Smartphone security: Software that spies, protects
Software allows 'Joe Sixpack' to do some of the cool, and unsavory, things that cops and spies do
By Tim Dees
Most of us have come to be dependent on our cell phones, not just for telephone communications, but for text messaging, email, web access and the functions the various applications give us.
Most of us assume those communications are secure, but there are products available on the retail consumer market that can both reduce and improve security.
On the slightly scary side is SpyBubble, software that allows Joe Sixpack to do that cool stuff that TV spies and cops do — listen in on all conversations, see text messages, track the location of the phone, and even use the phone as a passive listening device, all with the phone’s owner/user having no clue they’re being monitored.
SpyBubble markets to employers who want to ferret out idlers and thieves and to spouses who doubt the fidelity of their partners, but it could obviously be valuable to the garden variety stalker or generic criminal as well. Retail price of SpyBubble is $149.95, but as I write this you can have your very own copy for the low, low price of $49.95.
Installing SpyBubble isn’t quite as easy as the TV spies make it out to be. You have to do a little more than just get close to the phone and press a key labeled “Force Pairing.”
The software works only on iPhones, and requires “jailbreaking,” a reversible process that frees the phone from the yoke of Apple and permits unapproved software to run. Most people would notice their phone has been jailbroken, even if they didn’t know why it was behaving strangely.
It also requires physical access to the iPhone to install the software, giving you a new reason to never let it leave your person. The next time your significant other complains you never put the thing down, show them this article.
On the other end of the spectrum is Silent Circle. Silent Circle encrypts voice, video, photos, texts and most other transmissions between the source phone and any other Silent Circle subscriber. It isn’t all that easy to eavesdrop on digital communications without either the cooperation of the cellular service carrier or special software like SpyBubble, but Silent Circle would frustrate either approach.
Silent Circle takes advantage of the improved high-speed processors in modern smartphones to encrypt communications on the phone itself, before the data is transmitted. It passes through dedicated Silent Circle servers in Canada before moving on to the intended correspondent.
If the other party in the conversation is also a Silent Circle subscriber, data flowing in the opposite direction is similarly encrypted. Encryption keys are generated on the phones themselves for each conversation and deleted thereafter, so even the Silent Circle folks can’t listen in. It’s as close to bulletproof as security gets these days.
Maybe the NSA can crack it, but no one else is going to.
Silent Circle sounds like a great idea for confidential law enforcement, fire and EMS communications, but it’s a safe bet the bad guys will want it, too. There’s nothing new about encrypted communications, but up until recently the same encryption keys were used for all communications from a sender, not generated uniquely for each message.
If you had access to the saved messages and got the appropriate encryption key, you could decode everything retroactively.
That’s not possible when there’s a new, volatile key for each message.
When encrypted computer files are recovered as evidence, a court can order the owner to divulge the encryption key. The owner has to then decide which he fears more — a contempt citation or the government having access to the data itself (it’s usually the latter). With Silent Circle, there would be no key to give, as it’s destroyed at the end of every transaction.
This is technology that can cut both ways.