Your phone got hacked by a ‘Nosey Smurf’.


Hacked?

Not so long ago, iPhone users all over the world were exposed to a bug able to shut down their phone by one simple text message[1]. I too received such a message as a prank, but did not consider the security implications that come with phones reaction on text commands. Later this year an android vulnerability “Stagefright” came to light, allowing hackers access full access to every Android phone with just a phone number[2]. Luckily both bugs have been fixed by the companies right after, but the security risk remains. There is no guarantee every bug has been revealed instead of being exploited by hobbyists, hackers, or governments.

The latter is now expected to be the case. Edward Snowden explains in an interview by the BBC how UK intelligence agency GCHQ is able to control your phone by text messages, completely hidden from the knowledge of the owner[3]. It does so by sending an encrypted text message to gain access.

Smurfs?

Snowden talks about a “Smurf Suite”, a collection of phone control tools of GCHQ named after various smurfs. “Dreamy Smurf” is able to shut down and boot up the phone, “Nosey Smurf” can turn on your microphone and listen to your conversations, and “Tracker Smurf” is a tool able to track your geo-location with greater precision than normal triangulation of cellphone towers. And they can do even more, like taking pictures without your knowing, viewing your mails, texts and browsing history, and even

Snowden explains how NSA is understood to have a similar program, and are suspected of providing the technology. “GCHQ is to all intents and purposes a subsidiary of the NSA.” he tells the BBC, where GCHQ receives tasking and directions to go after. These projects are aimed to catch suspected involvement in terrorism, pedophilia or other serious crimes, but in order to do so, they have to collect mass data. Your data.

What now?

Snowden makes a valid point by stating you don’t own your phone, but “whoever controls the software owns the phone”. We see this increasing risk in software and privacy issues, and users are becoming more aware of this. The Windows 10 release has been highly critiqued by its security statement[4] and Europe’s highest court just rejected the ‘safe harbor’ agreement after Max Schrems started a case against Facebook[5]. It is clear that the battle for privacy has just begun.

-Jurgen

Sources

[1] http://www.engadget.com/2015/05/27/apple-fixing-ios-text-crash-bug/

[2] http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/

[3] http://www.bbc.com/news/uk-34444233

[4] http://www.wired.com/2015/08/windows-10-security-settings-need-know/

[5] http://www.nytimes.com/2015/09/24/business/international/adviser-to-europes-top-court-calls-data-transfer-pact-insufficient.html?partner=rss&emc=rss&_r=1

Advertisements

Tags: , , , , , , , , , , , , , , , , ,

5 responses to “Your phone got hacked by a ‘Nosey Smurf’.”

  1. 358985ks says :

    Interesting post!

    This just shows again that everything could be monitored and that if they (NSA etc.) wants information they can easily get it.
    People do criticize privacy issues more, but still not enough. When people see that they are being monitored (with camera’s, windows 10 security settings etc.), they make a big deal out it. But when people can’t notice that they are being monitored, only a small group of people make a big deal out of it.

    With whistle blowers like Snowden, more privacy infringement will be public and it will be interesting to see how the battle of privacy will develop in de coming years. What is more important: Privacy vs. Safety

  2. 344571ms says :

    I find this a very interesting topic, and I think that the main subject here is what people value more, is that their own privacy or their safety? And, if the people are actually aware of all these posibillities government organizations like the NSA have to “spy” on them, will they bother to do something about it, or do they not care if it is for the greater good?
    In your blog you state the problem as if it is something bad, but is it really? If these powerful organizations misuse their power to gain acces to your phone without any reason, it might be. But if they are using their power and knowledge to prevent national disasters, solve crimes, and to simply make the world a safer place, I think they are doing a great job. And with the latter statement, I think, most people will agree, unless they have something to hide.
    I argue that if, and only if, governmental organizations use their power for the greater good, this is actually a good thing. It becomes a problem when these techniques can be used by people who want to harm you.

  3. 344064mv says :

    The battle for data privacy is super relevant right now. Yesterday, the European courts ruled that storing data in the US is not safe, as the US government is constantly snooping around. The US and the EU had a ‘safe harbour’ agreement, which stated how the US should protect data from EU citizens. With yesterdays court ruling, this agreement is off the table.

    This means that international companies like Facebook can no longer store their data regarding EU citizens in the US. As this basically happened overnight, most companies will have to move fast to store their data elsewhere.

    I think its kind of great that the EU is at least trying to protect privacy. I’m curious to see if it helps…

    http://www.theguardian.com/world/2015/oct/06/us-digital-data-storage-systems-enable-state-interference-eu-court-rules

  4. jurgenlangbroek says :

    Thanks for all the replies. I agree on most parts but have some small remarks on 344571ms. “unless they have something to hide” is an often used argument which I don’t think is entirely true. I agree the line between security and privacy is thin, and in the end security might be of more importance. But even though I have nothing to hide on the subject of investigation, my data is still saved into systems which I have no control over. Information that might not be of importance right now, could have devastating effects in the future. We are living in a part of the world where we can mostly trust our government right now, but this is no guarantee for the years to come. If whistleblower Edward Snowden is able to reveal ‘secret’ government documents, who says they are able to store my data securely?

    As 344064mv mentioned, there are different rules on this subject throughout the world. I find it very interesting what is going to happen when the US has no access to our data, as EU regulations are far more strict. This will all depend on the future developments on this subject, in which TPP will play a major role (https://www.washingtonpost.com/news/powerpost/wp/2015/10/06/eu-court-invalidates-data-pact-tpp-raises-concerns-for-rights-advocates-trump-hotels-confirm-data-breach/)

    All in all, I’m not trying to convince governmental security systems are essentially bad. But it a serious threat to our privacy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: