8

This is one of the statements of Richard Stallman in his homepage as an explanation of why he doesn't own a cell phone:

Cell phones are tracking and surveillance devices. They all enable the phone system to record where the user goes, and many (perhaps all) can be remotely converted into listening devices.

He also states that:

Nearly every cell phone has a universal back door that allows remote conversion into a listening device.

That leads to two questions:

  • How those back doors work?
  • Can cell phones be remotely converted to listening devices without a back door, just from its electrical components?
marcanuy
  • 446
  • 2
  • 15
  • 2
    Related: http://skeptics.stackexchange.com/questions/32639/can-cell-phones-be-turned-on-remotely-for-surveillance-by-the-nsa – DJClayworth Jul 19 '16 at 20:17

2 Answers2

10

Edward Snowden seems to think so:

"Mr Snowden said [UK intelligence agency] GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in."

And via the UK's Express

"Nosey Smurf is the 'hot mic' tool, so for example if it's in your pocket they can turn the microphone on and listen to everything that's going on around you.

"Even if your phone is switched off, because they've got the other tools for turning it on."

Additionally, malware on your phone (like StealthGenie) can "remotely activate the microphone on your device and record you" - Panda Security

And The FBI can do it too:

The FBI "was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family" to allow "a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations." -According to a story on Cnet

emphasis mine

Community
  • 1
Dedwards
  • 201
  • 1
  • 7
  • 3
    In almost any phone there is a "baseband processor" which is a dedicated hardware to process communication with the network. The hardware and software running on it is closed-source. This processor has full access to the phone. [Some very expensive secure phones have a dedicated firewall to filter the access of this baseband processor](http://www.cryptophone.de/en/company/news/next-generation-gsmk-baseband-firewall-detects-invasive-phone-tracking-protects-against-over-the-air-attacks/) but a normal user can't do anything against that access. – Josef Jul 20 '16 at 11:14
  • I don't really think that any of those sources are exactly reputable regarding security tech or without second intentions (in the case of Panda Security). – T. Sar Jul 21 '16 at 14:00
  • @ThalesPereira, I could've sourced wikileaks, but I didn't want to wind up on a list. :P – Dedwards Jul 21 '16 at 14:45
4

Yes. And not just by the police.

There are existing demonstrated attacks which allow a malicious 3rd party to do so.

http://www.computerworld.com/article/2472441/cybercrime-hacking/mobile-rat-attack-makes-android-the-ultimate-spy-tool.html

At the RSA conference, there was a particularly scary session called Hacking Exposed: Mobile RAT Edition. CrowdStrike co-founder Dmitri Alperovitch showed an end-to-end targeted attack on an Android smartphone, starting with social engineering to trick the user into clicking a link, silently installing malware via a drive-by download, and then covertly taking control of the device, accessing the microphone and camera, to steal sensitive information.

For more:

http://www.makeuseof.com/tag/malware-android-5-types-really-need-know/

Do you have any apps that let you open links inside them without having to go to your browser app? The component that renders the page for you in that situation is called Webview – and if you are one of the 950 million people who are running Android 4.3 Jellybean or lower, you need to know about this vulnerability.

While browsing in Webview, you’re vulnerable to a Universal Cross-Site Scripting (UXSS) attack. This means that if you happen to click on a malicious link, an attacker can execute any malicious code he or she wants through JavaScript – completely bypassing the security mechanisms that usually protect you. The attacker can use this vulnerability to automatically install any app they want onto your device.

Google has no plans to patch this vulnerability in Android 4.3 or lower.

Another example would be Carrier IQ which came installed on 150 million phones (by the manufacturers or network operator) which was shown (depending on what settings the carrier chose) to send every keypress in plaintext over the network, including usernames and passwords.

https://en.wikipedia.org/wiki/Carrier_IQ

https://www.youtube.com/watch?v=T17XQI_AYNo

So, apps can listen in on you and apps can send info to 3rd parties. Now lets give an example of remote installation.

Google includes a nice feature which is very convenient for user but is only possible because they have the absolute power to install apps remotely without interaction being required on the phone:

http://joyofandroid.com/remotely-install-google-play-and-third-party-apps-on-android/

Step 1

Launch the Google Play Website on your PC or any other device that you’re using. Sign in with your Google account from the menu in the top right. Make sure that you sign in with the same ID that you use on your Android phone.

Step 2

Browse through the Google Play store in order to find the app that you’re looking for. You can view the apps in categories and can also search for the app through the search text box. Once you find the app that you’re looking for, click on it. You’ll be taken to the app’s download page.

Step 3

Tap on the Install button below the app name. You’ll now see an app installation popup with details, such as the app’s permissions.

Step 4

Click on the dropdown menu below Choose a device and select your Android phone. Click on the INSTALL button.

Step 5

You’ll now get a Congratulations popup message. Click on the OK button. That’s it! The app will now be installed on your phone if your device is connected to the internet. If the device is not connected to the internet, then the app will be installed as soon as there is an internet connection.

Since you can do this from your google account page it's a simple demonstration that google can do this at any time with arbitrary applications. If a court orders them to give someone access to the "install applications remotely" page for your devices then do you think they're going to refuse?

Community
  • 1
Murphy
  • 9,486
  • 1
  • 47
  • 45
  • 1
    This doesn't answer the question. Remote installation is different from a social attack - it is still the user that installs the malware in your case. If the user is careful enough, he or she can avoid any attack of this sort. – T. Sar Jul 20 '16 at 18:07
  • @ThalesPereira not really, it isn't a case of getting a user to install an app, they just click a link inside a webpage and a security hole in a large fraction of the worlds android devices allows installation of arbitrary applications without the user getting a prompt about whether they want to install. They have to be careful to the point of utter paranoia to avoid this. – Murphy Jul 21 '16 at 10:13
  • 1
    Then that's not remote installation. That's just a plain, old virus. Remote installation would be something in the sorts of some CIA agent clicking a button and, _without user intervention_, the malware payload ending up on the user's cellphone. If you consider "the user clicking a link" remote installation, then _every_ regular computer in the world that is connected to the internet can be "remote controlled". – T. Sar Jul 21 '16 at 11:01
  • @ThalesPereira Once someone has compromised the phone they can indeed install things remotely with the click of a button to monitor your microphone .The question was "Can cell phones be remotely converted into listening devices?", not "can they be converted by super special means different to PCs?". I gave 2 malicious 3rd party examples and one example of spyware built into many phones by the manufacturers or carriers. Since some PC have been known to come with spyware preinstalled or software/hardware backdoors your criteria would rule out any possible example. – Murphy Jul 21 '16 at 11:17
  • 1
    You gave examples of regular malwares, not some sort of remote installation technique. The question doesn't assume a pre-compromised cellphone. Also, Carrier IQ is not a tool to convert the cellphone into a listening device, but just plain bad software. – T. Sar Jul 21 '16 at 11:53
  • 1
    Keep in mind that the question is "Can cell phones be remotely converted to listening devices without a back door, just from its electrical components?". You don't adress it. You also don't show that there is a backdoor, just that they are vulnerable to regular viruses (which isn't a surprise, they are computers afterall.) – T. Sar Jul 21 '16 at 11:54
  • @ThalesPereira that doesn't appear to be the question I'm seeing. Just your "creative" interpretation of it. – Murphy Jul 21 '16 at 11:57
  • 1
    Check the last line of the question. I just copy-pasted it. – T. Sar Jul 21 '16 at 13:54