For years, “paranoid” surveillance critics have questioned whether cell phones could be used as listening devices by government snoops. Last month, National Security Agency whistle-blower Edward Snowden said that they can—even when they’re turned off. Tech experts have now confirmed Snowden’s claim.
Snowden said last month that the NSA and the UK’s Government Communications Headquarters (GCHQ) have the ability to eavesdrop on sounds picked up by the microphones built into mobile phones, particularly Apple’s iPhone.
“They can absolutely turn them on with the power turned off to the device,” Snowden had claimed.
According to the UK-based Mirror, Los Angeles software engineer Eric McDonald said that Snowden is correct, and users whose devices had been compromised would likely never know.
“The screen would look black and nothing would happen if you pressed buttons but it’s conceivable that the baseband [the cellular function] is still on, or turns on periodically,” McDonald said. “And it would be very difficult to know whether the phone has been compromised.”
When Snowden initially made his claim during a televised interview with NBC’s Brian Williams, the cybersecurity blog Errata Security quickly denied that the NSA could remotely manipulate cellular devices. But after considering the agency’s ability to install an “implant” on a device—either by physical manipulation or through wireless networks— the technology blog came to a different conclusion.
Errata Security consultant Robert Graham explains: “An ‘implant’ is when the NSA intercepts your phone and installs hardware or software on it. Usually this is because they intercepted a shipment, snuck into your hotel room, or ran a remote exploit (via the Internet or via the baseband). Yes, an implant gives the NSA full control over your phone — but it’s difficult getting the implant on your phone in the first place.
“Once the NSA installs an implant, then of course they can remotely ‘power on’ your phone, because it’s not really powered off — even when you think it is,” he continues in a blog post.
Graham is careful to point out that it would be difficult and likely illegal for the NSA or other agencies to conduct surveillance on American citizens in such a manner.
“In theory, the NSA can’t operate in the United States — so the department that’d be hacking your phone would be the FBI,” the tech expert writes.
“And what they can do legal is …. I just don’t know anymore,” he continues. “I’d’ve said in the past that they’d need a warrant, but apparently police departments are hacking phones without warrants.”