Infamous US fugitive Ed Snowden is back in the limelight.
This time, it’s an add-on hardware component that’s supposed to make your iPhone more resilient to surveillance.
Many of the headlines we’ve seen are along the lines of “Snowden designs device,” or “Snowden designs anti-snooping iPhone case,” a reminder that the CIA whistleblower’s name still attracts plenty of attention.
However, this story comes from a recent article with the colourful title Against the Law: Countering Lawful Abuses of Digital Surveillance, co-authored by Andrew “bunnie” Huang and Edward Snowden.
In hardware hacking circles, the name bunnie is almost certainly a bigger drawcard than Ed Snowden; after reading the paper, we’re assuming that the bulk of the work is bunnie’s.
Indeed, the research required a visit to hardware-hacker-friendly Shenzhen in China, where you can find out obscure details – things that you didn’t even know you wanted to know – about proprietary hardware.
We suspect that Ed Snowden probably didn’t participate in that part of the work, because he would have needed to travel outside Russia, where he currently lives.
That would mean risking a diversion to the US at some point, where the authorities are currently keen to have a word with him.
Spy versus spy
The main motivator for this project is a remarkably simple one: the authors are tackling a problem that has had many of us wondering, and some of us worrying, for ages.
Years of announcements and instructions by airline staff have invited us to believe that “airplane mode” puts our mobile phones into literal radio silence.
But what actually happens to a phone in airplane mode?
Does it, can it, will it, might it send and receive data anyway?
Whether by accident or design, what does your phone tell other people about you when it’s in what is supposed to be “fully-offline” mode?
Of course, turning your phone off entirely, removing the battery, placing it in a Faraday cage and leaving it at home is a perfectly valid counter-surveillance tactic when you’re out on the streets reporting on a protest march, but it’s not very practical if your plan is to file reports as you go along.
So, Huang’s goal is to provide a hardware tool that lets you enjoy all the many benefits of a mobile phone, including leaving a trail of digital breadcrumbs when you are willing to do so…
…but with an easy way of turning off that trail when you want, and a way of making sure that the digital breadcrumbs actually are off.
Who needs it?
As you might expect, given their track records and their personal beliefs, Huang and Snowden are aiming their project squarely at protecting journalists:
Front-line journalists are high-value targets, and their enemies will spare no expense to silence them. Unfortunately, journalists can be betrayed by their own tools. […] This work aims to give journalists the tools to know when their smart phones are tracking or disclosing their location when the devices are supposed to be in airplane mode.
Does this matter to the rest of us?
Actually, it does.
Even if we don’t mind being tracked, it’s important that security-related configuration settings do what a reasonable user would expect, if only so that we don’t end up in a world riddled with security exceptions.
If we’re conditioned to expect security that doesn’t work properly, we learn to accept it, and thus we make it easier for crooks to sail through amongst those exceptions.
How will it work?
We think you should give the Huang and Snowden paper a read right through.
Even if you don’t understand the technical details, the range of different techniques that can be used to secure (and breach) a device that can both transmit and receive is fascinating.
After considering several possibilities, the authors decided to adopt what we’ll refer to as a “risk reduction and detection” technique.
They decided on active add-on hardware that monitors the electronics of the phone from outside.
In other words, if the “Against the Law” device is ever made, it won’t just be a security slip case into which you slide your phone to shield it.
You, or someone you trust, will have to open up the device and modify it by attaching connectors at key points. (See the paper for some eye-opening images of just how precise this sort of work needs to be.)
An external processor will control the attached probes, making it much less likely that unauthorised software hacks on the phone itself could carry out surveillance and counter-remediation on the anti-surveillance and remediation device.
For example, they discovered that by externally forcing an electronic reset on the Wi-Fi hardware while the phone rebooted, they could trick the iPhone, and thus mislead iOS, into thinking the Wi-Fi didn’t exist at all.
As a result, no drivers to support it were loaded, and it couldn’t later be turned on without another reboot, at least in any way they could find.
In other words, externally tweaking various electronic control points allows the wireless components inside the iPhone to be activated and deactivated selectively, as well as to be monitored for unexpected transmits and receives.
(Except for NFC: the authors plan on simply disabling it altogether, on the grounds that front-line journalists are unlikley to need Apple Pay in a hurry.)
The idea is that a tiny screen on the anti-surveillance kit will provide visual feedback of how the wireless hardware inside the phone has behaved, and whether that matches what you’d expect.
Artist’s impression (from the paper)
When can I buy one?
Not any time soon.
It’s just a pipe-dream at the moment, with a basic prototype only expected in the next year.
As the authors admit:
Over the coming year, we hope to prototype and verify the introspection engine’s abilities. As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time.
We couldn’t help noticing that the article wonders aloud about the possibility of adding multi-SIM support, so you can switch providers without fiddling with the hard-to-swap and easy-to-lose nano SIMs used in modern iPhones:
It should be noted that changing SIM cards is no defense against geolocation; the [phone’s unique identifier] remains constant despite the SIM card swap. The SIM card swapping feature is simply a convenience to reporters who need to maintain several numbers or data plans appropriate for multiple regions.
Our advice to Messrs Huang and Snowden: “You’ll have to resist feature creep if you’re going to get anywhere.”