The Privacy BlogThoughts on privacy, security, and other stuff.

CAT | cellular

OS News has an interesting article: The second operating system hiding in every mobile phone

It discusses the security implications of the fact that all cell phones run two operating systems. One is the OS that you see and interact with: Android, iOS, Windows Phone, BlackBerry, etc. The other is the OS running on the baseband processor. It is responsible for everything to do with the radios in the phone, and is designed to handle all the real time processing requirements.

The baseband processor OS is generally proprietary, provided by the maker of the baseband chip, and generally not exposed to any scrutiny or review. It also contains a huge amount of historical cruft. For example, it responds to the old Hays AT command set. That was used with old modems to control dialing, answering the phone, and setting up the speed, and other parameters required to get the devices to handshake.

It turns out that if you can feed these commands to many baseband processors, you can tell them to automatically and silently answer the phone, allowing an attacker to listen in on you.

Unfortunately the security model of these things is ancient and badly broken. Cell towers are assumed to be secure, and any commands from them are trusted and executed. As we saw at Def Con in 2010, it is possible for attackers to spoof those towers.

The baseband processor, and its OS, is generally superior to the visible OS on the phone. That means that the visible OS can’t do much to secure the phone against these vulnerabilities.

There is not much you can do about this as an end user, but I thought you should know. :)

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

· · ·

Tech companies respond to reports of NSA tracking switched-off mobile phones | Privacy International

Based on a single line in a Washington Post article, Privacy International has been investigating whether it is possible to track cell phones when they have been turned off. Three of the 8 companies they contacted have responded.

In general they said that when the phone is powered down that there is no radio activity, BUT that might not be the case if the phone had been infected with malware.

It is important to remember that the power button is not really a power switch at all. It is a logical button that tells the phone software that you want to turn the phone off. The phone can then clean up a few loose ends and power down… or not. It could also just behave as though it were shutting down.

They don’t cite any examples of this either in the lab or in the wild, but it certainly seems plausible.

If you really need privacy, you have two options (after turning the phone “off”):

1) If you can remove the phone’s battery, then doing so should ensure that the phone is not communicating.

2) If you can’t remove the battery (hello iPhone) then you need to put the phone in a faraday cage. You can use a few tightly wrapped layers of aluminum foil, or buy a pouch like this one.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

·

ArsTechnica has a nice article on a recent ruling by the US Fifth Circuit court of appeals.

In this 2-1 decision, the court ruled that cellular location information is not covered by the fourth amendment, and does not require a warrant. The logic behind this ruling is that the information is part of business records created and stored by the mobile phone carriers in the ordinary course of their business.

Therefor, the data actually belongs to the phone company, and not to you. The Stored Communications Act says that law enforcement must get a warrant to obtain the contents of communications (the body of emails or the audio of a phone call) but not for meta-data like sender, recipient, or location.

The court suggests that if the public wants privacy of location information that they should demand (I suppose through market forces) that providers delete or anonymize the location information, and that legislation be enacted to require warrants for access to it. Until then, they say we have no expectation of privacy in that information.

The Fifth Circuit covers Louisiana, Mississippi, and Texas.

This ruling conflicts with a recent New Jersey Supreme Court, which unanimously ruled that law enforcement does not have that right, which ruling only applies in New Jersey.

Montana has a law requiring a warrant to obtain location information, while in California a similar bill was vetoed.

It seems very likely that one or more of these cases will go to the supreme court.

· · · · ·

The ACLU just posted an article about a recent federal magistrate judge’s ruling. It is a somewhat bizarre case.

The DEA had an arrest warrant for a doctor suspected selling prescription pain killer drugs for cash. They then requested a court order to obtain his real time location information from his cell provider.

The judge went along, but then published a 30 page opinion stating that no order or warrant should have been required for the location information because the suspect had no expectation of location privacy. If he wanted privacy, all he had to have done is to turn off his phone (which would have prevented the collection of the information at all, not just established his expectation).

So, if this line of reasoning is picked up and becomes precedent, it is clear than anyone on the run needs to keep their phone off and / or use burner phones paid for with cash.

My concern is that, if there is no expectation of privacy, is there anything preventing government entities from requesting location information on whole populations without any probable cause or court order.

While I think that the use of location information in this case was completely appropriate, I would sleep better if there was the check and balance of the need for a court order before getting it.

This is another situation where technology has run ahead of the law. The Fourth Amendment was written in a time where information was in tangible form, and the only time it was generally in the hands of third parties, was when it was in the mail. Therefor search of mail in transit was specially protected.

Today, cloud and telecommunication providers serve much the same purpose as the US Postal Service, and are used in similar ways. It is high time that the same protection extended to snail mail be applied to the new high tech communications infrastructures we use today.

· · ·

Dictionary apps post false piracy confessions on Twitter – Crave

The Oxford Deluxe dictionary app requests access to your twitter account when it is installed. In some cases it then uses that account to post hundreds of identical tweets saying that you will pledge to stop pirating software.

It is not exactly clear what criteria the software uses, but obviously there is a lot of backlash going on.

Another argument for taking great care about what applications and services you allow to take control of your social media accounts.

· · ·

Older posts >>