Bookmark and Share

Controversial NSA whistleblower, Edward Snowden, teamed up with Andrew “Bunnie” Huang, a hacker currently suing the US Department of Justice challenging provisions in the Section 1201 of the Digital Millenium Copyright Act, to create a phone case that can aid in countering digital surveillance.

According to the US legal theory surrounding 4th Amendment law termed “third-party doctrine” any person who volunteers information to a third party, such as banks, phone companies, ISP’s etc. are allowed “no reasonable expectation of privacy.” This allows the US government to obtain metadata information from third parties without the usual warrant and probable cause protections. According to Snowden and Huang’s report titled Against the Law: Countering Lawful Abuses of Digital Surveillance, journalists, whistleblowers, activists and the like, can be seen as valuable hacking targets for governments and political institutions. They also assert that these journalists are often unwittingly betrayed by their own devices which can be hacked to glean their location, even when the phone is in its non-transmitting airplane mode.

Snowden and Huang’s report goes on to explain that what you see on your phone’s screen is not necessarily a true representation of all its currently running operations. Since a hacked phone’s software cannot be trusted to act according to the owners wishes, what is Snowden and Huang’s solution? They have offered the creation of a device that plugs directly into the hardware of the phone and constantly scans to determine if the phone is transmitting.

The Power to Know

According to Snowden and Huang’s report, this project was initiated partly in response to the alleged targeted killing of American war correspondent Marie Colvin. Colvin had been as an intrepid war reporter for the British newspaper The Sunday Times since 1985. Known nearly as much for her trademark eyepatch, worn since losing here eye to an RPG attack while covering the Sri Lankan civil war in 2001, as her humanitarianism and journalism. Marie Colvin and french photographer, Remi Ochlik, were killed while covering the siege of the Syrian city of Homs in February 2012. Recent evidence has prompted lawyers to file a civil suit on behalf of the Colvin family against the government of Syria, claiming that her cell phone signals were hacked and she was subsequently targeted for assassination by the Assad regime for her reporting on civilian casualties.

Marie Colvin and Remi Ochlik

With the invention Snowden and Huang have in mind, reporters and journalists would be able to know of a dangerous situation or hacking immediately. They’ll be able to know right away if their device has been compromised and could be sending crucial information.

What Exactly is it?

After diligent testing and analysis of exactly what type of info your iPhone is transmitting and when, the pair of hackers proposes the creation of what looks like a common battery case that many use to achieve extended battery life. And it is in effect, the Snowden case will give the phone some additional power, but it main functions would include a digital readout that notifies the user when the phone is in “dark” mode. The phone is considered dark as long as it is not transmitting when it isn’t supposed to, such as when the phone has been placed in airplane mode. If the device has been hacked, the case would inform the user through digital display whenever the device has betrayed its owner and begins transmitting GPS, Bluetooth, cellular data or WiFi without being authorized to do so.

The device, termed “Introspection Engine” will be a user-inspectable, open source, field-verifiable module that attaches to an existing smart phone and makes no assumptions regarding the trustworthiness of the phone’s operating system. The case itself will contain the introspection engine’s electronics core which is proposed to consist of an integrated circuit called a field-programmable gate array (FPGA) and an independent CPU that runs its code base totally walled-off from the iPhone’s CPU. This physical separation is a design feature meant to minimize the potential exposure of the introspection engine to any malware that may have infected the CPU core of the iPhone itself.

The protective case has yet to be completed and has so far only undergone the research and technical analysis phases. The research can likely be applied to just about any modern smartphone, though currently the device is only being constructed for the 4.7 inch Apple iPhone 6. The duo have said the project is “run through volunteer efforts on a shoestring budget”,  so the device may not be available for some time.

To learn more about becoming a force in the cybersecurity field, click here.

Author: Jeffrey Sabranek