HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
NSA Snoops Like The iPhone
- Thread starter HardOCP News
- Start date
WorldExclusive
[H]F Junkie
- Joined
- Apr 26, 2009
- Messages
- 11,548
NSA - Does everything and then some.
blitzkommando
Gawd
- Joined
- Oct 25, 2009
- Messages
- 888
Good thing that iOS 3 and 4 are ancient at this point. I'm sure there's spying going on still, and obviously on other platforms, but it's good to hear that such things are more difficult to do (at least for the moment).
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Doesn't matter if the OS/phone is "safe". Just grab the data at the tower or gateway.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
They do this with Android phones with Carrier IQ. If you install a custom rom like CyanogenMod then they can't do anything.
timtheenchantor
Gawd
- Joined
- Jun 17, 2005
- Messages
- 962
Nothing is inherently "safe." The data pipes reach places where NSA has their fingers.
For example, the NSA has servers that are in AT&T closets. Any data going in and out of that closet is touched. So even if you encrypt or lock your stuff down, once you submit data to the 'net, you better be safe and assume it is being looked at.
timtheenchantor
Gawd
- Joined
- Jun 17, 2005
- Messages
- 962
Actually they can. The data leaves your phone and hits a tower. The NSA is known to have locations where the data feeds into their system and they sift through it. It's widely known that AT&T has a deal with the NSA - it is safe to assume the other major carriers are in the same boat.
If you feel you have control over what data you send, you might as well not send it. That's the best way to control your data. Not to use it or communicate at all in any fashion. But, since our society is so heavily reliant on this type of data - you can be sure that the NSA has quite a bit of information already.
And this has been happening for over a decade.
This isn't true at all.
If you've gone through the trouble to root, I bet you have USB debugging enabled, right? Well all that they need to do is plug it in and use a few ADB commands to unlock it. This is one of the main reasons why in 4.2 steps were made to lock debugging down to one device at a time. Not enabling full disk encryption or allowing non app store installs are also good ways inside.
i love it how tech people love to bash other companies without even knowing the facts...
OutOfPhase
Supreme [H]ardness
- Joined
- May 11, 2005
- Messages
- 6,577
NSA has spy tools for pretty much everything, I'd assume. They're, well, spies. It's what they do.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
It's probably more efficient to have the phone send over data, then for the NSA to gobble up everything that flows through the pipe.
If you've ever seen what Carrier IQ catches, it's the important stuff like phone numbers, passwords, and text messages. Things like music, YouTube, and downloaded games are probably less of interest to the NSA. I imagine if the NSA took every bit of data everyone used, they would have massive storage problems.
If they have the phone physically, you're probably SOL anyway. Probably better off smashing the phone, instead of handing it over to them.
It's the same way that they are snooping on iphone users in the article. They either had direct access to the phone, or to a computer which has a backup of the device. As you said, if they have access to it directly it's game over.
And I guess no one remembers the devices that some police departments had a few years ago that dumped basic information from mobile phones during traffic stops.
And I guess no one remembers the devices that some police departments had a few years ago that dumped basic information from mobile phones during traffic stops.
here in the uk the cops use these for all mobiles http://www.msab.com/xry/what-is-xry
long as you are arrested they can get your phone off you plug it and its all done in a couple of minutes.
Outamyhead
Supreme [H]ardness
- Joined
- Jan 3, 2008
- Messages
- 4,263
Well I guess that cuts out asking Apple for an image of the phone.
Really?
If you've heard of CyanogenMod, then the NSA's heard of CyanogenMod.
Just when they think they are safe. Shit, I'll go out on a limb here.
Let's say there is no way to beat CyanogenMod. What the NSA has done in the past is flew the government's mighty wallet and wallla ! They just bought themselves a backdoor in and they do it with the very people/service you think you can trust because these terrorists screwheads can't program this shit themselves so they do just like other people do, they jump on the latest and newest "secure" tool and hope it stays secure long enough.
How many startups get comprimised from the very bigging, before they even get off the ground?
You want secure? Stay off the networks.
BladeVenom
Supreme [H]ardness
- Joined
- Jun 29, 2005
- Messages
- 7,707
The NSA is doing more with peoples iPhone than the average iPhone user.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
CyanogenMod provides the source code. If there's a secret NSA back door, it's in there. All unofficial CyanogenMod ports are built from that code. At some point, people would have found out about it like Carrier IQ.
It's not just CyanogenMod either. AOSP and MIUI also don't come with Carrier IQ. Even though HTC, Samsung, and Motorola make Android phones with open source code, doesn't mean you can see the changes they make to the code with the phone you bought.
Nothing is 100% secure, but staying off a Network is like moving into the woods and chopping wood while hunting for food. Yea nobody knows you exist, but now nobody knows you exist.
Not having Carrier IQ on the phone doesn't stop them, but it sure doesn't help them.
What is the biggest issue with code that everyone has, open or closed source? Almost no one audit's code that has no known problems. Sometimes the conditions where the error occurs just didn't exist until now, or people just simply assume that since it's been there for 20 years it's perfect. You can do a search now for "old linux bug" and see bugs that were 6, 8, 10+ years old that people just now found, or were known but no one bothered to fix.
Having more eyes does not always mean that every flaw is found.
Godmachine
[H]F Junkie
- Joined
- Apr 7, 2003
- Messages
- 10,472
Indeed. Its safe to assume that the hacks that might have been patched have been replaced with new ones for the newer mobile OS.
Its interesting to read though , despite it being scary at the same time. I would have thought that Android would have been the preferred platform.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
Bugs vs code that deliberately records input and sends it over to an IP address is two very different things. Carrier IQ was caught because of two reasons. People noticed a process running in their phone, and people looked at the data packets sent from the phone. That rang alarm bells and people investigated further, which led to the discovery of Carrier IQ.
Though today that data that Carrier IQ would have collected can be done through Google itself. But people don't have to use Google services, but how many people actually use alternative services? Even iPhones use Google services.
That's because most of what Snowden stole was while he worked for Dell in Japan. He pillfered it from drives while he was servicing the hardware warranties. His Clearance wasn't even finalized until 2011.
Everyone has this view of Snowden like he was working this job and realized that the NSA was doing really bad shit and so he bravely sacrificed his life to save us all. What horseshit. He was a warranty tech for Dell at an NSA facility in Japan. He was there for 4 years and somewhere along the line someone screwed up and he got his hands on some drives with data on them and he was curious and stole it. Now he wasn't cleared for it, and he wasn't briefed on the programs and what they were about or what safeguards are in place for them. Taken out of context I bet those documents, the ones he could make some kind of sense out of, looked pretty interesting. So he want's to see more, be more, he wanted to be a hero SF trooper when he joined the Army, (never made it out of basic training), and he was a big time security guard at the NSA's, (drum roll please), language school at the University of Maryland, then he was finally up close but couldn't do anything in Japan. He wanted to be more, so he lied on his resume, got hired by Booz Allen Hamilton, and within just 3 months they were already starting to see problems with him, he realized it was all going to crash down on his head and so he grabbed some drives, another 20,000 documents, just whatever it was he could grab, and ran his ass to Hong Kong. The Russians are keeping him to embarrass the US but once they get tired of him they will simple cut off his support, tell him welcome to Russia, and he will have to make it on his own.
Problem is, he ain't that good of an IT whiz, hell he had to lie to get his last job, and who will need him that bad when he can't speak Russian or read Cyrillic. He can't leave, he is marked for life and the FBI will not forget about him. He is screwed, he screwed all of us, and himself. And some of you think he's a hero.
But hey, no worries, the Guardian and Der Speigle love him.
One needn't be a hero to expose the greater evil. I despise Julian Assange, but at the same time he is less of a despicable bastard than those whose machinations he reveals.
You never question the state, so you wouldn't understand.
This.
You missed the point I was making. Not everything is obvious, and for that matter surveillance does not always have to be on. If I were them, the first thing I would do is pay hackers to find exploits in the fundamentals of various operating systems, deep in code that been around forever that everyone has a "if it ain't broke don't try to fix it" mentality to then I would sit on them, and pull them out when needed against specific targets. surgical strikes are much less likely to be seen than mass collections. and even less likely to be patched.
I do, and have, questioned the state, or the Federal Government to be more precise. You just conveniently miss it.
I prefer to call them on what they are really doing wrong and not on the latest fire the media is whipping up for whatever purpose they have in mind.
Just because I call people on bullshit doesn't mean I am someone's stooge.
I miss it because I haven't seen you do it, and so far have only seen you mock those who do. It's not a matter of convenience. It's a matter of what you choose to say.
they have, many times... the do parallel constructs for drug arrests... amazing, dictator shit if there ever was one.
So basically, because the messenger is a douche, we should ignore the message?
I agree that Snowden is no hero in any classical sense, precisely because he is a douche. But what he has done is heroic and far more patriotic than any one of us can ever hope to be. The NSA is single-mindedly (in the defense of terrorism) attacking the fundamental concepts of what the ideal of America was based upon. Don't let the message get lost over a sense of misguided patriotism.
Ad hominem at its best.
OK, see, I don't see a guy who lies to get a job, then realizes he is about to get crushed so he grabs all the goodies he can and runs for the hills screaming fire as a patriot or a hero. He's just an ass.
And I am saying they are not, it's a lie, it's a blown all out of proportion mistaken belief.
Tell me how the NSA can defend what they are doing, without telling all the bad guys at the same time, and thereby destroying a valuable and necessary set of programs?
Why anyone is so quick to believe the reporters at a crackpot rag like the Guardian is beyond me. Those guys are the hacks/ambulance chasers of the media world and they are no less bought and payed for then any other media source. They just aren't owned by people who have the same agenda as Fox, CNN, MSNBC, and the rest of them.
I keep reading people make comments on how corrupt the Government is but no one wants to talk about how completely bought and payed for and beyond any semblance of ethics our media has become. So why are they any more believable then the guys in the Black Suites?
So when some reporter writes a 5 paragraph piece that has one line of factual statement, that isn't actually damning to begin with, while the rest of the article is all conjecture and supposition wrapped in an evil smelling blanket, forgive me if I don't swallow it whole like a hungry dog under the dinner table.
You guys are mad cause people are telling you the NSA is betraying your trust and the principals of our nation. But the guys who are doing the telling have truly done exactly this very thing and you don't even notice it. Heck, even when someone points it out to you guys you still won't let go of that dirty smelling blanket.
What news Der Speigle had for us today, that IOS 3 and 4 were collecting peoples' location data.and the NSA had discused it and figured out how they could use it as well. It's the NSA's favorite.
So picture this discussion;
Mr. Director;
"Agent Smith, last week you reported that our tech geeks can get all kinds of juicy stuff from a bad guy's cell phone, and that the easiest one with the best info is the IPhone which is the hottest selling phone world wide?"
Agent Smith;
"Yes sir Mr. Director, we even have some guys who have written some scripts we can leverage that make pulling the data from an IPhone very easy, it gives us a very good picture of a bad guys life as a whole."
Mr. Director;
"That's excellent work Agent Smith, but what about different phone carriers? What is the impact on the effectiveness of this vulnerability if the phone is on the Shab-Imlaba network vs say a US network like Verizon?"
Agent Smith; "and blah blah blah ......
And that is what the media is bringing you. See, they will leave out this "from a bad guy's cell phone" and let all of us fill in that blank with ... "American citizens" if they don't come right out and speak the lie outright.
Go ahead, go back, re-read the articles, cut out the flourishes and distill them and get to the nugget of what they are actually saying in each one. They never even come close to actually justifying what they insinuate or claim with the Headline. Go on, see for yourself. See who is really betraying you.
I will admit that on this, you have a point, in that the DEA collecting 4 billion phone records a day is even more appalling. Somehow, though, I know you guys get a piece of that action.
The cog in the machine cannot step outside to assess if the machine is broken. If it stops turning, then it KNOWS the machine is broken. So it just keeps on going, because stopping to question the machine makes it stop, and we cannot live without the machine. We'd be killed by terrorists.