The problem of "Armor and projectile" is not the exclusive prerogative of the military alone, in many areas there is a similar struggle. Drivers are fighting traffic rules, the brain develops banner blindness, bureaucrats are fighting the statistics of coronavirus disease.
Information security is no exception; a centuries-old battle is underway on this battlefield, albeit not as noisy as military operations, but no less fierce. The common story about how Nathan Rothschild made a fortune based on exclusive access to information gave rise to the catch phrase: "Who owns information, owns the world."
The significance of information can be different, the overwhelming majority is not of any interest to others, they cannot derive self-interest or profit from it, but sometimes you want some privacy. Not necessarily to hide illegal actions or something indecent: “I have no secrets from the state” is a favorite phrase for trolling on the topic of privacy, but simply because there is privacy and its obvious rule: “It's none of your business ”. And, since a smartphone has long been an integral part of the human personality ("My whole life is in it !!! 11rasras"), then protecting it from encroachments has long been one of the most pressing personal problems. This applies to both access to information on it and telephone conversations. Today's article will be about modern ways to protect your privacy.
Several historical examples
Children's toy of the eighties
Probably the most famous and simplest crypto-device is the good old "voice distorter" A traditional accessory for spy films of the middle of the last century, which was applied to the receiver and turned the human voice into a characteristic grinding, terrifying the audience.
Later, like many other "James Bond Gadgets", the circuitry allowed the device to be released in a pocket format, and now anyone can download such an application to their smartphone. The method is rather comic and is more suitable for practical jokes than for real hiding information, but at least it will make it difficult to identify the caller by voice. However, they have already "got to", in one spy television series there was an episode where the computer calculated the algorithm of the "distortion" and restored the original voice. Whether there are such programs in fact, I do not know, but it sounds quite plausible.
For quite a long time, telephone communications were exclusively wired. History remembers many facts when spy equipment was connected to a network break and allowed to eavesdrop and record secret conversations. One of the most famous projects of this kind - Operation "Gold" , was comically unsuccessful, due to the fact that the Soviet counterintelligence learned in time about the impending tunnel under the Berlin Wall, to connect to the telephone communications of the Soviet army, and it was decided to use this channel to drain disinformation ...
Representatives of the press inspect the discovered wiretapping site
Many people probably remember the characteristic scenes in the films when an evil spy applies a mysterious box to a highly secret cable, which instantly "magnetizes" to it or to the concrete along which the wire is laid. The box must be supplied with a short cylinder representing the antenna and a special unmasking LED to make it easier for a good spy to find it.
Van Eyck demonstrates the interception of the image from the monitor in the next room
As often happens - the cinema is far from reality, but such an interception is still possible, we are talking about the method of Wim van Eyck. any electronic component emits interference on the air that is modulated by data: transmitted, received or processed inside the device or through communication lines. This method is described in the wonderful book by Neil Sivenson - " Cryptonomicon ":
— , , — . . «- - », — . .
. , . .
. - — , , , - . , . , , — , . , , .
— «», — . — .
— , — . — .
.
— . - - . , , , , — , . , , , : — , .
Further in the plot, the process of decrypting information is described, which is complicated by the fact that data from the laptop screen can be intercepted by the van Eyck method and the hero writes a program that noises the screen with digital garbage imitating the decryption process, but does not principally display this information on the screen. Van Eyck's experiment was done with an ordinary CRT monitor, and the CryptoNomicon used a laptop, but a few years after the book was published, a similar interception was also carried out in reality.
Although it is believed that the interception was made after van Eyck formulated it, Bell Telephone Laboratories reported a similar vulnerability in teletypewriters during the Second World War.
Optical lines are also not protected from eavesdropping. The connectors are the most vulnerable, if they are not lightly insulated enough, then flashes of signals can be considered breaking through the connections. Physical access to the fiber-optic communication line itself also makes it possible to obtain data without destroying the fiberglass and without being built into the line. Theoretically, if you remove the fiber from the cable and bend it to a certain limit, then the curvature will be exceeded, providing the angle of maximum signal re-reflection from the fiber walls and part of the radiation will break through the fiber and the signal can be intercepted.
"Iron" attacks on cell phones
Now let's return to our reality and see what methods of wiretapping lie in wait for an ordinary user of modern smartphones and how you can protect yourself from them. Conventionally, they can be divided into several groups: signal interception between the phone and the base station; introduction of a hardware or software "bug" to receive data directly from the device; remote hacking of the device to gain control over it.
Technically, a telephone is an ordinary receiver and transmitter; absolutely nothing prevents it from receiving the signals that it exchanges with the tower and recording them. Obviously, this makes little practical sense, because the data is encrypted with modern cryptographic protocols. Theoretically, it is possible to combine the first and second attack methods in order to obtain keys for decrypting the signal from a mobile phone.
Carsten Nol The
German cryptography expert Carsten Nol has been methodically, year after year, exploring such possibilities. It has been documented that he managed to infiltrate the exchange of cellular data and decipher telephone conversations several times. The first time he did this was in 2009, using an attack on an encryption algorithm. With the help of volunteers, Rainbow Tables were calculatedfor the A5 / 1 cryptographic algorithm, then used in cellular networks of the GSM standard. The results were presented in a report at the Chaos Communication Congress in 2009.
Later, in 2010, at the same hacker congress, he demonstrated the interception, recording and playback of telephone conversations using cellular devices connected to a computer. Later, in 2011, he showed, using the example of a converted telephone set, the ability to connect to negotiations in GPRS networks with operators who either did not use encryption at all (this happened), or used algorithms "not at full capacity."
In 2013, he was able to demonstrate the vulnerability of phones that used outdated SIM cards. These cards had a digital signature generated by a weak algorithm and could be cracked using rainbow tables. With the digital signature of the SIM card, it was possible to send a service message to it, which would force the phone to download and execute the malicious code. Even in spite of the fact that Java-applications are executed in the "sandbox", they can still, at least, send SMS messages to paid services. Moreover, for some card manufacturers, the sandboxes were not sufficiently protected and allowed access to all functions and information on the SIM card.
It is difficult to say how secure modern protocols are. Several dozen vulnerabilities of various kinds were found in the LTE standard. But, at least, such attacks are extremely complex and accessible only to a narrow circle of high-class specialists. If direct hacking of telephone conversations were very simple, then the Darknet would have long ago appeared instructions allowing any "script kiddie" to eavesdrop on everyone.
Due to the fact that LTE is being promoted as a "cellular Internet for IOT devices", a relatively new type of threat has emerged - the equipment of a telecom operator can be "hit" and get partial control over it. Accordingly, there is a threat of creating botnets based on "Internet irons" and weather stations.
In addition to "hacker attacks", there are completely legal ways to gain access to the content of negotiations, only they are not available to everyone - but to government organizations and special services. We are talking about both the well-known third-generation SORM system and the "Yarovaya Law", as well as direct connection to mobile operators in real time. The latter method is not often used, but there have been cases. During the terrorist attack in Nord-Ost, everyone who lived or worked in the Dubrovka area had an icon on their cell phones, signaling that the encryption of conversations in the cellular network was completely disabled and they were going practically "in plain text". Interestingly, modern operating systems do not have this signaling, and to learn about the type of protocol encryption, you need to install special applications.
Another difficult and expensive, but really working way to get full access to all cellular data within the radius of one cell is IMSI traps . These are “fake” base stations that are embedded in the data traffic and become the MITM point between the smartphone and the cell tower. The algorithm for choosing a base station by a smartphone is designed in such a way that it tries to connect to the most powerful and closest one. Naturally, the "false cell" is tuned so that its power is higher than that of real stations. Unsuspecting smartphones connect to a spy device and after a handshake, the "attacker in uniform" can watch and listen to everything that is transmitted in real time: SMS, voice conversations and Internet traffic, as if he were a cellular operator.
The existence of these stations is not a secret, but their use is classified and data on the work with them are not available to mere mortals. If a special operation is carried out somewhere, no one will tell reporters: “There is a station for intercepting cellular data in this area. Thanks for attention".
We must not forget about the Chinese Golden Shield. Unfortunately, I forgot where I read the story, how a Russian tourist came to the attention of the Chinese special services and I can no longer find the picture. But the tourist was given a photo of the Shield interface available to the police. It looks like a typical online music service, except that instead of tracks, there are telephone conversations.
"Soft" attacks on cell phones
In addition to the "iron" methods of attack, there are also "software" ones. Regular (or not so common) programs installed on a smartphone and monitoring the user. The world of spy apps is so rich and diverse that this is a topic for a separate study, we will limit ourselves to listing the main types.
The most common are programs that disguise themselves as harmless applications, the textbook "Flashlight" that asks for access to calls, contacts, media files and the Internet looks extremely harmless, but the number of permissions requested is terrifying. There are many cases when such programs stole money not only from bills to pay for communications, but also data from banking applications. Although, for the most part, they collect statistics with personal data, which they then sell to advertisers.
The next option is spyware that is installed in secret from the owner of the phone. For example, a husband watches over his wife, or vice versa. Or not very secretly - parental supervision of their children, for their safety and their peace of mind. A less harmless option is that the attacker injects a software bug on the victim's smartphone with the worst intentions. One of the most famous examples is the hacking of Angela Merkel's smartphone by the American special services. The details of the surveillance were not disclosed, it is not even clear what type of wiretapping was, through an "iron" bug, or a program, and, most likely, they tapped the chancellor's old phone: Nokia 6260. The German government assured that modern Blackberry Merkel cannot be tapped, because it has a special encryption chip. However, according to anonymous sources from the special services,Blueberries can also be easily hacked. Who to believe here is not clear.
Finally, the last type of spyware is programs installed by smartphone manufacturers. Everyone remembers how the scandal with Huawei started? The Americans accused the company of spying using hardware bugs in its equipment. And this is not the first time that monitoring hypervisors have been found in server hardware, they have been found for quite some time: Chinese bookmarks: an unthinkable story about virtualization, security and spyware. So, there is no smoke without fire, and it is not in vain that the Americans have taken up Huawei.
With smartphones, everything is not so bad, but sometimes there are incomprehensible programs in operating systems that often connect to unidentified Chinese servers and transfer there some data not related to firmware updates or other system programs. Maybe this is a part of the Chinese "Big Brother", which they forget to cut when exporting a smartphone or buying a "gray" product, or maybe purposeful surveillance - it's hard to understand. But, for the most part, such modules are simply advertising, pop-ups in the middle of the screen or replacing some of the content in browsers.
Types of modern protection
But how can you protect yourself from all these fears and horrors? Let's talk now about confronting threats to our privacy. I must say right away that there will be no pictures and descriptions of Jamesbond gadgets, because in real life everything is much more prosaic.
The sad truth is that the forces are very unequal and the opportunities in this struggle for ordinary people are much less than that of attackers. Not least because the average user is not a hacker, their technical skills are insufficient to counter spy attacks on their own. For example, many people do not think at all when the next conventional "Flashlight" starts asking for too many permissions for their work, they do not look at the confirmation of all the requested powers. Or, once on a dubious site, they obediently poke at all buttons like: "Refresh browser". For the most part, they end up with another paid subscription, but they can get their hands on real spyware as well. Devices on the Andriod operating system are most affected by this, but also on Apple smartphonesfound programs that collected too much data on phone owners.
The methods of protection are the same that have been well known to computer users for decades - a variety of anti-virus programs, attentiveness when installing new applications and visiting suspicious sites.
The most difficult thing to resist attacks against the cellular protocol. The user is practically defenseless against intruders who can intercept, record and decrypt traffic between the phone and the base station. The only way is to make such an interception useless by encrypting the transmitted data, it also helps from the surveillance of special services, which can directly connect to cellular equipment or to records that operators are now required to keep. But this will force the user to completely abandon the usual methods of communication, and programs that provide such an opportunity - one, two and too many. In fact, the least compromised themselves were the Telegram messenger and services like Zello, which were clearly blocked for refusing to cooperate with law enforcement agencies.The rest of the popular messengers were deprived of the attention of the Russian authorities (and not only Russians), which raises serious suspicions that they agreed to cooperate with them. However, the very use of the Cart can already arouse suspicion. It is sad to admit this, but there are enough examples when law enforcement officials demanded to show the contents of smartphones, for the presence of Telegram there and subscription to the channels they are interested in. It is useless to discuss the legality of such demands, but sometimes the detainees were forced to break their smartphones in order not to compromise themselves. An interesting way to deal with this isIt is sad to admit this, but there are enough examples when law enforcement officers demanded to show the contents of smartphones, for the presence of Telegram there and subscription to the channels they are interested in. It is useless to discuss the legality of such demands, but sometimes the detainees were forced to break their smartphones in order not to compromise themselves. An interesting way to deal with this isIt is sad to admit this, but there are enough examples when law enforcement officials demanded to show the contents of smartphones, for the presence of Telegram there and subscription to the channels they are interested in. It is useless to discuss the legality of such demands, but sometimes the detainees were forced to break their smartphones in order not to compromise themselves. An interesting way to deal with this is#DurovAddDoubleBottom , but so far it has not received proper support and distribution. It should be noted that “Internet radio stations” do not leave logs on the phone and cause much less problems in such situations.
If you want to hide your correspondence only from the Internet provider and make useless the logs recorded thanks to the “Yarovaya Law”, it is enough to use a VPN, your own or many ready-made ones. Although, for the most part, this method is more suitable for bypassing locks. When an attacker accesses a smartphone, an encrypted tunnel will not hide your correspondence.
Essentially, VPNs and end-to-end encrypted messengers are an example of a typical scrambler, equipment that has been used by special services for more than a dozen years, ever since the spread of wire telephony and conventional radio communications. The difference is that this is a purely software solution available to any modern smartphone user.
Experts concerned with the security of communications have come up with an ingenious way to counter one of the most subtle attacks - a fake cellular station. There are several programs (for example EAGLE Security), which keep a detailed log of the names of all cell towers, recording their identifiers and coordinates in the database. As soon as a new base station appears, which has not previously entered this registry, and worse, it moves in space, the program sounds the alarm, signaling that the phone is connected to equipment that may be spyware.
It is a little easier to resist the threats that are software spyware modules installed into the phone by the users themselves on their own carelessness or by people who have gained access to someone else's smartphone. Suspicious phone activity, battery draining too quickly - may be indirect signs that spyware is installed on the phone. However, this may be due to the fact that the person himself instructed the "devouring" programs that are not necessarily engaged in surveillance.
To prevent such threats, one of the many antiviruses may be sufficient, the names of which are well known to everyone from communicating with the most common operating system for computers. These programs monitor installed applications, analyze suspicious activity and warn about most of the threats that reckless users expose to their smartphones.
While not all "official" applications behave well and predictably, there are some nasty exceptions. For example, a Facebook client. This program regularly ranks first among the non-gaming applications with the largest volume and drain the battery at a terrible speed. I myself had an unpleasant experience of communicating with this client, when immediately after its installation, the phone literally heated up and began to transmit something somewhere at the maximum possible speed. Despite the fact that the smart was rooted and the applications were as limited as possible, the program was clearly pulling something from my phone. For which it was mercilessly removed and subsequently constantly cut out of all the firmware.
"Iron" protection of smartphones
But not everyone is able and willing to subject their phone to hacking, which is opening the bootloader and installing the root user. Someone does not have enough technical knowledge, someone is still afraid of “loss of warranty”, someone does not want to give up opportunities that may be lost during such an operation.
Some bank clients refused to use their smartphones if they found root, and sometimes it makes it impossible to “pay with the phone” via NFC. There are smartphones that are practically not susceptible to such hacking, including the well-known iPhone, which is becoming more and more difficult to jailbreak. Another category of smarts, which is better not to be hacked, are devices with protection from intruders, built in by the manufacturer itself. For example, Samsung is best known for its Knox system, which is a container that separates sensitive data from the rest of the system that can be attacked. And although Knox is positioned as corporate protection in order to be able to use a personal smartphone for business, without starting a separate "working" device for this, no one bothers to store personal data that is critical for oneself.
Philip Zimmermann
Unfortunately, large manufacturers do not really indulge users with a variety of protected smartphones, and small companies either do not raise enough money to launch a company from a kickstarter, or they make annoying mistakes. For example, the super duper protected BlackPhone , in the creation of which Zimmerman himself took part, had a serious vulnerability that allowed an attacker to gain full control over the device, thanks to an error in one of the third-party programs. The authors of the program promptly released an update, but "the residue remained." Of course, there are still smartphones that are used by military or government officials, but they are not available to the general public and are only of academic interest.
The developers of security systems for smartphones have not ignored hardware scramblers, traditional for wired technology. They were produced, for example, in the form of a wireless headset, which provided voice encryption even “before the smartphone,” inside.
Naturally, in order to talk to the owner of such a scrambler, you had to have your own copy of the device. Such headsets did not receive distribution, due to the high price and the need to supply all subscribers with them, and the company that produces them completely switched to secure smartphones , similar in functions to Samsung Knox, produced, again, for the military and just very rich customers who are concerned about their security.
Crypo analysis
In conclusion, five minutes of unhealthy paranoia.
The bottom line is that users have very little real means to ensure the security of their conversations, correspondence and personal data. Moreover, almost no method guarantees 100% certainty.
The actions of the authorities and developers may not be what they seem in reality. Simple logic dictates that if the RKN is up against only Telegram, then all the other, also very popular messengers willingly cooperate with the Russian authorities and special services. And the recent "unbanned" of the Carts may mean that the messenger was forced to provide a guarantee of access to personal data and correspondence of its users. Moreover, the classic conspiracy theory suggests that this entire two-year epic with the carpet blocking of Tegeli is just a successful operation of the special services, which they launched in order to convince people of his safety and gain free access to all their communication.
Digging deeper, it turns out that almost no one has conducted a serious and transparent security audit of any of the applications or hardware designed to protect user data or communications. The so-called "open testing", when anyone who finds a vulnerability is promised mountains of gold - in fact, only a beautiful slogan. Because serious specialists will not waste time looking for vulnerabilities, which may indeed not be, and this means that their work time remains unpaid, and amateurs who naively hope to get rich due to the fact that they will be able to find a serious bug do not have enough qualifications for such research.
Laws that are universally adopted on the basis of the "Patriotic Act" may not leave a choice to the developers - they are forced to cooperate with the special services. And the stories that Apple did not want to provide tools to unlock the terrorist's phone are successfully launched disinformation. Moreover, many of the found vulnerabilities like Heartbleed look like they were deliberately left as a "backdoor" for government agencies. And in the suitcase of the next passenger on the bus, there may be a van Eyck interceptor, which reads data from the screens of nearby smartphones in real time.
People had previously suspected that they were being eavesdropped, but only Snowden confirmed the global scope of this surveillance.
