During the BBC’s Panorama series “Edward Snowden: Spies and the Law,” which is not viewable per se from the US, Snowden discussed how intelligence agencies “want to own your phone instead of you.” The topic of hacking smartphones for surveillance starts about nine minutes into the interview, as Snowden revealed the GCHQ’s “Smurf Suite.”
“Dreamy Smurf is the power management tool,” explained Snowden, “which means turning your phone on or off without you knowing.” Yes, it can control the power even if your phone is off.
“Nosey Smurf is the hot-miccing tool. So, for example, if it’s in your pocket they can turn the microphone on and listen to everything that’s going on around you.” Yes, “even if your phone is switched off because they’ve got the other tools for turning it on.”
Tracker Smurf is “a geolocation tool which allows them to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.”
The BBC reported on another tool dubbed “Paranoid Smurf,” which helps the GCHQ spyware stay hidden. Snowden described Paranoid Smurf as “a self-protection tool that's used to armor [GCHQ's] manipulation of your phone. For example, if you wanted to take the phone in to get it serviced because you saw something strange going on, or you suspected something was wrong, it makes it much more difficult for any technician to realize that anything's gone amiss.”
Once infected, the government sees “who you call, what you've texted, the things you've browsed, the list of your contacts, the places you've been, the wireless networks that your phone is associated with. And they can do much more. They can photograph you.”
A phone can be infected with one hidden text message that the victim never sees displayed. Snowden said, “You paid for it [your phone], but whoever controls the software owns the phone.”
It’s far from the only one-text-to-pwn-your-phone exploit, as was most recently seen on Android, putting millions of users at risk. StageFright required a target’s mobile number to deliver the specially crafted MMS. Zimperium reported, “A fully weaponized successful attack could even delete the message before you see it.” StageFright 2.0 brought about pwnage via “specially crafted MP3 audio or MP4 video files.” Google issued over-the-air patches to Nexus devices yesterday.
The Independent reminded readers of when Snowden’s attorney said Snowden “doesn’t use an iPhone because it ‘has special software that can activate itself without the owner having to press a button and gather information about him, that’s why on security grounds he refused to have this phone’.”
The NSA ANT catalog showed the agency's arsenal of tools to intercept communications; at Chaos Club conference 30c3, Jacob Applebaum discussed the NSA’s use of a “DROPOUT JEEP” software implant which gave NSA spooks access to an iPhone’s camera, mic, SMS, contacts, voicemail, geolocation, cell tower location and more. Documentation for FinSpy (pdf) Mobile 4.51 (pdf) noted the spyware worked only on jailbroken iPhones.
Snowden on encryption
Snowden also discussed encryption during the BBC interview. Despite all the government’s brouhaha, he said encryption would be a problem for the government “only if they want to collect it on an indiscriminate basis."
"Governments, as we’ve discussed in context of iPhones and other devices, retain an ability to compromise targeted devices, an individual, anytime they want.”
When asked about his thoughts on how realistic it is for companies to give the government a backdoor, a “key” to unlock encryption, Snowden said, “The scientific community has arrived at a consensus that it simply cannot be done in a safe and secure way.”
Snowden willing to go to prison to come home
“Of course” Snowden is willing to agree to a plea bargain and to go to prison if it meant he could come home. He said, “I've volunteered to go to prison with the government many times. What I won't do is – I won't serve as a deterrent to people trying to do the right thing in difficult situations.”
“Of course” he would accept a jail sentence, but “so far, they've said they won't torture me, which is a start, I think, but we haven't gotten much further than that.” As to whether or not the plea bargain is actively being sought by his attorneys, Snowden said, “We’re still waiting for them to call us back.”
When asked if he has regrets about leaking secret surveillance programs, Snowden said, “I regret that I didn't come forward sooner, because the longer you wait with programs like this, the more deeply entrenched they become."
He added, “I have paid a price but I feel comfortable with the decisions that I have made. If I'm gone tomorrow, I'm happy with what I had. I feel blessed.”