Do you know what the average Joe, a geek, a businessman, a criminal and the US president have in common? Well, in 2016, they all want nice smartphones. However, they aren't equally paranoid so they eventually end up with different devices. But what if I told you they should be?...
Today, smartphones are like food - everyone needs them daily and wants the best. Yet, not everyone can afford the highest quality and sometimes it can be so bad it's life-threatening. Our beloved smart mobile devices could be as harmful as that McDonald's pink slime. However, most people ignore the hazards and consume in a way that's likely to soon get them in dire straits.
With mobile devices being so addictive and necessary today, it's no wonder they have also become a primary target. Cybercriminals, governments, agencies, competitors, rivals and even your boyfriend or girlfriend want to secretly have access to your smartphone and tablet. It's like if you ask them, privacy is totally overrated.
On top of that, laws are absolutely unable to keep up with the galloping technological progress of our age, which leaves people even more exposed to privacy and security violations.
Luckily, today it is almost a norm that new versions of operating systems, both for mobile devices and PCs, offer encryption by default. This automatically makes mobile communication more secure than ever.
However, normal mobile devices are still very vulnerable, as we all know, with all these apps, access to the Internet and amazingly careless users. And their massive popularity only makes them as attractive to hackers, criminals, spies, law enforcement, government agencies, etc. as gold coins are to Scrooge McDuck.
Carriers + governments = BFF
Many people already know (but forget) that carriers are able to record all baseband traffic, which they do, constantly, because local governments can request these recordings or even actively listen in to calls.
Texts and other messages can also be recorded and monitored, metadata is tracked as well. Even pin-to-pin messages through BlackBerry, supposedly more secure, can be made available not only to the government, but to administrative-level users of your corporate server, through the BES server.
So if you are looking for true security and privacy, go for end-to-end encryption in your entire communication and avoid cellular calling in favour of voice over IP (VoIP).
Environmental listening via mobile devices
Mobile devices are subject to environmental listening devices designed to capture the surrounding conversations in a particular location. But a mobile device can actually become one. As early as 2006, the FBI had the technology to remotely activate cellphones, and use them to listen in on a target's surroundings.
In many cases, installing spying software does not require physical access to the device. There are still ways to do so today, but for the most part, you are more likely at risk if your phone ends up in an adversary's hands, even for a short time. If your phone is taken, or lost for even for a short period, it's a good idea to wipe it, just to be on the safe side.
Malware can do more than simply turn your phone into an ambient microphone. Your camera can be activated, your keystrokes can be logged, and more.
It is important to know that much of this can be done even while your phone appears to be asleep or offline. In an age when nearly everything is accessed by your phone, including bank accounts, you cannot be too careful...
So if you need a contemporary phone for sensitive communication and storing important data, look for a special-purpose secure mobile device that makes no compromise in protection and privacy but still remains very user-friendly and useful in terms of actually doing business with it.
You can run but you can't escape tracking
It is well known that your smartphone can report your location through various apps, notably social networks and, of course, navigation services. If you have given the permission to any of your apps to be location aware, your phone can likely be used to trace you in real time, and the agency, organization or person in question will not have to work very hard to do so.
Even if your apps are not allowed access to your location, it is possible for carriers, and by extension the government, to triangulate your position and movement via cell towers.
It's no longer secure enough to turn off your device once you've arrived at a meeting. If your phone was active during your trip, then your whereabouts will be known. The moment you and a partner activate a phone in the same place at the same time, your meeting place is essentially blown for future use.
Knock, knock! Who's there? Silent SMS.
Silent SMS is a hidden text that can be sent to any connected mobile phone without requiring any user action or otherwise alerting the unsuspecting device holder.
Every mobile operator uses them to send settings and instructions to newly registered mobile devices.
However, silent texts could also be used as an attack vector. Such an SMS could transmit specific instructions or a little piece of malware for purposes like phone hacking, location tracking, etc.
IMSI coming to catch you
IMSI stands for international mobile subscriber identity. It is an identifying number assigned to your phone which carries over through carrier changes, address change, change of SIM card, etc. The IMSI number is associated with carrier registries and all the identifying information provided to your carrier.
IMSI catchers are fake cell towers able to fool cellphones within a certain range to connect to them rather than to a real cell tower. It does so by fooling the phone into thinking it has the strongest signal.
Since the encryption level of communication is chosen by the base station, not the phone, these devices are able to downgrade your network type in order to lessen or remove encryption and thus spy on phone calls and texts. It can also be used to inject malware.
IMSI catchers can typically be found in the trunk of some police cars or in riot surveillance vehicles. Smaller IMSI catchers could even be placed onto drones or other small aircraft to sweep targeted areas. New mobile models have also emerged.
The biggest problem with IMSI catchers is that they act like mass bombing, affecting the bad guys and civiliansalike. In other words, law enforcement can gather data from large numbers of people simultaneously, often without a warrant, and with limited oversight into what is done with the gathered information.
In addition, this technology is already accessible by criminals, meaning that we could soon see more privacy violations and malware attacks from criminal enterprise alongside government surveillance.
Malware and other viral threats are a problem common to mobile devices and PCs alike. To make things worse, they are often combined with the other methods above because of the ways in which they can be injected into mobile devices to compromise them.
For the most part, safe computing and best mobile practices can guard against the majority of these issues. However, if combined with devices like IMSI catchers or social engineering practices, they can be a huge threat to privacy and security, even without risky apps and browsing.
As you can see, the privacy concerns of the world at large are growing day by day, with new threats consistently emerging. It's important to stay abreast of these technological advancements and their implications towards invasion of our personal lives.
The opportunity for abuse of technological means to bypass our rights to privacy is far outpacing the court's ability to protect it. Until sufficient pressure is applied, we can all soon expect our lives to be subject to unwanted scrutiny...
Ready for part 2? It's on environmental surveillance and it's about just as troubling...