21

Edward Snowden had previously revealed that NSA has the capability to turn on a cell phone even when it is turned off ( but with batteries on ) and can then record conversations. Others like CNN state that :

..But government spies can get your phone to play dead. It's a crafty hack. You press the button. The device buzzes. You see the usual power-off animation. The screen goes black. But it'll secretly stay on -- microphone listening and camera recording.

How did they get into your phone in the first place? Here's an explanation by former members of the CIA, Navy SEALs and consultants to the U.S. military's cyber warfare team. They've seen it firsthand.

Government spies can set up their own miniature cell network tower. Your phone automatically connects to it. Now, that tower's radio waves send a command to your phone's antennae: the baseband chip. That tells your phone to fake any shutdown and stay on.

Note that it is possible for a person to setup a fake base station and have the cell phones connect to it because of an inherent flaw in the GSM system. The attack is called a Fake Base station Attack and the device is called an IMSI catcher.

How accurate is this claim? Is it possible to set up this type of surveillance without raising too much alarms?

Oddthinking
  • 140,378
  • 46
  • 548
  • 638
Aswin P J
  • 311
  • 1
  • 5
  • I believe this has already been debunked on snopes. Anyone on a desktop willing to look it up? – John Dvorak Apr 24 '16 at 18:47
  • FYI, Snowden most likely faces threats we can't even imagine, so what he needs to be afraid of will most likely have nothing to do with us. The government will want to spend big $$$ to nail that guy. Most of us they don't give a crap about, except for elections time. – Nelson Apr 25 '16 at 03:55
  • 1
    Is this question asking about `phones being turned on remotely`, or about `phones being used for remote surveillance`? IIRC the second case was actually widely discussed because this method was used in a big case against organized crime in the US. – fgysin Apr 25 '16 at 12:26
  • @fgysin phones being turned on remotely. – Aswin P J Apr 25 '16 at 12:57
  • @AswinPJ: Maybe you would like to clearly state this in your question and remove the surveillance part (or reduce it to background description). – fgysin Apr 25 '16 at 13:15
  • The explanation is a bit inaccurate - specifically the last paragraph. Basically, what is needed are Malware on the phone and a cooperative Network (or the described IMSI catcher). But other than that inaccuracy, the answer would be yes. See - http://skeptics.stackexchange.com/questions/17053/can-mobile-phones-be-tracked-when-theyre-switched-off/18930#18930; – Ofir Apr 25 '16 at 15:35
  • 7
    I'd recommend asking this on security.stackexchange.com. I think they'd be more qualified. – PointlessSpike Apr 25 '16 at 16:56

1 Answers1

18

It is technically possible to set up this type of surveillance without raising alarms, and it has been reported by credible sources to have been used by both the FBI and foreign governments to surveil cell phones, as is discussed in this related question.

There are well known techniques for surreptitiously "rooting" or "jailbreaking" a phone, which is typically a prerequisite to configuring the phone for this type of surveillance. For example, a few years ago it was demonstrated at the prestigious Black Hat conference that plugging a phone into a malicious USB charger can automatically install malicious code onto the phone. (Black Hat is the same venue in which Femtocell hacking, referred to above as the "fake base station attack", was publicized.) Therefore, all the attacker would need to do is get the target to plug in his or her phone into a malicious charger once. There have also been many so-called "untethered" jailbreaks to iOS, in which the phone can be infected with malicious software without the need of an external device or computer, typically by accessing a specially crafted webpage. There have also been a number of exploits in which a text message can install malicious software onto a phone.

Once the attacker has rooted/jailbroken the target phone, he or she has ultimate control over the device. There is well known software such as "PowerDown Enhancer" that proves it is possible to reconfigure the power button to, for example, run an app rather than shut down the device. That app could display a screen that looks identical to the phone's normal shutdown screen, and then turn off the display, but remain running. During this time it could do whatever it likes: record audio, report GPS location, accept remote commands, et cetera. When the power button is pressed again, the app simply displays a fake boot screen and then hides itself. The only indication to the target that something is awry might be reduced battery life and/or increased data usage.

Finally, it is important to remember that governments have many other resources at their disposal for espionage. Here is an excerpt from my favorite computer security paper, This World of Ours, by James Mickens and published by Usenix:

Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them.

Community
  • 1
ESultanik
  • 8,038
  • 3
  • 38
  • 49
  • so, in short, you can't remotely turn the device on - but you *could* fake it being off – warren Apr 29 '16 at 18:08
  • 2
    Well, it's a bit more nuanced than that, because it depends on your definition of "off". [Some phones will keep a low power baseband chip which can remain connected to a cell tower even when the main processor is off](http://blog.erratasec.com/2013/07/no-nsa-cant-track-phones-even-when-off.html). In a sense, as long as the phone has power, it's not really "off" because the circuits/chips that detect the power button press still need to be active. So I'm not prepared to say that "you can't remotely turn the device on"; it's just much easier to "fake" it, and that has been demonstrated before – ESultanik Apr 29 '16 at 18:14
  • Reminds me me of the "what the definition of 'is' is" from the Clinton-Lewinsky scandal. – warren Apr 29 '16 at 18:16
  • 2
    Heh, well, the point is that with modern phones unless you completely remove the battery there is always going to be some circuitry doing something, even when the phone is ostensibly "off". – ESultanik Apr 29 '16 at 18:23