Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Communications Network Security

Nobody's Cellphone Is Really That Secure, Bruce Schneier Reminds (theatlantic.com) 80

Posted by msmash from the a-primer dept.
Earlier this week, The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one, writes Bruce Schneier. From a story: Security experts have been talking about the potential security vulnerabilities in Trump's cellphone use since he became president. And President Barack Obama bristled at -- but acquiesced to -- the security rules prohibiting him from using a "regular" cellphone throughout his presidency. Three broader questions obviously emerge from the story. Who else is listening in on Trump's cellphone calls? What about the cellphones of other world leaders and senior government officials? And -- most personal of all -- what about my cellphone calls?

There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet's major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing "target selectors": phone numbers the NSA searches for and records. These included senior government officials of Germany -- among them Chancellor Angela Merkel -- France, Japan, and other countries.

Other countries don't have the same worldwide reach that the NSA has, and must use other methods to intercept cellphone calls. We don't know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a U.S. congressman's phone live on camera in 2016. Back in 2005, unknown attackers targeted the cellphones of many Greek politicians by hacking the country's phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company. Alternatively, an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don't think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.
This discussion has been archived. No new comments can be posted.

Nobody's Cellphone Is Really That Secure, Bruce Schneier Reminds More

Nobody's Cellphone Is Really That Secure, Bruce Schneier Reminds

Comments Filter:
  • and you failed miserably. The lesson is never try [youtube.com].

    • Re: You tried your best (Score:1)

      by Anonymous Coward

      That's not the point of the president using a hardened phone. They may have spent $250,000 of tax payer dollars on approving the firmware of the presidential phone. All that is a waste if he uses his iPhone. Our president is quite literally an idiot.

  • So if you're ever tempted to take a picture of your penis and send it to someone, keep in mind that US, Russian and Chinese intelligence agencies will all have a picture of your penis the moment you hit "send."

  • Not surprised either; but for a different reason.. (Score:4, Interesting)

    by bogaboga ( 793279 ) on Sunday October 28, 2018 @09:14AM (#57549057)

    The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one, writes Bruce Schneier.

    My $0.02 why I am not surprised: -

    Our government does routinely spy on friends [bbc.com]

    Our friends in the Mideast once returned the favor! [wrmea.org]

    I guess we are getting a taste of our own MO.

    • If you know you're being spied on (I find it hard to believe that the Times would find out before the U.S. government) wouldn't that just motivate you to feed bad information through those channels? Sure, you could try to block the spying, but that just means that the spy tries something else and you're uncertain as to whether or not they're intercepting your communication again. Also, they're faced with the difficulty of trying to determine if there's another line of communication that they don't have acce

      • Re: (Score:3)

        by AmiMoJo ( 196126 )

        The spies know that you know they are spying and likely feeding them bad info. They probably assign low value to anything heard on a Trump phone call unless they can corroborate it. It's still very useful intel though, because even knowing what they want you to know has value, not to mention all the stuff that is true and more general stuff like the President's mood/state of mind, speech patterns and unfiltered reactions. Well, okay, the latter is usually on Twitter 10 minutes later, but still...

      • If you know you're being spied on (I find it hard to believe that the Times would find out before the U.S. government) wouldn't that just motivate you to feed bad information through those channels?

        Indeed, this is the strategy being used by the White House: Owing to Trump's level of sheer incompetence, most everything that comes out of his mouth is bad information.

        • Re: (Score:2)

          by sudon't ( 580652 )

          If you know you're being spied on (I find it hard to believe that the Times would find out before the U.S. government) wouldn't that just motivate you to feed bad information through those channels?

          Indeed, this is the strategy being used by the White House: Owing to Trump's level of sheer incompetence, most everything that comes out of his mouth is bad information.

          It doesn’t have to be about government or politics to be useful information. Trump has little interest in those topics, anyway. I wouldn't be surprised if Trump wants to use his own phone because he’s more worried about his own government spying on him, (although I’m sure laziness is a factor). If he’s using that phone to run his always shady business deals, that could be very compromising information.

    • I agree.

      The three letter agencies (not counting their other internal and external allies) are watching from the satellites, intercepting at NAP points, and sniffing lots of everything else. It's a big industry with lots of contractors across the planet. They watch each other, looking for new and interesting techniques. They sift and sniff the gargantuan amount of data looking for stuff, and sometimes they're successful, allies or not.

      The latest SDRs are full of fun and mirth for those wishing to do trivial

  • Lock him up! (Score:5, Informative)

    by quonset ( 4839537 ) on Sunday October 28, 2018 @09:15AM (#57549063)

    Remember all the whining and hand wringing over Hillary Clinton using an unsecured email server? Remember how people said she was giving away state secrets and should be in jail?

    Funny how those same people are absolutely silent when the con artist gives away national secrets every day over an unsecured phone.

    • Remember that Hillary wasn't President? Remember that Trump is President? Granted it would have been bad if a simpleton like Obama was leaking information, but Trump's enormous mind will just confound the Chinese, it wouldn't be surprising if they preemptively surrendered to the nearest US warship.

    • Hillary Clinton received Top Secret material on her unsecured email server. She should be in jail right along with Reality Winner, for the same reason.

      But she proved that there's one set of rules for the little people, and one set for elites. Thus Trump doesn't need to worry. Thanks Hillary!

    • Funny how those same people are absolutely silent when the con artist gives away national secrets every day over an unsecured phone.

      This is nothing new... and people on both sides of the political spectrum are equally guilty of the practice. Whether it’s Bill Clinton’s behavior towards women (vs. Trump’s), or Democratic delay tactics with the Kavanaugh nomination (versus Republicans refusing to hold hearings for Merrick Garland) - lots of people only see behavior as wrong if it is convenient for them to do so.

    • If you've got proof he spilled classified materials over an unsecured phone, then he absolutely should be jailed like Hillary (who wasn't). But as far as I've been able to tell, the NYT uncovered no evidence of wrongdoing (and you can bet they'd trumpet it if they had). They basically wrote a hit piece implying what could be happening in the hopes that people like you would jump to conclusions and get all stirred up about it. "White House officials say they can only hope he refrains from discussing class

  • The safest approach ... (Score:3)

    by Artem S. Tashkinov ( 764309 ) on Sunday October 28, 2018 @09:38AM (#57549149) Homepage
    Is to deem your smartphone compromised by default and if you're really concerned about the privacy and security of your communications then you deal with the interested parties vis-a-vis or use off-the-shelf computers with trusted software like e.g. Linux/*BSD and communication software which is known to be secure, like ring.cx, signal or wire. In order to protect yourself from compromised hardware you need to set up an internet router (any Wi-Fi access point which supports *WRT) and make sure that your traffic goes exactly where you intended it to go and not to some third parties.

    • Re: (Score:1)

      by Anonymous Coward

      Nothing is "known to be secure", they just don't have any known vulnerabilities. That does not, however, mean that vulnerabilities do not exist. There can be subtle flaws in the algorithms, the implementations of those algorithms or even in the hardware they run on.

  • This can be extended to any network: they aren't secure. The purpose of a network is to communicate, not hide communications. It sounds strange, but true. You can attempt to add security to it, but the concept of a network means sharing information.

  • The inception of Five Eyes (Score:5, Informative)

    by MrKaos ( 858439 ) on Sunday October 28, 2018 @10:03AM (#57549231) Journal

    Everyone has got to know about this international intelligence sharing agreement Echelon [wikipedia.org] UKUSA/SIGINT [wikipedia.org] that created 5 eyes by now. Surely? It has been in operation since the 1940's. I shouldn't be surprised that not even the article mentions it. It is the governance document for this kind of telecommunications surveillance.

    I have a scan of the agreement however I've found it difficult to find the text online. The NSA links to the UK/USA [nsa.gov] seems to be broken for me. Maybe they're just interested in who is interested. ;). However a bit more digging and I found this article from the guardian [theguardian.com] that link to UK National Archive copy [nationalarchives.gov.uk] of the agreement. It was not available online for some time after I got it - so I suggest you grab a copy to get some idea how this agreement works. After all that's one reason it was kept secret for so long.

    Essentially agencies can't spy on domestic citizens so they ask a counterpart agency to spy for them. I read somewhere that even back as far as the 90's it was doing signal processing to "gist" (as in get the gist of) about 500,000 phone conversations using data centers the size of football fields and promote them to analysts automatically. They had two nuclear submarines that would be positioned over undersea fibre optic telecommunications nodes so I think you can surmise just how well funded this agreement is if five western nations are involved.

    It is like a Berlin wall of surveillance for the western world.

  • I guess nobody cares about the truth anymore. Thanks, Slashdot, for being just another propaganda tool.
    Here's what Trump wrote on this Twitter:
    "The New York Times has a new Fake Story that now the Russians and Chinese (glad they finally added China) are listening to all of my calls on cellphones. Except that I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines. Just more made up Fake News!"

    • Re: (Score:2)

      by habig ( 12787 )

      Here's what Trump wrote on this Twitter: "The New York Times has a new Fake Story that now the Russians and Chinese (glad they finally added China) are listening to all of my calls on cellphones. Except that I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines. Just more made up Fake News!"

      He tweeted from a hard line? Cool tech!!!

    • Re: (Score:2)

      by sudon't ( 580652 )

      Here's what Trump wrote on this Twitter:
      "The New York Times has a new Fake Story that now the Russians and Chinese (glad they finally added China) are listening to all of my calls on cellphones. Except that I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines. Just more made up Fake News!"

      Which he sent from his iPhone. Use TweetDeck. It’ll tell you which phone he’s using.

  • This should be common knowledge by now? (Score:4, Insightful)

    by MindPrison ( 864299 ) on Sunday October 28, 2018 @10:07AM (#57549249) Journal

    Cell phones have been possible to listen in to, even by citizens (with some skills, and expensive equipment) for quite some time now.

    The technology is the same that it has been using for the last 10-15 years, the encryption back then was too hard for that time, but today - with insanely strong GPU's and CPU's - heck...even FPGA's with a little specialized design - can crack that stream open like a tunnel wide gate, and there's even open source software so you can experiment with your "own" equipment and algorithms. Figure this - you can purchase a 2$ cellphone module complete with IMEI number, receiver/transceiver, data module, parser, encryption/decryption all-in-one-chips on eBay for the longest time. Did anyone really think these would have such processing capacity in 2018 that it couldn't be hacked today with our insane home computers (insane in comparison to 10+ years ago)?

    There was even this instance where there were an old Nokia Telephone (33xx I think, not sure - but it's googleable), that had a bug that enabled you to get into monitoring mode, that phone was sought after for sinister purposes back then - and hard to find, but it was quite true.

    • My old Motorola StarTAC [wikipedia.org] flip phone (circa ~1998) could be set up to "accept a call and answer automatically" without ringing or indicating that it was doing anything. It wouldn't make so much as a beep...it would just answer and let you listen in.

      It basically gave you an on-demand, remotely-controllable audio bug that could be accessed from anywhere in the world that had cell service.

      Do you really think that current, modern phones don't have that capability?

  • Who else is listening in on Trump's cellphone calls? What about the cellphones of other world leaders and senior government officials? And -- most personal of all -- what about my cellphone calls?

    About the first: one would hope that the americans are listening to Trump's calls. Not just so that they know what every other world power learns from their eavesdropping, but also to gauge how well their own manipulation of his thought processes are proceeding, too.

    Regarding the second point, one hopes - expects, even - that other world leaders are more circumspect. Since we don't hear about Xi on weibo or Merkel on twitter, we can assume that they are doing the statesmanlike thing and not blabbing stup

  • He should not use any means of communication for anything which is not secure and encrypted.

  • Of course your phone is insecure....you're running software you don't understand on a device you don't understand, using networks you don't understand. Why anyone would think they could do this "securely" is beyond me.

    So sure- some of you install a firewall and anti-virus program and think that that's going to fix all those aforementioned problems. It won't.

    The fact is that there's a very, very good chance that your phone is running something you don't want, never asked for, and can't detect let alone contr

  • This seems a little simplistic considering public carriers are businesses out to make a buck and stay in the government's good graces, and methods to breach security can be had easily, if deliciously [sciencedaily.com] while adding security pretty much just subtracts from their bottom line.

    But what about the phone he was *supposed* to be using? I'd think that the NSA would be able to configure/vet that to be inversely as secure as the public carrier networks aren't.

  • I still facepalm a bit when I see people whinging about: "Oh noes! Apple/Google might be monitoring your phone calls, location, or whatever. Targeted ads and Siri suggestions are CREEPY!". This, when they're carrying around a cell phone... ANY cell phone... in the first place.

    Look... Apple may or may not be spying on you. Tim Cook's fight against the FBI and all his remarks about privacy may or may not be just for show. Google definitely IS spying on you. But it's primarily so they can better target

  • Now the Russians and the Chinese get to be as confused as we are about U.S. policy.

Slashdot Top Deals

Never test for an error condition you don't know how to handle. -- Steinbach

Close