Most people are ready to jump on the newest smartphone bandwagon at a drop of a hat, at considerable expense.
Is the latest really the greatest?
What are the hidden 'traps' the user faces?
What are the exploits left open that the manufacturer (deliberately?) doe not tell the end user?
What most people did not know is that by the time Google updated their smartphone operating system, Android, to version 4.0 (Ice Cream Sandwich), where it appeared on Samsung's Galaxy SIII device there were 468 vulnerabilities!
WTF??? !!! ???
Were the programmers on ICE...
or was it a more sinister directive from above?
Would you trust a company the dodges tax to the tune of billions per annum?
Would you trust a company that leaves vulnerabilities (deliberately?) unattended?
Would you trust that company with YOUR data?
See the following article from computerword.com of the headline:
Are your calls being intercepted? 17 fake cell towers discovered in one month.
CryptoPhone users found 17 fake “cell towers”
in a month, but don’t know who deployed them or why. If you think you'd
know if your calls are being intercepted by seeing the phone connect to
"2G," then think again.
You wouldn’t likely know if you are under cell phone surveillance,
but you would if you were about to make a call and your phone displayed
an unencrypted connection warning that states, “Caution: The mobile
network’s standard encryption has been turned off, possibly by a rogue
base station (‘IMSI Catcher’). Unencrypted calls not recommended.”
Through notifications such as that, CryptoPhone users found and
mapped 17 fake “cell towers” in the U.S. during the month of July.
While most phones can’t find those interceptors, a
$3,500
CryptoPhone 500 can. The phone has a Samsung Galaxy SIII body, but
unlike the Android OS that comes standard on the Galaxy SIII and “
leaks
data to parts unknown 80-90 times every hour,”
ESD America hardened the
Android OS by removing 468 vulnerabilities.
“Interceptor use in the U.S. is much higher than people had anticipated,” said Les Goldsmith, the CEO of ESD America. He
told Popular Science,
“One of our customers took a road trip from Florida to North Carolina
and he found eight different interceptors on that trip. We even found
one at South Point Casino in Las Vegas.” He added, “What we find
suspicious is that a lot of these interceptors are right on top of U.S.
military bases. Whose interceptor is it? Who are they, that’s listening
to calls around military bases? The point is: we don’t really know
whose they are.”
Privacy groups have been
fighting unconstitutional stingray surveillance
for several years, yet there's still a great deal citizens don't know
about the portable devices known as IMSI catchers, also known by the
generic term "stingray." It acts like a fake cell tower and tricks your
mobile device into connecting to it even if you are not on a call. It is
used for real time location tracking; some can pinpoint you within two
meters as well as eavesdrop and capture the contents of your
communications.
Goldsmith
conducts testing on his company’s “baseband firewall” while driving by
an unnamed government facility in the Nevada desert that runs an
interceptor. ”As we drove by, the iPhone showed no difference
whatsoever. The Samsung Galaxy S4, the call went from 4G to 3G and back
to 4G. The CryptoPhone lit up like a Christmas tree.”
You
might
know your phone is being intercepted if it shows 2G, instead of 3G or
4G, but some interceptors claim to be “undetectable.” The VME Dominator,
for example, is
marketed
only to government agencies. It promises that it allows “you to
intercept, block, follow, track, record and listen to communications
using unique triangulation and other advanced technology,” but “cannot
be detected. It allows interception of voice and text. It also allows
voice manipulation, up or down channel blocking, text intercept and
modification, calling and sending text on behalf of the user, and
directional finding of a user during random monitoring of calls.”
VME Dominator is not the only 4G interceptor on the market. Martone Radio Technology also advertises
4G interception, and SS8 describes solutions for “Integrating Lawful Intercept into the Next Generation 4G LTE Network” (
pdf).
According to Goldsmith, “If you've been intercepted, in some cases it
might show at the top that you've been forced from 4G down to 2G. But a
decent interceptor won't show that. It'll be set up to show you
[falsely] that you're still on 4G. You'll think that you're on 4G, but
you're actually being forced back to 2G.”
Yet Ars Technica
reported
that law enforcement agencies are trying to come up with the funds to
upgrade their “stingray” cellular surveillance systems before 2G – and
their ability to unconstitutionally spy on people – becomes obsolete.
AT&T, for example, will shut down its 2G network in 2017, but
Verizon’s network will support 2G until the “end of the decade.”
Although
it will be a long time before cell phones no longer support 2G, Johnny
Law is working on upgrading Harris Corporation “Stingray” systems, with
“Hailstorm,” to support 4G LTE interception. The News Tribune in Tacoma
reported
on a March 2014 purchase order from the DEA, which stated, “The
Hailstorm upgrade is necessary for the Stingray system to track 4G LTE
phones.”
According to Ars Technica, the Oakland Police Department,
Fremont Police Department, and the Alameda County District Attorney
joined forces by applying for a DHS grant to pay for the Hailstorm
upgrade. “The entire upgrade will cost $460,000—including $205,000 in
total Homeland Security grant money, and $50,000 from the Oakland Police
Department (OPD).” In theory, more documents are being gathered and
will be released this month by the Alameda County DA's office.
While the FCC seems to have known about cellular network vulnerabilities that stingrays exploit, last month it
established
a “task force” to investigate the “illicit and unauthorized use” use of
stingrays. Instead of investigating law enforcement’s use of such
interceptors, the FCC “plans to study the extent to which criminal gangs
and foreign intelligence services are using the devices against
Americans.” The FCC also
refused the ACLU’s FOIA request for stingray documents.
Meanwhile
innocent Americans may be subjected to the “invasive surveillance
technology” without ever knowing it is happening. ACLU technologist
Christopher Soghoian
said
of stingray surveillance, “They are essentially searching the homes of
innocent Americans to find one phone used by one person. It’s like
they’re kicking down the doors of 50 homes and searching 50 homes
because they don’t know where the bad guy is.”
If the framers of the Constitution could see how technology is being used against us, they would roll over in their graves.
computerworld.com 2 Sep 2014
