Ed Snowden And Bunnie Huang Design Phone Case To Warn You If Your Phone Is Compromised

from the busy-day dept

Bunnie Huang is having quite a day -- and it's a day the US government perhaps isn't too happy about. Huang has worked on a number of interesting projects over the years from hacking the Xbox over a dozen years ago to highlighting innovation happening without patents in China. This morning we wrote about him suing the US government over Section 1201 of the DMCA. And now he's teamed up with Ed Snowden (you've heard of him) to design a device to warn you if your phone's radios are broadcasting without your consent. Basically, they're noting that your standard software based controls (i.e., turning on "airplane mode") can be circumvented by, say, spies or hackers. But their tool is designed to actually determine if the radios are broadcasting for real:
The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.
They've published a paper describing the product and it's a good read.
Front-line journalists risk their lives to report from conflict regions. Casting a spotlight on atrocities, their updates can alter the tides of war and outcomes of elections. As a result, front-line journalists are high-value targets, and their enemies will spare no expense to silence them. In the past decade, hundreds of journalists have been captured, tortured and killed. These journalists have been reporting in conflict zones, such as Iraq and Syria, or in regions of political instability, such as the Philippines, Mexico, and Somalia.

Unfortunately, journalists can be betrayed by their own tools. Their smartphones, an essential tool for communicating with sources and the outside world–as well as for taking photos and authoring articles–are also the perfect tracking device. Legal barriers barring the access to unwitting phone transmissions are failing because of the precedent set by the US’s “third-party doctrine,” which holds that metadata on such signals enjoys no legal protection. As a result, governments and powerful political institutions are gaining access to comprehensive records of phone emissions unwittingly broadcast by device owners. This leaves journalists, activists, and rights workers in a position of vulnerability. Reporter Marie Colvin’s 2012 death is a tragic reminder of how real this vulnerability can be. A lawsuit against the Syrian government filed in 2016 alleges she was deliberately targeted and killed by Syrian government artillery fire. The lawsuit describes how her location was discovered in part through the use of intercept devices that monitored satellite-dish and cellphone communications.
Of course, at this point, all that exists is the paper explaining how this will work. They haven't yet built the actual system. But given Huang's history of hardware hacking and his relationships in Shenzhen, it seems likely that he could get it made pretty quickly if there was demand.
Huang, who lives in Singapore but travels monthly to meet with hardware manufacturers in Shenzhen, says that the skills to create and install their hardware add-on are commonplace in mainland China’s thriving iPhone repair and modification markets. “This is definitely something where, if you’re the New York Times and you want to have a pool of four or five of these iPhones and you have a few hundred extra dollars to spent on them, we could do that.” says Huang. “The average [DIY enthusiast] in America would think this is pretty fucking crazy. The average guy who does iPhone modifications in China would see this and think it’s not a problem.”
Again, who knows if people will actually end up using this, but it's still good to see solutions like this being explored and tested.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    John Fenderson (profile), 21 Jul 2016 @ 2:58pm

    I must not be average

    "The average [DIY enthusiast] in America would think this is pretty fucking crazy."

    I must not be average, because this doesn't sound crazy at all. I know a few people who do this sort of thing, and while I haven't modded my phone (yet!), I certainly could.

    reply to this | link to this | view in chronology ]

    • identicon
      Rana, 22 Jul 2016 @ 10:30am

      Re: I must not be average

      What? Don't you know that when you do something for yourself you're "stealing" someone else's "expected profits"? Bad person!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jul 2016 @ 3:29pm

    Bunnie Huang is the next Kim DotCom

    as far as the US government (DOJ) is concerned. How quickly will he be raied and extradition proceedings started against him, eh.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 21 Jul 2016 @ 3:32pm

    Does anyone remember the phone charms that would flash if your phone was ringing?

    I'd like a phone charm that flashed on detection of radio output.

    Amusingly, Robocop 2014 features a moment where a bad-guy is located by an unprotected phone in use (via 3rd party doctrine or dubious search) but we're supposed to cheer it on because Alex Murphy is good and the phone is owned by the henchman of an arms dealer.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Jul 2016 @ 3:50pm

      Re: Does anyone remember the phone charms that would flash if your phone was ringing?

      A hobby project I'm working on right now will react to cell phone, wifi, and bluetooth radio signals that are nearby (to allow an illuminated art piece to change its output according to events such as a cell phone ringing, etc.)

      It might be possible to scale this down to something that could fit in a key fob.

      Hmmm...

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Jul 2016 @ 4:19pm

        Re: Re: Does anyone remember the phone charms that would flash if your phone was ringing?

        The "wifi-allergic" would buy a device like this in a heartbeat (nevermind that it likely emits signals in the process of receiving them - they don't care about the details).

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 21 Jul 2016 @ 9:20pm

          Re: Re: Re: Does anyone remember the phone charms that would flash if your phone was ringing?

          About ten years ago, I did own a largish key fob device that would display the strength of Wifi signals it was near. I think I picked it up for about $10 at some bodega somewhere. But it would only react to Wifi, not cell or bluetooth.

          reply to this | link to this | view in chronology ]

      • identicon
        I.T. Guy, 22 Jul 2016 @ 7:11am

        Re: Re: Does anyone remember the phone charms that would flash if your phone was ringing?

        "to allow an illuminated art piece to change its output according to events such as a cell phone ringing, etc."

        Better get running to the local patent office first. Sadly.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 22 Jul 2016 @ 7:58am

          Re: Re: Re: Does anyone remember the phone charms that would flash if your phone was ringing?

          Why for?

          I have no interest in getting a patent of something I think shouldn't be patentable (like this), and even if an aspect of this is already patented, the nature of this particular project is such that I wouldn't be in violation of it anyway.

          reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 21 Jul 2016 @ 4:44pm

    With a $40 Raspberry Pi and a $10 TV dongle from Amazon you can build your own SDR-based spectrum analyzer for under 100 bucks.

    I haven't played with my setup much but it can definitely see my phone talking to the tower. Mostly I just use it for the "most complicated way possible to listen to FM radio."

    reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 21 Jul 2016 @ 4:47pm

    Great, but...

    ...this isn't how it's done. Data can be (and is) exfiltrated while the phone is transmitting normally, just by embedding it in other data. There's zero need for an adversary to activate the transmitter at other times. And as the volume of "normal" data steadily increases, the ability of adversaries to conceal clandestine data in it with low probability of detection also increases.

    reply to this | link to this | view in chronology ]

    • identicon
      Pixelation, 21 Jul 2016 @ 8:43pm

      Re: Great, but...

      "Data can be (and is) exfiltrated while the phone is transmitting normally,"

      When someone turns their phone off most assume they can't be heard or tracked. It sure would be handy to know your phone was still transmitting. What happens when this ends up getting used by stalkers?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Jul 2016 @ 1:48am

      Re: Great, but...

      The problem being solved is not exfiltration of data, but rather the phone being turned into a tracking device, even when its radios are supposedly switched off, as tracking a is only possible if it is transmitting. Note, the phone does not transit its location, but rather it is located through the receiver that can see it to allow its position to be triangulated..

      reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 21 Jul 2016 @ 4:53pm

    Options

    Wouldn't a Faraday bag be just as effective. Unless your making a call of course. To view documents, you might want to be in a Faraday room, or tent maybe.

    reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 22 Jul 2016 @ 2:39am

      Re: Options

      Stopping it from happening might be a bit safer than potentially finding out it is happening. The informative nature of Huang's hack is still useful, but yeah, journalists in fear of their lives may want to simply grab a Faraday wallet or bag that would cover the phone.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Jul 2016 @ 4:41am

      Re: Options

      That makes videoing or photographing what is happening with a phone a little difficult, and kinda defeats the purpose of being a reporter. As using an actual camera these days makes a person stand out, reporters may well prefer to use their phones instead of a camera.

      reply to this | link to this | view in chronology ]

    • identicon
      WP, 7 Aug 2016 @ 12:59pm

      Re: Options

      A Faraday cage is useless.

      Easy test: place your phone in a cage and dial its number.
      A Faraday cage that should be perfect:
      A microwave!
      A microwave works at 2.4Ghz
      it is build as being a faraday cage by design.
      (make sure it is plugges in and earthed for having a nicely grounded Faraday cage)

      Now the real surprice, the phone IN the Faraday cage will ring!. How can that be? It is within a grounded cage, far away from a cell tower. And still it rings! :-D

      Have fun...

      reply to this | link to this | view in chronology ]

  • icon
    Whatever (profile), 21 Jul 2016 @ 9:37pm

    I could design one too.

    All you need is a case, and LED, and a battery. As soon as the case is on the phone, turn on the LED. It would be right probably 99% of the time.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Jul 2016 @ 3:12am

    Marketing

    If you want to stop the phone being used to track you, why buy an expensive phone cover, why not just pull out the battery and drop both phone and battery into a Faraday bag.

    (some state actors have put extra surprises in phones. A certain middle-east state with a mediterranian coast).

    I think the fob would be better, It would tell you if your travelling companions were comprimized.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Jul 2016 @ 3:53am

    Trust

    So I get some engineer in Shenzhen to install an anti-bugging device in my phone. That seems safe.

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 22 Jul 2016 @ 7:14am

    If it does come to market

    I will buy one... and I dont even own an iPhone. ;)

    reply to this | link to this | view in chronology ]

  • icon
    Stretch1931 (profile), 22 Jul 2016 @ 11:54am

    Aluminum Foil Hat Conversation

    I understand the concern with knowing if someone is tapping your wireless signals, but what about the possibility that they can simply track and listen to you through the cell towers themselves? This is a known issue, since they're using legacy technology (common denominator) to process billing across networks. And it's this method that they can listen to your conversation and locate your whereabouts (by cell tower triangulation). So unless EVERYTHING is off, you can still be found. And if someone was really nefarious, they could simply know what cell tower you're at, and enable other non-protected phones in the same vicinity to listen to your conversations.

    So you'd pretty much have to live in a cave (without cell reception or GPS) to avoid anyone from snooping.

    reply to this | link to this | view in chronology ]

  • identicon
    Ac, 26 Jul 2016 @ 12:19pm

    Keyless Fob Fataday bag

    For a little more than $17, you can buy a padded nylon "Fob Keeyper" which is a Faraday bag for your cars keyless entry key fob. https://www.amazon.com/gp/aw/d/B01FYVWVX8?pc_redir=T1

    reply to this | link to this | view in chronology ]

  • identicon
    sam, 27 Jul 2016 @ 3:06am

    Interesting

    That would be a great case.

    reply to this | link to this | view in chronology ]

  • icon
    opanco (profile), 28 Jul 2016 @ 3:55pm

    Waiting in line...

    I will certainly purchase one for myself, and those who I work with. I suspect that this type of abuse is more widespread than anyone could imagine.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.