You might have thought that renowned whistleblower Edward Snowden was just paranoid when he mentioned that the NSA could use your mobile phone as a bug even once you have “turned it off” in last week’s interview with NBC’s Brian Williams.
“Turned it off” being placed in quotation marks because after an evaluation of the claim by Wired, top hackers have concluded that malware installed by the agency could force your phone to “play dead”, while still keeping tabs on you.
“Like any magic trick, the most plausible method of eavesdropping through a switched-off phone starts with an illusion,” wrote the magazine, adding that phones can be made to enter a low-power mode that kills all other functions, but still pumps juice to the phone’s baseband chip— which communicates with the cell phone carrier, and thus the NSA.
“The screen would look black and nothing would happen if you pressed buttons,” Erin McDonald, a hardware engineer who is also a member of Evad3rs, an iPhone hacking group that makes jailbreaks for iPhones told Wired. “But it’s conceivable that the baseband is still on, or turns on periodically. And it would be very difficult to know whether the phone has been compromised.”
Recent revelations from journalist Glenn Greenwald have shown that this scenario might not be as far fetched as it may seem. A 2010 NSA internal newsletter that he released details the fact that the NSA has indeed intercepted shipments of communications devices in order to ostensibly install this exact kind of malware.
“Here’s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices,” an NSA manager wrote in the newsletter. “These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.”
Well, that is disturbing. So how would you avoid government snooping from your dead cell phone which might not be that dead after all?
One option, according to the Wired article, is to put your phone into device firmware upgrade (DFU) mode, described as “a kind of ‘panic’ state designed to let the phone reinstall its firmware or recover from repeated operating system crashes.” This shuts down all elements of the phone except for the USB port.
Here’s a quick primer on how to do that:
Another way to enter the mode for an iPhone is to just hold the home and the power buttons simultaneously for about 10 seconds, and it should do the trick. But the hackers that Wired spoke to mention that if you mess up the timing of this method, there could be the tiny smidgen of a chance that malware could still be able to take over.
As such, the button sequence mentioned in the video above is a fool-proof way to ensure that big brother isn’t keeping tabs on your “dead” phone.
Beyond that point, if you are still freaking out about the potential snooping, it could be possible that just leaving you phone at home or in a fridge (as Edward Snowden does) could do the trick. Or, you could just buy an Android or some kind of phone that allows you to take out the battery and —wham! Problem solved. Say— why do so few phones let you just take out the battery, anyways?
Daniel Rivero is a producer/reporter for Fusion who focuses on police and justice issues. He also skateboards, does a bunch of arts related things on his off time, and likes Cuban coffee.