to information gave rise to the catchphrase: "Who owns information - owns the world".
The significance of information can be different, the vast majority is of no interest to others, they cannot extract self-interest or profit from it, but sometimes you want some privacy. Not necessarily to hide illegal actions or something indecent: “I have no secrets from the state” is a favorite phrase for trolling on the topic of privacy, but simply because there is private life and its obvious rule: “It’s none of your business.” And, since a smartphone has long been an integral part of a person’s personality (“My whole life is in it!!!11rass”), then protecting it from encroachment has long been one of the most pressing personal problems. This applies to both access to information on it and telephone conversations. Today’s article will be about modern ways to protect your privacy.
A toy for children from the eighties
Probably the most famous and simple crypto-device is the good old "voice distorter" A traditional accessory of spy films of the middle of the last century, which was attached to the receiver and turned the human voice into a characteristic grinding sound, terrifying the audience.
Later, like many other "James Bond gadgets", the circuitry allowed the device to be released in a pocket format, and now anyone can download such an application to their smartphone. The method is rather humorous and is more suitable for pranks than for real concealment of information, but, at a minimum, it will complicate the identification of the caller by voice. However, they have already "gotten" them, in one spy TV series there was an episode where the computer calculated the algorithm of the "distorter" and restored the original voice. I do not know whether such programs actually exist, but it sounds quite plausible.
For quite a long time, telephone communication was exclusively wired. History remembers many cases when spy equipment was connected to a network gap and allowed eavesdropping and recording of secret conversations. One of the most famous projects of this kind - Operation Gold, was comically unsuccessful, due to the fact that Soviet counterintelligence learned in time about the upcoming tunnel under the Berlin Wall, to connect to the telephone communications of the Soviet army and it was decided to use this channel to leak disinformation.
The press examines the discovered wiretapping site
Surely many remember the characteristic scenes in the movies, when an evil spy applies a mysterious box to a top secret cable, which instantly "magnetizes" to it or to the concrete along which the wire is laid. The box is always equipped with a short cylinder depicting an antenna and a special unmasking LED, so that it is easier for the good spy to find it.
Van Eyck demonstrates interception of an image from a monitor in the next room
As it often happens, cinematography is far from reality, but such interception is still possible, we are talking about the method of Wim van Eyck. any electronic component emits interference into the air that is modulated by data: transmitted, received or processed inside the device or via communication lines. This method is described in the wonderful book by Neil Sivenson - "Cryptonomicon":
Further on in the plot, the process of decrypting information is described, which is complicated by the fact that data from the laptop screen can be intercepted by the van Eyck method and the hero writes a program that fills the screen with digital garbage imitating the decryption process, but does not display real information on the screen. Van Eyck's experiment was done with a regular CRT monitor, and in Cryptopnomicon a laptop was used, but several years after the book was published, a similar interception was also carried out in reality.
Although it is believed that the interception was carried out after van Eyck formulated it, Bell Telephone Laboratories reported a similar vulnerability of teletypes back in the Second World War.
Optical lines are also not protected from eavesdropping. The most vulnerable are connectors, if they are not sufficiently insulated from light, then we can consider signal flashes breaking through the connections. Physical access to the fiber optic communication line itself also makes it possible to obtain data without destroying the fiber optic and without integrating into the line. Theoretically, if you remove the fiber from the cable and bend it to a certain limit, then the curvature that provides the angle of maximum signal reflection from the fiber walls will be exceeded and part of the radiation will break through beyond the fiber and the signal can be intercepted.
Now let's return to our reality and see what wiretapping methods lie in wait for the average user of modern smartphones and how to protect yourself from them. Conventionally, they can be divided into several groups: interception of the signal between the phone and the base station; introduction of a hardware or software "bug" to obtain data directly from the device; remote hacking of the device to gain control over it.
Technically, a telephone is an ordinary receiver and transmitter, absolutely nothing prevents it from receiving signals that it exchanges with the tower and recording them. Obviously, this makes little practical sense, because the data is encrypted with modern cryptographically strong protocols. Theoretically, it is possible to combine the first and second attack methods to obtain keys for decrypting the signal from a mobile phone.
Karsten Nohl
German cryptography expert Karsten Nohl has been methodically researching such capabilities year after year. It has been documented that he has succeeded in infiltrating cellular data exchange and decrypting telephone conversations several times. He did this for the first time in 2009, using an attack on the encryption algorithm. With the help of volunteers, Rainbow Tables were calculated for the A5/1 cryptographic algorithm, which was then used in GSM cellular networks. The results were presented in a report at the Chaos Communication Congress in 2009.
Later, in 2010, at the same hacker congress, he demonstrated interception, recording and playback of telephone conversations using cellular devices connected to a computer. Later, in 2011, using a re-equipped telephone, he demonstrated the possibility of connecting to conversations in GPRS networks with operators who either did not use encryption at all (this has happened), or used algorithms “not at full capacity”.
In 2013, he was able to demonstrate the vulnerability of phones that used outdated SIM cards. These cards had a digital signature generated by a weak algorithm and could be hacked using rainbow tables. With a digital signature on a SIM card, it was possible to send a service message to it that would force the phone to download and execute malicious code. Even though Java applications are executed in a "sandbox", they can still, at a minimum, send SMS messages to paid services. Moreover, some card manufacturers had sandboxes that were insufficiently protected and allowed access to all functions and information on the SIM card.
It is difficult to say how secure modern protocols are. Several dozen vulnerabilities of various kinds were found in the LTE standard. But, at least, such attacks are extremely complex and available only to a narrow circle of high-class specialists. If direct hacking of telephone conversations were very simple, then the Darknet would have long ago published instructions allowing any "script kiddie" to eavesdrop on everyone.
Due to the fact that LTE is promoted as "cellular Internet for IOT devices", a relatively new type of threat has appeared - the equipment of the telecom operator can be "dosed" and partial control over it can be gained. Accordingly, there is a threat of creating botnets based on "Internet irons" and weather stations.
In addition to "hacker attacks", there are also completely legal ways to gain access to the contents of conversations, but they are not available to everyone - only to government organizations and special services. We are talking about the well-known third-generation SORM system and the "Yarovaya law", as well as direct connection to cellular operators in real time. The latter method is not used often, but there have been cases. During the terrorist attack in Nord-Ost, everyone who lived or worked in the Dubrovka area had an icon on their mobile phone screens signaling that the cellular network had completely disabled encryption of conversations and they were going almost "in plain text". Interestingly, modern operating systems do not have this signaling and to find out the type of protocol encryption, you need to install special applications.
Another complex and expensive, but really working way to get full access to all cellular data within the radius of one cell is IMSI traps. These are "false" base stations that are embedded in data traffic and become an MITM point between the smartphone and the cell tower. The algorithm for selecting a base station by a smartphone is designed in such a way that it tries to connect to the most powerful and closest one. Naturally, the “fake cell” is configured so that its power is higher than that of real stations. Unsuspecting smartphones connect to the spy device and after a handshake, the “offender in uniform” can watch and listen to everything that is transmitted in real time: SMS, voice calls and Internet traffic, as if he were a cellular operator.
The existence of these stations is not a secret, but their use is classified and data on working with them is not available to mere mortals. If a special operation is being carried out somewhere, no one will tell journalists: “There is a cellular data interception station in this area. Thank you for your attention.”
We must not forget about the Chinese Golden Shield. Unfortunately, I forgot where I read the story of how a Russian tourist came to the attention of Chinese special services and I can no longer find the picture. But the tourist was allowed to take a photo of the Shield interface available to the police. It looks like a typical online music service, but instead of tracks, it has recordings of phone conversations.
In addition to the "hardware" methods of attack, there are also "software" ones. Regular (or not so regular) programs installed on a smartphone and spying on the user. The world of spyware applications is so rich and diverse that this is a topic for a separate study, we will limit ourselves to listing the main types.
The most common are programs that disguise themselves as harmless applications, the textbook "Flashlight", which asks for access to calls, contacts, media files and the Internet, looks extremely harmless, but the number of permissions requested is terrifying. There are many cases when such programs stole money not only from accounts to pay for communications, but also data from banking applications. Although, for the most part, they collect statistics with personal data, which they then sell to advertisers.
The next option is spyware that is installed in secret from the owner of the phone. For example, a husband spies on his wife or vice versa. Or not so secretly - parents watching their children, for their safety and their peace of mind. A less harmless option is when an attacker plants a software bug on the victim's smartphone with the most nefarious intentions. One of the most famous examples is the hacking of Angela Merkel's smartphone by American intelligence agencies. The details of the surveillance have never been disclosed, it is not even clear what type of wiretapping it was, whether through a hardware bug or a program, and most likely they were wiretapping the chancellor's old phone: Nokia 6260. The German government has assured that Merkel's modern Blackberry cannot be wiretapped because it has a special encryption chip. However, according to anonymous sources from the intelligence agencies, the "blueberry" can also be easily hacked. It is unclear who to believe here.
Finally, the last type of spyware is programs installed by smartphone manufacturers. Everyone remembers how the scandal with Huawei began? The Americans accused the company of spying using hardware bugs in its equipment. And this is not the first case when tracking hypervisors are found in server equipment, they have been found for quite a long time: Chinese bugs: a true story about virtualization, security and spies. So, there is no smoke without fire and the Americans are not in vain angry at Huawei.
With smartphones, things are not so bad, but in operating systems sometimes there are incomprehensible programs that often connect to unidentified Chinese servers and transmit some data there that is not related to firmware updates or other system programs. Maybe this is part of the Chinese "Big Brother", which they forget to cut out when exporting a smartphone or buying a "gray" product, or maybe targeted surveillance - it is difficult to understand. But, for the most part, such modules simply engage in advertising, displaying pop-up windows in the middle of the screen or replacing part of the content in browsers.
How can we protect ourselves from all these fears and horrors? Let's talk about confronting threats to our privacy. I'll say right away that there will be no pictures or descriptions of James Bond gadgets here, because in real life everything is much more prosaic.
The sad truth is that the forces are very unequal and ordinary people have much fewer opportunities in this fight than attackers. Not least because the average user is not a hacker, his technical skills are not enough to independently resist spy attacks. For example, many people do not think at all when another conditional "Flashlight" starts asking for too many permissions for its work, they click on confirmation of all the requested powers without looking. Or, having got to a dubious site - they obediently poke at all the buttons like: "Update browser". For the most part, they get another paid subscription, but they can also get a real spy program. Devices running the Android operating system are most susceptible to this, but Apple smartphones were also found to have programs that collected too much data about phone owners.
The methods of protection are the same as those that have been well known to computer users for decades - various antivirus programs, being careful when installing new applications and visiting suspicious sites.
The most difficult to resist are attacks aimed at the cellular protocol. The user is practically defenseless against intruders who can intercept, record and decrypt traffic between the phone and the base station. The only way is to make such interception useless by encrypting the transmitted data, this also helps greatly against surveillance by special services that can directly connect to cellular equipment or to the records that operators are now required to keep. But this will force the user to completely abandon the usual methods of communication, and programs that provide such an opportunity are few and far between. In fact, the least compromised were: the Telegram messenger and services like Zello, which were clearly blocked for refusing to cooperate with law enforcement agencies. The rest of the popular messengers were deprived of the attention of the Russian authorities (and not only Russians), which raises serious suspicions that they agreed to cooperate with them. However, the very use of Telegram can already raise suspicions. As sad as it is to admit, there are enough examples when law enforcement officers demanded to show the contents of smartphones, for the presence of Telegram and subscriptions to channels of interest to them. It is useless to discuss the legality of such demands, but sometimes the detainees were forced to break the smartphone so as not to compromise themselves. An interesting way to combat this is #DurovAddDoubleBottom, but so far it has not received the necessary support and distribution. It should be noted that "Internet radio stations" do not leave logs on the phone and cause much less problems in such situations.
If you want to hide your correspondence only from the Internet provider and make the logs recorded thanks to the "Yarovaya law" useless, it is enough to use a VPN, your own or many ready-made ones. Although, for the most part, this method is more suitable for bypassing blocking. If an intruder accesses the smartphone, the encrypted tunnel will not hide your correspondence.
In essence, VPN and messengers with end-to-end encryption are an example of a typical scrambler, equipment that has been used by intelligence agencies for decades, since the spread of wired telephony and conventional radio communications. The difference is that this is a purely software solution available to any user of a modern smartphone.
Experts concerned about the security of negotiations have come up with an ingenious way to counter one of the most inconspicuous attacks - a fake cellular station. There are several programs (for example, EAGLE Security) that keep a detailed log of the names of all cell towers, recording their identifiers and coordinates in the database. As soon as a new base station appears that was not previously included in this register, and worse yet - moving in space, the program sounds the alarm, signaling that the phone has connected to equipment that may be spyware.
It is a little easier to resist threats that are software spy modules installed in the phone by the users themselves due to their own carelessness or by people who have gained access to someone else's smartphone. Suspicious phone activity, a battery that drains too quickly - can be indirect signs that a spy program is installed on the phone. However, this may be a consequence of the fact that the person himself installed "eating" programs that are not necessarily engaged in surveillance.
To prevent such threats, one of the many antiviruses may be enough, the names of which are familiar to everyone from communication with the most common operating system for computers. These programs monitor installed applications, analyze suspicious activity and warn about most of the threats that careless users expose their smartphones to.
Although, not all "official" applications behave well and predictably, there are unpleasant exceptions. For example - the Facebook client. This program regularly ranks first among non-game applications with the largest volume and draining the battery at a terrifying speed. I myself had an unpleasant experience with this client, when immediately after its installation, the phone literally heated up and began to transmit something somewhere at the maximum possible speed. Despite the fact that the smartphone was rooted and the applications were maximally limited in rights, the program clearly pulled something from my phone. For which it was mercilessly removed and subsequently constantly cut out of all firmware.
But not everyone is capable and willing to hack their phone, which is opening the bootloader and installing a root user. Some lack technical knowledge, some are still afraid of “losing the warranty”, and some do not want to give up the opportunities that may be lost with such an operation.
Some bank clients refused to work on the smartphone if they detected root, and sometimes this deprives the ability to "pay with the phone" via NFC. There are smartphones that are practically not subject to such hacking, including the well-known iPhone, the jailbreak of which is becoming increasingly difficult. Another category of smartphones that are better not to "hack" are devices that have protection from intruders, built in by the manufacturer itself. For example, Samsung is known for its Knox system, which is a container separating important data from the rest of the system, accessible to attacks. And although Knox is positioned as corporate protection so that you can use a personal smartphone for business without having a separate "work" device for this, no one prevents you from storing critical personal data in it.
Philip Zimmermann
Unfortunately, large manufacturers do not spoil users with a variety of secure smartphones, and small companies either do not raise enough money to launch a company with a kickstarter, or make annoying mistakes. For example, the super-duper secure BlackPhone, in the creation of which Zimmermann himself took part, had a serious vulnerability that allowed an attacker to gain full control over the device, thanks to an error in one of the third-party programs. The authors of the program promptly released an update, but "the sediment remained." Of course, there are still smartphones used by military or government officials, but they are not available to the general public and are of only academic interest.
Developers of security systems for smartphones did not ignore hardware scramblers, traditional for wired technology. They were released, for example, in the form of a wireless headset, which provided voice encryption "before the smartphone", inside itself.
Naturally, in order to talk to the owner of such a scrambler, you had to have your own copy of the device. Such headsets did not gain popularity due to their high price and the need to supply them to all subscribers, and the company that produces them completely switched to secure smartphones, similar in their functions to Samsung Knox, produced, again, for the military and simply very rich clients concerned about their security.
In conclusion, five minutes of unhealthy paranoia.
The bottom line is that users have very few real means to ensure the security of their conversations, correspondence and personal data. Moreover, almost no method guarantees 100% certainty.
The actions of the authorities and developers may not be what they seem. Simple logic suggests that if RKN is only angry at Telegram, then all the other, also very popular messengers are willing to cooperate with the Russian authorities and special services. And the recent "unbanning" of Telegram may mean that the messenger was forced to provide a guarantee of access to the personal data and correspondence of its users. Moreover, the classic conspiracy theory suggests that this entire two-year epic with the carpet blocking of Tegeli is just a successful operation by the special services, which they started in order to convince people of its safety and gain free access to all their communications.
If you dig deeper, it turns out that almost no one has conducted a serious and transparent security audit of any of the applications or hardware designed to protect user data or communications. The so-called “open testing,” when anyone who finds a vulnerability is promised mountains of gold, is in fact just a beautiful slogan. Because serious specialists will not waste time searching for vulnerabilities that may not actually exist, which means their time remains unpaid, and amateurs who naively hope to get rich by being the ones to find a serious bug do not have sufficient qualifications for such research.
Laws adopted everywhere based on the Patriot Act may leave developers with no choice - they are forced to cooperate with the secret services. And the stories about Apple not wanting to provide tools to unlock a terrorist's phone are a well-launched disinformation. Moreover, many of the discovered vulnerabilities like Heartbleed look like they were deliberately left as a "backdoor" for government services. And the suitcase of the passenger next to you on the bus may contain a Van Eyck interceptor, which reads data from the screens of nearby smartphones in real time.
People have suspected that they are being eavesdropped on before, but only Snowden confirmed the global scale of this surveillance.
Source
Information security is no exception, a centuries-old battle is being waged on this battlefield, although not as noisy as military actions, but no less fierce. The popular story about how Nathan Rothschild made a fortune based on exclusive access to information gave rise to the catchphrase: "Who owns information - owns the world".
The significance of information can be different, the vast majority is of no interest to others, they cannot extract self-interest or profit from it, but sometimes you want some privacy. Not necessarily to hide illegal actions or something indecent: “I have no secrets from the state” is a favorite phrase for trolling on the topic of privacy, but simply because there is private life and its obvious rule: “It’s none of your business.” And, since a smartphone has long been an integral part of a person’s personality (“My whole life is in it!!!11rass”), then protecting it from encroachment has long been one of the most pressing personal problems. This applies to both access to information on it and telephone conversations. Today’s article will be about modern ways to protect your privacy.
Some historical examples
A toy for children from the eighties
Probably the most famous and simple crypto-device is the good old "voice distorter" A traditional accessory of spy films of the middle of the last century, which was attached to the receiver and turned the human voice into a characteristic grinding sound, terrifying the audience.
Later, like many other "James Bond gadgets", the circuitry allowed the device to be released in a pocket format, and now anyone can download such an application to their smartphone. The method is rather humorous and is more suitable for pranks than for real concealment of information, but, at a minimum, it will complicate the identification of the caller by voice. However, they have already "gotten" them, in one spy TV series there was an episode where the computer calculated the algorithm of the "distorter" and restored the original voice. I do not know whether such programs actually exist, but it sounds quite plausible.
For quite a long time, telephone communication was exclusively wired. History remembers many cases when spy equipment was connected to a network gap and allowed eavesdropping and recording of secret conversations. One of the most famous projects of this kind - Operation Gold, was comically unsuccessful, due to the fact that Soviet counterintelligence learned in time about the upcoming tunnel under the Berlin Wall, to connect to the telephone communications of the Soviet army and it was decided to use this channel to leak disinformation.
The press examines the discovered wiretapping site
Surely many remember the characteristic scenes in the movies, when an evil spy applies a mysterious box to a top secret cable, which instantly "magnetizes" to it or to the concrete along which the wire is laid. The box is always equipped with a short cylinder depicting an antenna and a special unmasking LED, so that it is easier for the good spy to find it.
Van Eyck demonstrates interception of an image from a monitor in the next room
As it often happens, cinematography is far from reality, but such interception is still possible, we are talking about the method of Wim van Eyck. any electronic component emits interference into the air that is modulated by data: transmitted, received or processed inside the device or via communication lines. This method is described in the wonderful book by Neil Sivenson - "Cryptonomicon":
Further on in the plot, the process of decrypting information is described, which is complicated by the fact that data from the laptop screen can be intercepted by the van Eyck method and the hero writes a program that fills the screen with digital garbage imitating the decryption process, but does not display real information on the screen. Van Eyck's experiment was done with a regular CRT monitor, and in Cryptopnomicon a laptop was used, but several years after the book was published, a similar interception was also carried out in reality.
Although it is believed that the interception was carried out after van Eyck formulated it, Bell Telephone Laboratories reported a similar vulnerability of teletypes back in the Second World War.
Optical lines are also not protected from eavesdropping. The most vulnerable are connectors, if they are not sufficiently insulated from light, then we can consider signal flashes breaking through the connections. Physical access to the fiber optic communication line itself also makes it possible to obtain data without destroying the fiber optic and without integrating into the line. Theoretically, if you remove the fiber from the cable and bend it to a certain limit, then the curvature that provides the angle of maximum signal reflection from the fiber walls will be exceeded and part of the radiation will break through beyond the fiber and the signal can be intercepted.
"Iron" attacks on cell phones
Now let's return to our reality and see what wiretapping methods lie in wait for the average user of modern smartphones and how to protect yourself from them. Conventionally, they can be divided into several groups: interception of the signal between the phone and the base station; introduction of a hardware or software "bug" to obtain data directly from the device; remote hacking of the device to gain control over it.
Technically, a telephone is an ordinary receiver and transmitter, absolutely nothing prevents it from receiving signals that it exchanges with the tower and recording them. Obviously, this makes little practical sense, because the data is encrypted with modern cryptographically strong protocols. Theoretically, it is possible to combine the first and second attack methods to obtain keys for decrypting the signal from a mobile phone.
Karsten Nohl
German cryptography expert Karsten Nohl has been methodically researching such capabilities year after year. It has been documented that he has succeeded in infiltrating cellular data exchange and decrypting telephone conversations several times. He did this for the first time in 2009, using an attack on the encryption algorithm. With the help of volunteers, Rainbow Tables were calculated for the A5/1 cryptographic algorithm, which was then used in GSM cellular networks. The results were presented in a report at the Chaos Communication Congress in 2009.
Later, in 2010, at the same hacker congress, he demonstrated interception, recording and playback of telephone conversations using cellular devices connected to a computer. Later, in 2011, using a re-equipped telephone, he demonstrated the possibility of connecting to conversations in GPRS networks with operators who either did not use encryption at all (this has happened), or used algorithms “not at full capacity”.
In 2013, he was able to demonstrate the vulnerability of phones that used outdated SIM cards. These cards had a digital signature generated by a weak algorithm and could be hacked using rainbow tables. With a digital signature on a SIM card, it was possible to send a service message to it that would force the phone to download and execute malicious code. Even though Java applications are executed in a "sandbox", they can still, at a minimum, send SMS messages to paid services. Moreover, some card manufacturers had sandboxes that were insufficiently protected and allowed access to all functions and information on the SIM card.
It is difficult to say how secure modern protocols are. Several dozen vulnerabilities of various kinds were found in the LTE standard. But, at least, such attacks are extremely complex and available only to a narrow circle of high-class specialists. If direct hacking of telephone conversations were very simple, then the Darknet would have long ago published instructions allowing any "script kiddie" to eavesdrop on everyone.
Due to the fact that LTE is promoted as "cellular Internet for IOT devices", a relatively new type of threat has appeared - the equipment of the telecom operator can be "dosed" and partial control over it can be gained. Accordingly, there is a threat of creating botnets based on "Internet irons" and weather stations.
In addition to "hacker attacks", there are also completely legal ways to gain access to the contents of conversations, but they are not available to everyone - only to government organizations and special services. We are talking about the well-known third-generation SORM system and the "Yarovaya law", as well as direct connection to cellular operators in real time. The latter method is not used often, but there have been cases. During the terrorist attack in Nord-Ost, everyone who lived or worked in the Dubrovka area had an icon on their mobile phone screens signaling that the cellular network had completely disabled encryption of conversations and they were going almost "in plain text". Interestingly, modern operating systems do not have this signaling and to find out the type of protocol encryption, you need to install special applications.
Another complex and expensive, but really working way to get full access to all cellular data within the radius of one cell is IMSI traps. These are "false" base stations that are embedded in data traffic and become an MITM point between the smartphone and the cell tower. The algorithm for selecting a base station by a smartphone is designed in such a way that it tries to connect to the most powerful and closest one. Naturally, the “fake cell” is configured so that its power is higher than that of real stations. Unsuspecting smartphones connect to the spy device and after a handshake, the “offender in uniform” can watch and listen to everything that is transmitted in real time: SMS, voice calls and Internet traffic, as if he were a cellular operator.
The existence of these stations is not a secret, but their use is classified and data on working with them is not available to mere mortals. If a special operation is being carried out somewhere, no one will tell journalists: “There is a cellular data interception station in this area. Thank you for your attention.”
We must not forget about the Chinese Golden Shield. Unfortunately, I forgot where I read the story of how a Russian tourist came to the attention of Chinese special services and I can no longer find the picture. But the tourist was allowed to take a photo of the Shield interface available to the police. It looks like a typical online music service, but instead of tracks, it has recordings of phone conversations.
"Software" attacks on cell phones
In addition to the "hardware" methods of attack, there are also "software" ones. Regular (or not so regular) programs installed on a smartphone and spying on the user. The world of spyware applications is so rich and diverse that this is a topic for a separate study, we will limit ourselves to listing the main types.
The most common are programs that disguise themselves as harmless applications, the textbook "Flashlight", which asks for access to calls, contacts, media files and the Internet, looks extremely harmless, but the number of permissions requested is terrifying. There are many cases when such programs stole money not only from accounts to pay for communications, but also data from banking applications. Although, for the most part, they collect statistics with personal data, which they then sell to advertisers.
The next option is spyware that is installed in secret from the owner of the phone. For example, a husband spies on his wife or vice versa. Or not so secretly - parents watching their children, for their safety and their peace of mind. A less harmless option is when an attacker plants a software bug on the victim's smartphone with the most nefarious intentions. One of the most famous examples is the hacking of Angela Merkel's smartphone by American intelligence agencies. The details of the surveillance have never been disclosed, it is not even clear what type of wiretapping it was, whether through a hardware bug or a program, and most likely they were wiretapping the chancellor's old phone: Nokia 6260. The German government has assured that Merkel's modern Blackberry cannot be wiretapped because it has a special encryption chip. However, according to anonymous sources from the intelligence agencies, the "blueberry" can also be easily hacked. It is unclear who to believe here.
Finally, the last type of spyware is programs installed by smartphone manufacturers. Everyone remembers how the scandal with Huawei began? The Americans accused the company of spying using hardware bugs in its equipment. And this is not the first case when tracking hypervisors are found in server equipment, they have been found for quite a long time: Chinese bugs: a true story about virtualization, security and spies. So, there is no smoke without fire and the Americans are not in vain angry at Huawei.
With smartphones, things are not so bad, but in operating systems sometimes there are incomprehensible programs that often connect to unidentified Chinese servers and transmit some data there that is not related to firmware updates or other system programs. Maybe this is part of the Chinese "Big Brother", which they forget to cut out when exporting a smartphone or buying a "gray" product, or maybe targeted surveillance - it is difficult to understand. But, for the most part, such modules simply engage in advertising, displaying pop-up windows in the middle of the screen or replacing part of the content in browsers.
Types of modern protection
How can we protect ourselves from all these fears and horrors? Let's talk about confronting threats to our privacy. I'll say right away that there will be no pictures or descriptions of James Bond gadgets here, because in real life everything is much more prosaic.
The sad truth is that the forces are very unequal and ordinary people have much fewer opportunities in this fight than attackers. Not least because the average user is not a hacker, his technical skills are not enough to independently resist spy attacks. For example, many people do not think at all when another conditional "Flashlight" starts asking for too many permissions for its work, they click on confirmation of all the requested powers without looking. Or, having got to a dubious site - they obediently poke at all the buttons like: "Update browser". For the most part, they get another paid subscription, but they can also get a real spy program. Devices running the Android operating system are most susceptible to this, but Apple smartphones were also found to have programs that collected too much data about phone owners.
The methods of protection are the same as those that have been well known to computer users for decades - various antivirus programs, being careful when installing new applications and visiting suspicious sites.
The most difficult to resist are attacks aimed at the cellular protocol. The user is practically defenseless against intruders who can intercept, record and decrypt traffic between the phone and the base station. The only way is to make such interception useless by encrypting the transmitted data, this also helps greatly against surveillance by special services that can directly connect to cellular equipment or to the records that operators are now required to keep. But this will force the user to completely abandon the usual methods of communication, and programs that provide such an opportunity are few and far between. In fact, the least compromised were: the Telegram messenger and services like Zello, which were clearly blocked for refusing to cooperate with law enforcement agencies. The rest of the popular messengers were deprived of the attention of the Russian authorities (and not only Russians), which raises serious suspicions that they agreed to cooperate with them. However, the very use of Telegram can already raise suspicions. As sad as it is to admit, there are enough examples when law enforcement officers demanded to show the contents of smartphones, for the presence of Telegram and subscriptions to channels of interest to them. It is useless to discuss the legality of such demands, but sometimes the detainees were forced to break the smartphone so as not to compromise themselves. An interesting way to combat this is #DurovAddDoubleBottom, but so far it has not received the necessary support and distribution. It should be noted that "Internet radio stations" do not leave logs on the phone and cause much less problems in such situations.
If you want to hide your correspondence only from the Internet provider and make the logs recorded thanks to the "Yarovaya law" useless, it is enough to use a VPN, your own or many ready-made ones. Although, for the most part, this method is more suitable for bypassing blocking. If an intruder accesses the smartphone, the encrypted tunnel will not hide your correspondence.
In essence, VPN and messengers with end-to-end encryption are an example of a typical scrambler, equipment that has been used by intelligence agencies for decades, since the spread of wired telephony and conventional radio communications. The difference is that this is a purely software solution available to any user of a modern smartphone.
Experts concerned about the security of negotiations have come up with an ingenious way to counter one of the most inconspicuous attacks - a fake cellular station. There are several programs (for example, EAGLE Security) that keep a detailed log of the names of all cell towers, recording their identifiers and coordinates in the database. As soon as a new base station appears that was not previously included in this register, and worse yet - moving in space, the program sounds the alarm, signaling that the phone has connected to equipment that may be spyware.
It is a little easier to resist threats that are software spy modules installed in the phone by the users themselves due to their own carelessness or by people who have gained access to someone else's smartphone. Suspicious phone activity, a battery that drains too quickly - can be indirect signs that a spy program is installed on the phone. However, this may be a consequence of the fact that the person himself installed "eating" programs that are not necessarily engaged in surveillance.
To prevent such threats, one of the many antiviruses may be enough, the names of which are familiar to everyone from communication with the most common operating system for computers. These programs monitor installed applications, analyze suspicious activity and warn about most of the threats that careless users expose their smartphones to.
Although, not all "official" applications behave well and predictably, there are unpleasant exceptions. For example - the Facebook client. This program regularly ranks first among non-game applications with the largest volume and draining the battery at a terrifying speed. I myself had an unpleasant experience with this client, when immediately after its installation, the phone literally heated up and began to transmit something somewhere at the maximum possible speed. Despite the fact that the smartphone was rooted and the applications were maximally limited in rights, the program clearly pulled something from my phone. For which it was mercilessly removed and subsequently constantly cut out of all firmware.
"Iron" protection of smartphones
But not everyone is capable and willing to hack their phone, which is opening the bootloader and installing a root user. Some lack technical knowledge, some are still afraid of “losing the warranty”, and some do not want to give up the opportunities that may be lost with such an operation.
Some bank clients refused to work on the smartphone if they detected root, and sometimes this deprives the ability to "pay with the phone" via NFC. There are smartphones that are practically not subject to such hacking, including the well-known iPhone, the jailbreak of which is becoming increasingly difficult. Another category of smartphones that are better not to "hack" are devices that have protection from intruders, built in by the manufacturer itself. For example, Samsung is known for its Knox system, which is a container separating important data from the rest of the system, accessible to attacks. And although Knox is positioned as corporate protection so that you can use a personal smartphone for business without having a separate "work" device for this, no one prevents you from storing critical personal data in it.
Philip Zimmermann
Unfortunately, large manufacturers do not spoil users with a variety of secure smartphones, and small companies either do not raise enough money to launch a company with a kickstarter, or make annoying mistakes. For example, the super-duper secure BlackPhone, in the creation of which Zimmermann himself took part, had a serious vulnerability that allowed an attacker to gain full control over the device, thanks to an error in one of the third-party programs. The authors of the program promptly released an update, but "the sediment remained." Of course, there are still smartphones used by military or government officials, but they are not available to the general public and are of only academic interest.
Developers of security systems for smartphones did not ignore hardware scramblers, traditional for wired technology. They were released, for example, in the form of a wireless headset, which provided voice encryption "before the smartphone", inside itself.
Naturally, in order to talk to the owner of such a scrambler, you had to have your own copy of the device. Such headsets did not gain popularity due to their high price and the need to supply them to all subscribers, and the company that produces them completely switched to secure smartphones, similar in their functions to Samsung Knox, produced, again, for the military and simply very rich clients concerned about their security.
Crypto-analysis
In conclusion, five minutes of unhealthy paranoia.
The bottom line is that users have very few real means to ensure the security of their conversations, correspondence and personal data. Moreover, almost no method guarantees 100% certainty.
The actions of the authorities and developers may not be what they seem. Simple logic suggests that if RKN is only angry at Telegram, then all the other, also very popular messengers are willing to cooperate with the Russian authorities and special services. And the recent "unbanning" of Telegram may mean that the messenger was forced to provide a guarantee of access to the personal data and correspondence of its users. Moreover, the classic conspiracy theory suggests that this entire two-year epic with the carpet blocking of Tegeli is just a successful operation by the special services, which they started in order to convince people of its safety and gain free access to all their communications.
If you dig deeper, it turns out that almost no one has conducted a serious and transparent security audit of any of the applications or hardware designed to protect user data or communications. The so-called “open testing,” when anyone who finds a vulnerability is promised mountains of gold, is in fact just a beautiful slogan. Because serious specialists will not waste time searching for vulnerabilities that may not actually exist, which means their time remains unpaid, and amateurs who naively hope to get rich by being the ones to find a serious bug do not have sufficient qualifications for such research.
Laws adopted everywhere based on the Patriot Act may leave developers with no choice - they are forced to cooperate with the secret services. And the stories about Apple not wanting to provide tools to unlock a terrorist's phone are a well-launched disinformation. Moreover, many of the discovered vulnerabilities like Heartbleed look like they were deliberately left as a "backdoor" for government services. And the suitcase of the passenger next to you on the bus may contain a Van Eyck interceptor, which reads data from the screens of nearby smartphones in real time.
People have suspected that they are being eavesdropped on before, but only Snowden confirmed the global scale of this surveillance.
Source
