[aklug] Re: smart phone security

From: Jason McEachen <jason@brightshinyobject.com>
Date: Mon Oct 04 2010 - 14:12:02 AKDT

A few years ago I coded up a neat proof of concept for Palm phones that
would quietly (no indicators) turn on the microphone at scheduled times,
record for a bit and then go back to sleep. During the next sync the
audio was attached to an email and sent away.

It was just a matter of getting the app onto a phone. Pair that with a
vulnerability another guy discovered to silently install apps on a phone
using a "drive-by" exploit and you've got fun.

So writing a silent recording app is pretty trivial, and as long as
someone can find a way to get the app installed on your phone (lots of
wacky attack vectors to try) you could be bugged.

We used to put a "null-mic" jack (plastic microphone jack) in all our
devices when they weren't in use to physically disable the internal
microphones. Probably wouldn't work any longer. Any more if we're
going places where we're nervous we remove the battery and pocket it
while leaving the device in the vehicle.

I'm just Little Miss Sunshine,

--Jason

On 10/04/2010 01:04 PM, barsalou wrote:
> Quoting Kurt Brendgard<brendgard@yahoo.com>:
>
>
>> Short answer: yes!
>>
>> Long answer: yes, and has been a real problem in the past, and not just on
>> military bases. iPhone had a security hole in it a while back that made news.
>> People were taking over cell phones remotely, listening in on
>> conversations when
>> the phone was on not in use, wvwn allowing the camera even to be
>> used. And the
>> owner might not even know it. Think that one has been patched, but
>> it's still a
>> concern as far as I know. Smart phones run on some OS, just like a
>> desktop, and
>> holes do turn up that allow people to take over them.
>>
> Kurt,
>
> Do you have any links to some of this stuff for us folks who aren't
> paying as careful attention? :)
>
> I'm not talking of myself, of course...cough, cough.....
>
> Mike B.
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> ---------
> To unsubscribe, send email to<aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Oct 4 14:12:31 2010

This archive was generated by hypermail 2.1.8 : Mon Oct 04 2010 - 14:12:31 AKDT