[Cryptography] Help investigate cell phone snooping by police nationwide

[John Kelsey]

Blocking the RF on the phone (say, wrapping it in aluminum foil while leaving it in the same room with you) doesn't actually solve the problem.  Most smartphones have a fair bit of memory they can use to record audio, so you may just force the malware on the phone to record the conversation now and send it up later.

Making sure the phone isn't in a position to eavesdrop on a conversation at all is a lot smarter.  The phone designers have already put a lot of effort into optimizing the performance of the phone as a microphone, so it seems like you could test how well things got picked up with various levels of sound shielding (like putting the phone into another room) by using the voice recorder and the speaker phone setting, and seeing if it can detect a noise somewhat louder than anyone's voice is likely to be through the padding.  

I think a phone that was generically eavesdropping on you would massively shorten its battery life.  Processing voice and streaming it via the cell network is what phones are designed to do, and reception and battery life are two of the things the phones' designers focus on.  It's unlikely that a malware writer will get much better performance out of the phones than they can normally do for voice calls.  

I wonder what the optimal strategy for widespread eavesdropping via smartphones is.  Even just listening and running some local pattern-matching for words of interest would probably have a noticable impact on battery life.  (Anyone have hard data on this?)  But given the willingness of the NSA to try to get at everything, it's interesting to ask what they might be able to do on a massive (non-targeted) scale with smartphones.  

--John