Tuesday, December 5, 2006

Eavesdropping through your cell phone

FBI taps cell phone mic as eavesdropping tool discusses a federal court case that has scary implications. In a recent court case it was disclosed the FBI has developed a new form of eavesdropping: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. Further the eavesdropping works even if the phone is turned off, because some phones do not turn fully off unless you remove the battery. That's because some phones have an alarm feature that wakes the phone even if it's turned off.

This was disclosed in a court case against two alleged mobsters, John Ardito and his attorney Peter Peluso. Further details are in an opinion written by U.S. District Judge Lewis Kaplan. The judge ruled this was legal under U.S. Code TITLE 18, PART I, CHAPTER 119, section 2518. And they did get proper wiretapping approval from the judge.

The ruling doesn't state how the "roving bug" got installed, simply that it was. Hover the CNET article refers to a Financial Times article, Use of mobile helped police keep tabs on suspect and brother describes several privacy vulnerabilities which were exploited by European law enforcement in a different case.

First, cell phone operators are able to track the location of a phone to within 2-3 meters (about 5-10 feet for American readers). They do this through triangulating based on signals from three or more cell towers. Law enforcement can request tracking of a cell phone, and tracking is done in real time.

Second, cell phone operators can tap any phone call.

Third, cell phone operators can remotely install software into a handset, without the knowledge of the owner of that cell phone.

While it's nice and interesting that law enforcement can do this, this has to be a vulnerability that nefarious third parties can also exploit. This is because the mechanisms the cell phone operator uses are probably not secured well enough to prevent others from also using those mechanisms. As one of the experts quoted in the Financial Times article says:

"We have inadvertently started carrying our own trackable ID card in the form of the mobile phone," said Sandra Bell, head of the homeland security department at the Royal United Services Institute.

The CNET article gives some convincing evidence that the case they're reporting on must have relied on remotely turning on the cell phone. For example the Mafioso involved in this case were already suspicious of being tailed, so any attempt to physically borrow their cell phone to implant a physical "bug" would have been doubly suspicious.

This BBC article, 'This goes no further...', discusses routine use of remote monitoring through a cell phone. It has even been used to listen to the UN Secretary General Kofi Annan's conversations through his cell phone. There is no way anybody had an approved wiretap order to legally listen through his cell phone.