As you know if you’ve been reading my blog for a while, I’ve written several articles on OPSEC. This one hits a lot closer to home.
In order to live in a technological society, you have to give up certain expectation of privacy from those who have the technology to tap into certain systems. If you email someone, you have to expect that someone could read those emails. If you talk on your cell phone, you have to expect that someone could overhear your conversation if they had the tech and chose to use it.
I’m not saying that you should stop using tech, because tech is very useful, but you need to know what you’re opening yourself up to if you don’t take certain precautions.
By now, you probably know that your phone can be tracked when you’re using it and that someone can listen in to your conversation if they have the right equipment.
I’ll start with the basics first.
But what about when you’re not using your phone?
It’s been widely reported that the government – or someone with that level of access – could listen to you talking by accessing the microphone through apps that you’ve installed. Those apps may not have been designed to do that, but they could be used that way if someone knew how to tap into the app and have that information sent to them.
They can even listen to your microphone if your phone is turned off, unless your phone is in DFU mode so they can’t access the device. Here’s how to do that:
Just think of all the Angry Bird games, facebook apps, and others that people download all the time. Do you know what’s in the code? Neither do most people. Even some apps that have innocent code have been known to be used by governments to spy on people.
Facebook is currently under fire for forcing people to install their messenger app to continue being able to chat with other facebook friends. If you install it on an Android, you’re giving it access to your phone’s calendar, contact list, GPS location, camera, and microphone. For iPhone, you manually give it access to all that – at your own risk.
If you give apps access to parts of your phone, that access may be abused.
Gyroscopes can turn your phone into a microphone
But, did you know that they don’t need to access the microphone to listen to your conversations?
Smart phones these days have something called gyroscopes in them. What these things do is measure movement and orientation. This is extremely useful for letting the phone know when it’s being held horizontally or vertically or assisting with navigation apps.
Recently, it was shown that someone could tap into those gyroscopes and actually convert the phone’s vibrations into sound. Researchers from Stanford University with Israeli defense firm Rafael have developed an Android app called Gyrophone that picks up vibrations of sound by using vibrating pressure plates in the phone’s gyroscope. What they’ve essentially done is convert the phone itself into a microphone.
Watch this quick video:
Pretty scary, right?
Well it gets worse.
Using your cell phone to spy on your computer activity
Have you ever heard of a keylogger? With a keylogger such as the Keyllama 4MB USB Value Keylogger, whatever you type into your keyboard on your computer is stored and can then be retrieved by someone else. Spies, private investigators, and suspicious spouses have been using them for years. You just have to get access to the computer to plug it in somehow and then retrieve the keylogger later to read the data. Even worse, there are some that you can just plug in and they send out the data by wifi!
So you may think then that your computer activities are safe as long as you don’t let anyone near your computer. You’d be wrong about that.
You may have missed this news but Georgia Tech and MIT came up with a way that they can actually spy on your computer activity through your cell phone in pretty much the same way as a keylogger does.
In case this gets deleted from the web, and so you can see the actual data from their study, I’ve uploaded the pdf so that you can read the whole thing here. It’s called (sp)iPhone Decoding Vibrations From Nearby Keyboards.
Just to cut to the chase, this is from the study’s conclusion:
Mobile phones contain an array of powerful sensors. While access to many of the most obvious sources of information is generally restricted, the use of a number of a number of other seemingly innocuous sensors is not. In this paper, we demonstrate that unfettered access to accelerometer data allows a malicious application to recover and decode the vibrations caused by keypresses on a nearby keyboard.
Technically, it uses a similar method that researchers have been able to reconstruct human voices by video recording the vibrations of a potato chip bag and then running the video through a computer program.
What can you do to protect yourself?
So what can you do about this? Other than continually buying drop phones and having your number forwarded to them, there’s a pretty simple solution that will allow you to use your phone whenever you want and not worry about people being able to access it while it’s sitting in your pocket or near your computer.
Currently, your keystrokes can only be deciphered if your phone is set next to your keyboard (where mine usually
is was). At the moment, that seems to mitigate the threat. As technology improves – or their algorithms do, they’ll be able to listen in with more accuracy from farther away.
A better solution would be to get a good RF-shielding cell phone case, but make sure you get a quality one that has effective shielding. Obviously you can’t receive calls while it’s being shielded but most systems will update your phone on missed calls once you pull the phone out.
An added protection this gives you is your movements can’t be tracked by cell towers while your phone is in the case (which can happen even if you don’t have a smart phone) – and it can protect you from thieves and others reading the RFID off your credit cards and ID.
Oh, you didn’t know they could do that? Log into the same google account that’s on your phone and check out this link. If you’ve not set your settings correctly, you’ll see a map of your movements while you’ve had your phone. Unfortunately, this doesn’t mean that some app-writer couldn’t also access this information without your knowledge.
If you’d like to learn more about how to hide your digital footprint and your privacy, check out How to Disappear: Erase Your Digital Footprint, Leave False Trails, And Vanish Without A Trace, which was written by Frank Ahearn, the number one skip-tracer who now works to teach people how to protect their privacy.