Snowden : Smartphones Can Be Remotely Controlled

Uploaded on 2015-10-08 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Smartphone users can do "very little" to stop security services getting "total control" over their devices, US whistleblower Edward Snowden has said.

The former intelligence contractor told the BBC's Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners' knowledge.

Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in. The UK government declined to comment.

Edward Snowden says government phone-hacking capabilities were "named after Smurfs" Mr Snowden spoke to Panorama in Moscow, where he fled in 2013 after leaking to the media details of extensive internet and phone surveillance by his former employer, the US National Security Agency (NSA).

He did not suggest that either GCHQ or the NSA were interested in mass-monitoring of citizens' private communications but said both agencies had invested heavily in technology allowing them to hack smartphones. "They want to own your phone instead of you," he said.

Mr Snowden talked about GCHQ's "Smurf Suite", a collection of secret intercept capabilities individually named after the little blue imps of Belgian cartoon fame. "Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing," he said.

"Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on.

"Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers."

Mr Snowden also referred to a tool known as Paranoid Smurf. "It's a self-protection tool that's used to armour [GCHQ's] manipulation of your phone. For example, if you wanted to take the phone in to get it serviced because you saw something strange going on or you suspected something was wrong, it makes it much more difficult for any technician to realise that anything's gone amiss."

Once GCHQ had gained access to a user's handset, Mr Snowden said the agency would be able to see "who you call, what you've texted, the things you've browsed, the list of your contacts, the places you've been, the wireless networks that your phone is associated with. "And they can do much more. They can photograph you".

Mr Snowden also explained that the SMS message sent by the agency to gain access to the phone would pass unnoticed by the handset's owner.
"It's called an 'exploit'," he said. "That's a specially crafted message that's texted to your number like any other text message but when it arrives at your phone it's hidden from you. It doesn't display. You paid for it [the phone] but whoever controls the software owns the phone."
Image copyright

Describing the relationship between GCHQ and its US counterpart, he said: "GCHQ is to all intents and purposes a subsidiary of the NSA. "They, the NSA, provide technology, they provide tasking and direction as to what they, GCHQ, should go after." The NSA is understood to have a similar programme to the Smurf Suite used by GCHQ on which it is reported to have spent $1bn in response to terrorists' increasing use of smartphones.

Mr Snowden said the agencies were targeting those suspected of involvement in terrorism or other serious crimes such as pedophilia "but to find out who those targets are they've got to collect mass data".

"They say, and in many cases this is true, that they're not going to read your email, for example, but they can and if they did you would never know," he said.

In a statement, a spokesperson for the UK government said: "It is long-standing policy that we do not comment on intelligence matters.
"All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."

The government believes Mr Snowden has caused great damage to the intelligence agencies' ability to counter threats to national security.
Mr Snowden maintains he has acted in the public interest on the grounds that the surveillance activities revealed in the thousands of documents he leaked are carried out - in his words - "without our knowledge, without our consent and without any sort of democratic participation".

US has not offered Snowden a plea deal

Snowden says he has offered to do time in prison as part of a deal to return to US, but ‘we are still waiting for them to call us back’

Snowden, who is wanted under the Espionage Act after leaking tens of thousands of top secret documents, said he had offered to do time in prison as part of a deal. The US justice department has made no effort to contact Edward Snowden to discuss a plea deal that would see him return from exile in Russia, the NSA whistleblower said in an interview on BBC Panorama.

Snowden, who is wanted under the Espionage Act after leaking tens of thousands of top secret documents, said he had offered to do time in prison as part of a deal. “We are still waiting for them to call us back,” he said.
His comments come just months after Eric Holder, who was US Attorney-General until April, said Snowden’s revelations had “spurred a necessary debate”. He also said the “possibility exists” of a plea deal.
But senior figures in the security services in both the US and UK are unforgiving, wanting him to serve a long sentence both as punishment and to act as a deterrent to others.

Former head of the NSA Michael Hayden, asked by Panorama what would happen to Snowden, said: “If you’re asking me my opinion, he’s going to die in Moscow. He’s not coming home.”

Snowden, in his first interview with the BBC since he disclosed the documents two years ago, said: “I’ve volunteered to go to prison with the government many times. What I won’t do is I won’t serve as a deterrent to people trying to do the right thing in difficult situations.”

BBC: http://bbc.in/1FSGiy5
Guardian: http://bit.ly/1hsorCH

« The Rules of Cyberspace Just Got A Bit Clearer
Safe Harbour No More. Facebook Data Transfer Deal Is Ruled Invalid »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Octopus Cybersecurity

Octopus Cybersecurity

Octopus VAR is a Validation, Analysis and Reporting tool that gives risk managers and CISOs a powerful control mechanism and a deep view of operational risks.