Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next

Chapter 54

Cyber spying through mobile phone

Edward Snowden, the whistleblower behind the NSA surveillance, is rumored to leave his mobile phone in different premises before attending important negotiations.  The former NSA subcontractor is well aware of the threats linked with the use of mobile phones and how often intelligence agencies employ them for cyber spying on people of interest.

Tip

When having important negotiations, keep your phone in different premises.

A lot of users would regard the advice above as over-the-top and simply turn off their phone during negotiations. This may be a reckless move as malware can modify the performance of your phone making you believe your phone is turned off: on the surface, the phone seems turned off, but in reality, it will keep spying on everything around you.

Myth

It is possible to spy on a user even if his phone is turned off.

Fact

It is possible provided this phone is already compromised and some malware has been installed on it.

There is another myth eagerly perpetuated by many advanced users, and it has to do with the purported ability of cell phone jammers to protect you from cyber spying.

Myth

Cell phone jammers prevent cyber spying through mobile phone.

Fact

Almost any modern cell phone cyber spying software is very good at collecting data, and if there is no service, it will store it in the memory of the device. When the service is back, the collected data will be sent to the controlling server.

However, a quality ultrasonic voice recorder jammer will prevent a phone from recording sound.

Tip

If you fear your partners’ phones could be compromised and used for cyber spying, use voice recorder jammers.

In this chapter we will decribe how to use just a cellphone as a tool for cyber espionage, as the cellular communication itself is also vulnerable, we will talk about these vulnerabilities in the next chapters. Hackers may be tracking your location, listening to your calls and reading SMS, let alone intelligence agencies. Unfortunately, the SS7 protocols used in cellular communication are helplessly outdated and were designed without any security requirements in mind. However, there are a lot of users out there who still don’t believe it and have no awareness of the danger lurking.

US congressman Ted Lieu didn’t believe it either until he took part in an experiment where a hacker was able to listen to and record both ends of his conversations, SMS and trace his location.

The US representative used this phone to receive calls from then President Barak Obama, so Lieu’s reaction was straightforward. He demanded an investigation into the matter and that the security flaw should be fixed.

That the people who knew about this flaw and saying that should be fired. You cannot have 300-some million Americans-- and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable.
Ted Lieu

The security holes discovered in Signaling System Seven are exploited not only for cyber spying purposes. Attacks involving vulnerabilities in SS7 occur quite often, for instance, in Germany in 2017 some unknown hackers attacked mobile phone network O2-Telefonica to drain victims’ bank accounts.

What shall you do? For calls, use encrypted instant messaging clients, for instance, Telegram that offers peer-to-peer (P2P) encryption and refrain from using SMS for two-factor authentication.

There is another myth about surveillance defense which says that turning off GPS will help you protect yourself from having your location traced through mobile phone.

In reality, GPS is not the only technology used for tracking location. Your location can be tracked via the nearest cell towers, which allows an intruder to trace your whereabouts with the accuracy of up to 10 meters, as well as via Wi-Fi hotspots nearby.  Locating a user via nearby Wi-Fi hotspots is somewhat new, and you will find more about this method in this course. Currently, it allows for the identification of your location with the reliability of up to 10 meters if, of course, there are Wi-Fi hotspots around you and your Wi-Fi module is activated.

Turning your GPS in the phone’s settings doesn’t guarantee it is really turned off. You have to reconcile yourself to the idea that your phone is a bug and until it is on, provided an intruder has the required resources at his disposal, your location can always be tracked. You can use an older model without GPS and Wi-Fi, without operating system Android, this will help you reduce the risks of having your location traced leaving you vulnerable only to the detection of your whereabouts via the cell towers nearby.

Now let’s compare iOS and Android and see how protected and susceptible they are to cyber spying attacks. The former mayor of Vladiv