[Cryptography] Der Spiegel: "NSA Can Spy on Smart Phone Data"

[Jerry Leichter]

On Sep 8, 2013, at 6:09 PM, Perry E. Metzger wrote:
> Not very surprising given everything else, but I thought I would
> forward the link. It more or less contends that the NSA has exploits
> for all major smartphones, which should not be surprising....

> http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html
A remarkably poor article.  Just what does "gain access to" mean?  There are boxes sold to law enforcement (but never, of course, to the bad guys) that claim they can get access to any phone out there.  If it's unlocked, everything is there for the taking; if it's locked, *some* of it is hard to get to, but most isn't.  Same goes for Android.

The article mentions that if they can get access to a machine the iPhone syncs with, they can get into the iPhone.  Well golly gee.  There was an attack reported just in the last couple of weeks in which someone built an attack into a fake charger!  Grab a charge at a public charger, get infected for  your trouble.  Apple's fixed that in the next release by prompting the user for permission whenever an unfamiliar device asks for connection.  But if you're in the machine the user normally connects to, that won't help.  Nothing, really, will help.

Really, for the common phones out there, the NSA could easily learn how to do this stuff with a quick Google search - and maybe paying a couple of thousand bucks to some of the companies that do it for a living.

The article then goes on to say the NSA can get SMS texts.  No kidding - so can the local cops.  It's all unencrypted, and the Telco's are only too happy to cooperate with govmint' agencies.

The only real news in the whole business is that they claim to have gotten into Blackberry's mail system.  It's implied that they bought an employee with the access needed to weaken things for them.
                                                        -- Jerry