On the ubiquity of web-enabled microphones

Let me briefly outline my concerns around the issue of web-enabled microphones in a general way.  We have entered an age where in developed countries, the vast majority of citizens are surrounded by these microphones at all times.  Even in the bedroom now, since the smartphone is becoming the new alarm clock for many.

Bruce Schneier (computer security expert, now also with the EFF) has remarked: “It’s bad civic hygiene to build technologies that could someday be used to facilitate a police state.  No matter what the eavesdroppers and censors say, these systems put us all at greater risk.”

There are two elements of this emerging technology that prompt me to regard this as bad civic hygiene:  the omnipresence of these microphones, and the increasing lack of technological constraint allowing their compromise by state and other actors.

When I say “increasing lack of technological constraint”, I am referring to several things:  the descriptions of actions by agencies such as NSA, GCHQ, and the FBI who are specifically targeting smartphones (e.g. Tailored Access Operations of NSA and Remote Operations Unit of FBI), the exploding grey market for zero-day vulnerabilities dominated by state actors (especially the United States), and the emerging market for contractors who are developing exploits and software tools which enable to these vulnerabilities to be efficiently utilized.  (Vupen in France, Hacking Team in Italy, Endgame Systems in U.S., FinFisher in the U.K., etc.)

Zero-day vulnerabilities are essentially unintentional backdoors that are discovered in various software applications every year by hackers.  There are hundreds of these things discovered every year, and they are an unavoidable by-product of the software development cycle.  They are a special kind of software bug that can permit a third-party who knows about them to take over a person’s device.  Sort of like skeleton keys which allow entry into anyone’s device that happens to use the operating system or application in which the vulnerability is discovered, and they permit various degrees of power over a person’s device.  Programmers create exploits known as “zero-day exploits” to make use of these vulnerabilities.  A market has emerged whereby these exploits are sold to the highest bidders, which, unsurprisingly, happen to be state actors.  An exploit for the iPhone’s iOS was sold for $500,000 at one point to an unknown buyer – the NSA perhaps, but every intelligence agency on the planet is willing to pay top dollar for these things.  Parties are willing to pay much more if it seems the exploit is likely to go undetected for some time and if it provides a lot of power over the device (laptop, smartphone, or tablet).  However, when a vulnerability is discovered “in the wild” and reported to the software company (as should be the case), the value drops to near zero very quickly as the software company develops a “patch” and sends out security updates to consumers.  In any event, the result of these activities over just the past decade is that sophisticated intelligence agencies, and certainly the FBI and NSA, now possess a revolving set of skeleton keys that allow them to reach inside virtually anyone’s device on the planet.  They don’t need a warrant to do this, and they don’t need permission from the telecoms or software companies.  They don’t have to notify any third parties that this is happening.  This is a HUGE amount of power for any state actor to have.

Federal law enforcement agencies like the FBI have been clamoring for mandatory backdoors into all these new web-based technologies, but there are fundamental technical issues with integrating a CALEA-type system with the internet (CALEA = Communications Assistance for Law Enforcement Act of 1994).  Security experts are suggesting that the feds (including domestic agencies like the FBI) develop teams of hackers to perform wiretaps in the future.  They are essentially recommending that the FBI develop their own Tailored Access Operations (an NSA hacking division).  Installing a CALEA-type system will fundamentally weaken the security of the internet for everyone, they claim, and it’s also not very practical because new technologies develop so rapidly.  It will hinder innovation.  (From later note:  we now know the FBI has already developed their own hacking team with the Remote Operations Unit.  Chris Soghoian, principal technologist with the ACLU, discovered the Remote Operations Unit through former contractors’ CVs on LinkedIn and put the pieces together.)

See this paper for background:  https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf

“Going Bright: Wiretapping without Weakening Communications Infrastructure” | Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau | IEEE Security & Privacy 11:1, Jan/Feb 2013

My comments on the authors’ analysis in this paper:  OK, fine, mandatory backdoors are unacceptable.  But if the feds’ teams of hackers develop the power to enact wiretaps and bugs without having to ask for third-party permission, that will facilitate intelligence laundering on a wide scale.  Sure, the information/evidence can’t be presented in court.  But they are more than happy to find other ways to use the information.  Numerous examples of this have cropped up in the past year in the press (e.g. Special Operations Division – a joint operation between DEA, FBI, and NSA – slides were released a few months after Snowden to the press in a leak, but they were not part of the Snowden dump.  Agents are specifically instructed to “recreate” the trail of an investigation to hide the original sources.  They are effectively removing any poisonous taint from illegal surveillance by fabricating an independent source and never revealing the original surveillance.  I believe they are generally handling narcotics cases, and the ACLU and EFF filed an Amicus brief late last year in a case in SF court as a result of the slides, because they suspected illegal surveillance might be taking place and intelligence was being laundered – see United States of America v. Diaz-Rivera – a very recent case, not sure what the outcome was at the suppression hearing.  Google:  Special Operations Division)

In regards to the cell mic->bug method, the power of this method should be obvious when you consider that a huge portion of conversations in the developed world these days takes place within earshot of a web-enabled mic.  True, the technology will probably limit the use of this method to cases of “targeted exploitation” only and it might never be used on a truly massive scale (unless they get their backdoor wish).  But when you read about how exploit management has become automated to the extent of owning thousands of devices at once, it raises serious questions about what “targeted exploitation” even means on a practical level.  See the NSA “TURBINE” program for an example of relatively large-scale automated management of hacked devices via exploits.  I do not find the term “targeted” particularly encouraging in light of their capabilities.

In addition, recent technological advances in the fields of speech transcription (BABEL program at IARPA, GALE at DARPA, MLT from Northrop Grumman (Machine Language Translation), software from Nexidia, a company with DOD contracts, along with programs in high-level semantic analysis from the MITRE corporation “to interpolate what people mean from what people say”) and voiceprint recognition (huge databases being built – much more of a privacy threat in the long term than faceprint recognition, IMO) would facilitate the audio content to be converted to output that resembles a chat log in a process known as speaker diarization.   This log could be analyzed very efficiently with keyword searches and other automated data mining tools that are emerging.  If sections are hard to transcribe, an analyst could fast forward instantly to those sections for closer listening.  So the cost of monitoring hundreds or thousands of hours of voice chatter has come down precipitously and the tools to derive intelligence from it are more powerful than ever.

Ergo, the stage is being set for intimate surveillance of people’s lives not just in cyberspace, but in everyday face-to-face interaction on a relatively large scale that is likely to only increase with time.  Facial recognition in public is nothing compared to this.  The power imbalance enabled by this technology between the authorities and the citizenry is a cause for concern, and the authorities have every motivation to limit the exposure that this method might receive.

The smartphone is God’s gift to Big Brother.  This is clear from both NSA slides and GCHQ slides, which specifically describe copious efforts to hack into and control every single model of smartphone on the market – even relatively obscure models.  Given the capabilities of the smartphone, we might ask what makes it more special than a laptop or home computer in terms of attracting attention from intelligence agencies.  They both contain email and contact information.  But the smartphone has a microphone that is carried with the user everywhere, and it also has a GPS antenna.  This makes it a uniquely powerful source of intelligence on a person far beyond a home computer.  The ability to turn the microphone into a bug is sometimes called a “hot mic” in internal presentations.  A GCHQ slide gave this capability the codename “Nosey Smurf”.

I’ve been tracking mobile device management (smartphone use by employees) at the Pentagon through contractor newsletters, and the solution they are moving towards in terms of protecting data on their employees’ smartphones is to reengineer the kernel to minimize the attack surface.  In other words, they are re-engineering the microchips to try to make them more secure.  There are other companies coming out with secure smartphones for security-conscious people who are not government workers with security clearances — there’s the Privacy Phone from FreedomPop, the Black Phone from Silent Circle, and the Boeing Black smartphone.  The problem with all of these models is that none of them are hack-proof.  Not even the phones from the Pentagon for NSA employees.  It’s impossible with modern software and hardware to KNOW that something is hack-proof.  They all know this very well, but they are just counting on maintaining a strategic edge over their adversaries.  It’s the cyber-arms race.

Turning off a smartphone will not necessarily prevent it from being surveilled.  You cannot know if it is actually ever off.  There has been a lot of discussion about this online.  You may not have caught this detail, but when journalists first went to visit Snowden in Hong Kong, he asked everyone to put their phones in the freezer before he started talking.  Some activists (for example the Occupy crowd) were known to be taking the batteries out of their phones.  This would do the trick, but it’s kind of a pain in the ass.

So I’m proposing a solution which is relatively simple, 100% hack-proof, and effectively neutralizes billions of dollars worth of surveillance equipment.  It’s just an off-switch for the microphone.  It disconnects the circuit.  Voila.  You cannot break the laws of physics.  You cannot access something from the web which has been removed completely off the web.  I know enough to know that I will never catch up with these hackers, so let’s forget about all that shit and step completely outside of the cyber-arms race for all time.  I’m actually quite dumbfounded that nobody is suggesting making a product with this feature.  However, I also think it would be handy for many people to be able to neutralize the GPS-tracking.  So I think an off-switch that had three positions would be ideal.  First position: normal.  Second position: microphone is cut off, but the antennas still are functioning to remain online, receive calls, texts, or emails.  This would be handy for activists, journalists, dissidents, etc. who don’t want to have to take the batteries out of their phones every time they get together in social situations.  Third position:  antennas are cut off along with the mic.  This neutralizes location tracking as well.  Three positions might be confusing to folks at first (?) but I think the utility would become evident.  Mic off but still online allows people to remain receptive to calls and emails.  Jacob Appelbaum (hacktivist in Germany – has access to Snowden files along with Laura Poitras) is always recommending to people to leave their phones at home.  I understand where he’s coming from and I’m 100% with him as far as cause for concern goes, but… good luck in convincing people to actually do that.   I think the switch should be physical in nature, because any software-based system could be vulnerable, and a phone with a physical switch could be opened up for examination by Gizmodo or the EFF.

A friend suggested that a 3-way off switch might possess enough novelty to warrant a patent.  I have no idea.  I hope that it’s not actually patentable, because I just want to see that a product like this is made, but I actually have some concerns because of my situation that the government would take my idea and give it to a contractor, or patent it themselves and sit on the patent.  Yes, I think it would be valuable enough to them for them to consider doing something like that, based on everything I’ve read about their interest in smartphones.  And the NSA’s attitude is that they are willing to sacrifice computer security in general for everyone around the globe so long as they feel they are maintaining a _strategic edge_ over their adversaries.  So something that would neutralize the playing field for everyone is not what they would consider to be in their best interest.  It _is_ in the best interest of the citizens however who have natural and healthy privacy interests, I feel strongly, because if these agencies are permitted, they will start recording every face-to-face conversation on the planet and screening the conversations in the same way they do with email now.  They don’t have to necessarily record the audio either, as that would take up huge amounts of memory.  The default mode would probably use transcription to go straight from voice to text.  Then for higher-value targets, the audio content might also be saved.

And all intelligence agencies around the globe will desire to keep this a secret for as long as possible.  This level of power would have been unimaginable a decade ago, but it is probably not even a decade off at this point.

I believe there would be an instant global market for a smartphone that had this feature.  It would be potentially be upsetting to many intelligence agencies, however, who have invested billions in location tracking alone.  And once a product like this is produced, there’s no way for them to get around it.  It’s physics at that point – not computer science.  People just have to be mindful to use the switch.

Then there are still the microphones on our laptops and perhaps appliances in the future in the coming “internet of things”.  One thing at a time, I guess.

Borrowing Schneier’s phrase, there is some very poor civic hygiene unfolding.  I’d like to see this addressed, and I think now might be a decent time when there is a lot of public concern.  Before complacency sets in again.

Standard

6 thoughts on “On the ubiquity of web-enabled microphones

  1. I have contacted the creators of the Purism Librem 15 (“free/libre software laptop”) recently, to suggest that they use mechanical switches to cut off peripherals for this exact reason, and was told that they were considering it and trying to work it into their design.

    People are definitely thinking about it, it’s just not there yet. In order to get such mechanical switches, projects like the Librem simply need more financial backing and more feedback of this nature. The same would apply to a smartphone with a similar model.

    Like

  2. I have actually modified a couple of my mobile phones with simple inline on/off switches to physically turn off the microphone. I was able to find the switches on the internet, I actually bought several different switches , all quite small but with different ways that they mount and so fourth just to kinda experiment with. The phones that I did this to, the internal microphones were not directly mounted on the circuit board and all that was necessary was to cut the positive wire that ran from the board to the mic about midway and insert the switch bridging wire. On one phone the switch had to be mounted to the exterior of the phone, the other I was able to cut a slot out of the shell of the phone and mount the switch to the inside of the shell with the slider sticking through the slot so it could be accessed.

    This mod worked well enough, and I was able to do this to the camera on one of the phones also. But with many phones, the internal mic is soldered directly to the printed circuit board, so in those cases desoldering the mic from the board is going to be necessary. Then you would solder two wires where the microphones positive and negative contacts were soldered to on the PCB. Then you would place the switch on the positive wire same as before, then solder the positive and negative wires to the leads on the mic and super glue the mic back in the place it was. The leads from the mic may need to be bent to the sides in order to get the mic to lay flush. I haven’t actually done this but this is how I would do it.

    Another and more practical issue with doing this is the phones are becoming more and more difficult to get into, and they cram so much stuff into such a little space. And while I think that where there is a will there is a way, I doubt that you will find a phone with any extra room anywhere inside to mount the switches, so external mounting is almost an absolute. Though I admit I haven’t really peaked at the guts of any of the latest hand-helds, the slim profile they all seem to sport is almost a guarantee this will be the case.
    PART 2

    Now as much as I would like to see a manufacturer build these features into the phone, and I love the idea that it would basically render a significant amount of the Intel agencies snooping equipment obsolete, costing them loads of money. (Although that money would be recouped either with more of our tax money or by some other and likely despicable covert operation, so maybe not) I just don’t see manufacturers that produce phones for the U.S. market making such a bold move, I really don’t think they care if the NSA is spying on everyone in the damn world, and doing so via phones they manufacture even. Even if someone were to present the manufacturer with a risk free roll-out model with insane sales projections and guaranteed earnings, I see the manufacturer instead colluding with the other manufacturers to not produce such a phone.

    And although I’m sure finding a manufacturer up for the task in China is wouldn’t be difficult, and it may even be possible for a group of investors to put together a new company and produce the phone in the U.S., either way the phone will never make it to market in the U.S. If there isn’t already an existing piece of legislation in one of the Telecom Acts or an FCC policy that prohibits manufacturers from making such phones available to customers in the U.S., it wouldn’t take long for Congress to all of the sudden “find common ground” and create one.

    Lots of stuff sold in the United States has to have various additional components or include or exclude features, none of which the manufacturer does to the same product sold elsewhere in the world. An example would be import cars and trucks exhaust systems contain extra sensors and a catalytic convertor or possibly other components that are not installed on the same vehicles sold in the countries where they are made.

    What’s worse is that I see Congress writing a new law in a way that wouldn’t address whether or not phones with hard on/off mechanisms for the mic or GPS could be sold in the U.S.. I see them writing the law to require phones to have alternate versions of these components be included in the phones design that are only accessible remotely. The manufacturer would be provided legal immunities from civil suites or criminal charges resulting from the manufacturers compliance. By Congress doing it this way they give the manufacturer an avenue for some risk free fraud, because they could then manufacture a phone that complies with the new law and has the physical on/off features as discussed, and could be marketed as a “secure mobile deice”. Same could be done with regard to laptops, desktops, netbooks, etc. etc.

    Every residential and small business broadband modem in the western world, if not the whole world has a built in, and totally discreet mirrored network that goes directly to the NSA or NSA foreign equivalent for the regions other than the U.S. So having manufacturers do such things is no problem at all, apparently.

    A new manufacturer couldn’t take on the U.S. government , it would be denied access to the market, end of story. An existing giant would be the only entity capable of taking on the government. And that would require a savvy marketing and public awareness campaigns to not just win but dominate in the court of public opinion. Add to that the aggressive legal strategy that has to be effective offensively, but has to be ready to stop the government from dragging the case out for years, killing public awareness. Realistically, bribing politicians and agents of the government will probably be required at some level. And this has to be done while maintaining sales and marketing new products as well. Not impossible, but not going to happen. The potential benefits don’t outweigh the risks. The benefits to mankind would be immense, but corporations think like psychopaths, not super heroes.

    Like

  3. I received an anonymous email from an individual who provides this suggestion:

    “Consider that, traditionally, many “phone plug” style jack connectors included an internal mechanical microswitch. This switch would typically automate the cutover of input or output from a built-in device to the external device. For example, a ghetto blaster with a headphone jack would disable the internal speakers when headphones were connected. Unfortunately this type of jack is not used in (most?) mobile devices, as evidenced by API documentation for audio input source selection. This type of jack, with the microswitch wired to electrically disconnect the built-in microphone, would accomplish your goals without the need to incorporate an additional external interface element. To disable the built-in microphone, the user would simply insert a dummy plastic phone plug into the jack, activating the microswitch. A mandate to employ microswitches into the headset jacks of mobile devices could easily pass in the EU.”

    Like

  4. Jesse Kane says:

    ” Security experts are suggesting that the feds (including domestic agencies like the FBI) develop teams of hackers to perform wiretaps in the future.”

    I think electronic surveillance of every kind will eventually be outsourced to 3rd party private firms, which is par for everything the government does these days. In fact it’s already happening, the link below is to a company out of Colorado (Denver Area) called Subsentio, they work for state and federal agencies like the FBI and also with communications or internet service providers, conducting the actual wiretapping for law enforcement agencies . They also provide consulting services to Comm and Net service providers, advising companies on CALEA compliance, implementation, and they perform on-site evaluations to verify a company is meeting all of the CALEA requirements.They have a pretty good collection of CALEA related information and documentation. After reading through their corporate news section and government blog, I get the impression that Subsentio is lobbying hard for an updated CALEA act to be passed by Congress that covers the new and emerging technologies and enforces service provider compliance through specific actions, like mandatory certification requirements, and enlisting 3rd party certifying entities to carry out such a mandate.

    The company makes my skin crawl. They do have an abundance of useful information throughout their website though.
    http://www.subsentio.com/live/
    http://www.subsentio.com/live/news
    http://www.subsentio.com/live/regulatory/joels-blog-time/
    http://www.subsentio.com/live/regulatory/white-papers/

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s