Silk Road forums
Discussion => Security => Topic started by: astor on June 26, 2013, 05:29 am
-
Before a dinner of pizza and fried chicken late Sunday in Hong Kong, Edward J. Snowden insisted that a group of lawyers advising him in the Chinese territory "hide their cellphones in the refrigerator of the home where he was staying, to block any eavesdropping," as my colleague Keith Bradsher reported.
Why a refrigerator? The answer does not, as some might assume, have anything to do with temperature. In fact, it does not matter particularly if the refrigerator was plugged in. It is the materials that make up refrigerator walls that could potentially turn them into anti-eavesdropping devices.
"What you want to do is block the radio signals which could be used to transmit voice data, and block the audio altogether," Adam Harvey, a designer specializing in countersurveillance products explained. Refrigerators made from metal with thick insulation could potentially do both, he says, regardless of whether it is mild or icy within.
On the data-transmission front, thick metal walls can create a sort of electromagnetic barrier, which enables the device to function as something known as a Faraday cage. A true Faraday cage is a space where radio waves cannot pass and therefore data cannot be transmitted. Although all fridges don't function this way, those constructed with more metal have the potential to serve this purpose.
A Faraday cage is a metal shield that protects anything inside from electrical charges. This means a person wearing a Faraday suit, as pictured here, is protected from the high-voltage arcs of a Tesla coil.Peter DaSilva for The New York Times A Faraday cage is a metal shield that protects anything inside from electrical charges. This means a person wearing a Faraday suit, as pictured here, is protected from the high-voltage arcs of a Tesla coil.
Another household object that functions similarly, Mr. Harvey has learned through his research into cellphone data transmission, is a stainless steel martini shaker.
"It's a perfect Faraday cage – it will block all radio signals unless you decide you need to pour yourself a martini," he said. Although this sounds like a plot point in a James Bond movie, Mr. Harvey has actually done extensive tests on the shaker in the process of developing a surveillance-blocking cellphone case called the OFF Pocket.
Blocking data transmission, of course, is a different issue from muffling audio. Although a thick refrigerator door is good at masking sound (as anyone who has lost a cat inside one knows), soundproofing is not necessarily integral to its design. An ideal refrigerator for a person on the run would be one that functioned as an acoustic anechoic chamber — a sort of Faraday cage for sound — meaning that not one hint of a syllable could make it from the Pepsi-laden kitchen table to the phone in the veggie crisper. Given that refrigerators' insulation levels vary, however, from an audio perspective, burying the phone in a pile of clothes one room over, Mr. Harvey suggested, might be a more reliable solution for someone seeking to subvert prying ears.
Those new to these issues are most likely asking the question – why not just ask everyone to turn off his phone and remove the batteries? Beyond the fact that many phones these days do not easily enable battery removal, identifying a pure off is complicated.
"A lot of modern devices (not just phones) do have states that are somewhere in between fully on and fully off, where some circuits are powered up and others are powered down," Seth Schoen, senior staff technologist at the Electronic Frontier Foundation, a civil liberties group that focuses on rights in the online world, explained by e-mail. (Snowden appears to be a supporter of the organization, as he was photographed with an E.F.F. sticker on his laptop.) "These modes often allow the device to wake up autonomously if certain conditions are met, such as pressing a certain key or even receiving certain data over the Internet on a wired Ethernet connection (known as ‘wake-on-LAN')."
Battery removal can be equally deceptive. Even once one figures out how to extract the primary battery, there may be additional power sources within the apparatus. "Some phones use an additional battery for memory management; it's unclear whether this battery could be used by logging and/or tracking systems such as Carrier IQ," Mr. Harvey explained, referring to software that monitors mobile phone users.
http://thelede.blogs.nytimes.com/2013/06/25/why-snowdens-visitors-put-their-phones-in-the-fridge/
-
they make a faraday cage cell phone holder and I heard you should put your phone in airplane mode.
-
Cheers edward snowden, All the best to that guy, I hope he fucking gets away, did anybody see wikileaks statement on him? Hes getting diplomatic escorts so he cannot be stopped by normal law enforcement and for extra security.Anybody who knows some things about law will know that if hes with chinese diplomats he is one smart fucker. Wikileaks is providing legal aid.
heres the wikileaks statement on snowden here http://wikileaks.org/WikiLeaks-Statement-On-Edward,253.html
and here is the full transcript of the press conference.
http://wikileaks.org/Transcript-of-WikiLeaks-Press.html
and here is the brittish journalist that is travelling with snowden.
http://wikileaks.org/Profile-Sarah-Harrison.html
Heres to edward snowden the legend.Risking his liberty for the rest of his life for all of us to live in a surveillance free world.
-
I'm not sure what this article is stating regarding phone surveillance. It seems to be all over the place. I assumed all modern forms of phone surveillance could be counteracted by shutting the phone off and removing the battery. Is this article stating that this is not true? I'm not sure the specific brands of phones the article was referring to, as far as which have the feature of having other devices inside them that are "on" when the phone is actually "off," but I assume it is talking about the iphone, since it mentioned some phones have batteries that are difficult to remove (there's no easy way I know of to remove an iphone battery). However, I assume a tracfone could beat all of this, as they are a thousand times simpler than iphones. Simple flip phones with one battery could not possess the complexity that this article describes. I assume simply buying a prepaid phone that is simple (not a smartphone with all of that app junk) can easily bypass all of this nonsense.
The perpetual improvement of technology (and therefore the increasing of prying eyes into private business) makes me feel as though human beings are getting too far ahead of themselves. One technological step forward, two ideoogical steps back. We've become far too powerful for our own good. How I wish, at times, that we could go back to the days where the most advanced piece of equipment in one's home was a toaster.
-
I have sympathy for snowden. I hope he gets away as well.
I have not been able to follow this as much as I want, What information did he give out?
All I know is it has to do with our big 3 letter government agencies.
-
I have sympathy for snowden. I hope he gets away as well.
I have not been able to follow this as much as I want, What information did he give out?
All I know is it has to do with our big 3 letter government agencies.
Basically that the NSA keeps a log of every phone call every US citizen makes, including number called, date, time and which tower was used. This coming weeks after the head of the NSA testified under oath before Congress that the NSA does not record data on Americans who are not suspects. Also that there is a rubber stamp process at Google, Microsoft, etc. for getting all emails and personal data for anyone they want. Initially the damage control was "oh but it's just metadata, not the actual content!" But that spin seems to have waned, so I suspect he also has proof that the content of ordinary American citizens' phone calls and emails is being recorded for posterity.
I reckon he is fucked no matter what. Even if he gets to a country that doesn't extradite to the US, I'm sure the CIA or Navy SEALS will eventually kidnap him to bring him back for a show trial then life in prison, or kill him during a kidnap attempt.
-
I know that electronics can hold a charge for 12-24 hours; I am wondering if removing the battery isn't enough to completely inhibit outside backdoor manipulation.
-
Also, if you are Indiana Jones, you can climb inside a refrigerator and survive a nuclear blast.
-
Okay I see the point of using a refrigerator as a farady cage but this title immediately made me think about the cold-boot attack because it involved a phone and a fridge !
I once read an article about hackers that managed to crack the encryption on an Android device, thus accessing to all the private information on it.
All data is crypted on the device until you enter the password for the key. But in order to not re-enter it each time you want to access a contact the encryption key is stored in the RAM. That means that as longs as the phone is on it is readable but gets erases when it's off.
Except that RAM cells take a little time to go void... And if you make them colder, then the information stay on it a little longer.
So the hackers put the Android phone in a freezer for 30 minutes or an hour, then entered the password and turned it off. Supposedly no-one can access the information. Except they launched back the phone to their own rooted system through the dual-boot they previously installed and on their rooted system were the software to crack the key MD5 hash or stg like that that were to be found in the RAM, thus granting them access to the clear data ! Because the RAM was frozen, the data remained there for several minutes.
Of course it is far from a real-case scenario but I found their achievement rather impressive !
-
Here is a guy testing the phone in the fridge theory and it failed. Phone received calls while inside. I'm sure it's true for some refrigerators depending on constructions, but clearly not all. He then put it inside a stainless cocktail shaker and that blocked the phone from receiving a call.
Snowden probably put them in the fridge mostly to prevent them from recording the conversation.
CLEARNET http://makezine.com/2013/06/26/edward-snowden-can-a-refrigerator-function-as-a-faraday-cage/
-
Shit. So Edward Snowden is a cunt.
Or chinese fridges are fucking thick. Maybe they are made to be a backup house in case the country is under nuclear attack, you'll never know how far these chinese can go with their mind.
-
Perhaps more convenient than a refrigerator is a faraday bag - just like a faraday cage blocks signals to/from the cellphone, but you can put it in your pocket.
-
This should deffo work with a microwave oven, too. Let's say a well shielded one.
The setup I mention was the other way around. You know you're going to buy yourself a neatly shielded oven, one that would contain those nasty microwaves you'd be exposing your body too, if you can't call your cellphone whilst the door is shut and fail to come through.
I tried that in a mall and it's quite hard to find one that does sufficient shielding. If it's the same in regard of stealth you need to decide whether you favor a wet damp and cold cellie, or a greasy one.
Who is Snowden btw. :-[
-
What about cell phones placed inside a toilet? Would it prevent eavesdropping?
Just need to be careful not to flush KT.
-
I obviously missed the point and will leave you fine folks.
-
Cellphones security sucks and LE can backdoor them without you noticing a thing. Audio can be transmitted at any time, even when you power the phone off.
Blocking signal from phone is not even enough as it can store audio and video/pictures in memory and transmit when online again.
Only safe way is to distance phone from yourself so it cannot pick up any sound.
That's why he put the phones in a fridge, probably far away from where they were talking.
-
Cellphones security sucks and LE can backdoor them without you noticing a thing. Audio can be transmitted at any time, even when you power the phone off.
Blocking signal from phone is not even enough as it can store audio and video/pictures in memory and transmit when online again.
Only safe way is to distance phone from yourself so it cannot pick up any sound.
That's why he put the phones in a fridge, probably far away from where they were talking.
I suppose if you don't do anything private inside your refrigerator pics video and sound recorded would not be very useful even if anyone stalking you were to have them uploaded from your cell phone at a later time.
-
Computer electronic bags provide this protection. Id be surprised if MBB didn't.
-
why not just have those people remove the batteries from their phones?
-
Here is a guy testing the phone in the fridge theory and it failed. Phone received calls while inside. I'm sure it's true for some refrigerators depending on constructions, but clearly not all. He then put it inside a stainless cocktail shaker and that blocked the phone from receiving a call.
Snowden probably put them in the fridge mostly to prevent them from recording the conversation.
CLEARNET http://makezine.com/2013/06/26/edward-snowden-can-a-refrigerator-function-as-a-faraday-cage/
A Faraday shield requires near zero resistance, which the refrigerator lacks at the door seals. It may block sound, but not radio waves. If this is Snowden's idea of security, he's a dead man walking.
He should've put phones in metal bowl covered with aluminum, or better yet test it.
Not hard to do. Just put it in test area, and dial the number.
Thanks and good luck..
-
Computer electronic bags provide this protection. Id be surprised if MBB didn't.
Some MBBs come with static shielding, but some don't.
Here's how antistatic bags work:
"A Faraday cage operates because an external static electrical field causes the electric charges within the cage's conducting material to be distributed such that they cancel the field's effect in the cage's interior. This phenomenon is used, for example, to protect electronic equipment from lightning strikes and electrostatic discharges."
And here's how MBBs work:
"Two primary moisture barrier technologies are used for bags. Barriers of aluminum foil and aluminized polyester are used where low MVTR is required. Most SMD's are packaged in a metal barrier bag. Thick layers of plastic can also be used to provide limited barrier for very short-term applications."
A few mm thick layer of aluminum won't block phone signals. The antistatic bags that computer hardware is sold in may not be strong enough to completely shield phone signals either. I don't know for sure, haven't found any references, but I'd do some research before basing my safety on one of those bags.
-
There is a pretty awesome product being released this month through kickstarter...
The OFF Pocket...
"The OFF Pocket™ is a phone case that blocks all wireless signals from entering and exiting the case.
To use the OFF Pocket™ simply place your phone inside the case and close it. Your phone is now OFF. Untrackable. Unreachable. Unbreachable.
The OFF Pocket has been extensively tested on all major networks, including Verizon, AT&T, T-Mobile, and Sprint. It is compatible with all mobile phone hardware including but not limited to iPhones, Android, Blackberrys, Nokia as well as all modern phone operating systems."
"Our preliminary lab tests demonstrated full shielding effectiveness for the wireless spectrum used by smartphones. We will continue testing more phones and carriers and will publish our test results during our Kickstarter launch."
Sounds good to me
-
Recently one of my friends told me something along the lines of 'if your phone is on they can use it to listen to your conversations' i thought to myself... no way... really? I guess it is true, this is pretty fucked. When ever we would talk about anything we would turn our phones off. Its pretty intense now i cant imagine what it will be like in 10 years.
-
Yeah, I heard a long time ago that carriers can push hidden apps to your phone, which will record sound and video, and continue to work even when the phone is turned off. Only way to protect against it is to root your phone or take the battery out.
-
Taking the battery out is not a guarantee, you have to drop it in a Faraday cage. A good makeshift cage is a stainless steel martini shaker. You have no idea if your device has other batteries, holds a charge, or can remain open to wake commands with the battery out.
You can also buy Faraday bags on the internet everywhere, or cover your room in a makeshift cage.
I'm in Canada and thought about selling some hardened android phones with my vendor account, I use wind and a custom android build that rips out all /system/bin packages that can be exploited, hardens the sysctl stack, custom iptables, seandroid policies set to enforce, and various trips and traps I hacked into AOSP to make a forensic investigator's life hell should they try to ADB sideload through recovery.cpp or enable Airplane mode. I can also write an ebook how to do this yourself using Amazon/AWS free instance.
Whatever you guy's do DONT FUCKING USE BLACKBERRY. Customs just plugged in some guy's blackberry the other day and accessed it right in front of him in seconds. Yes it was encrypted, yes it was one of those bullshit "4096 Enterprise Server private phones". Get an Android phone, they are easy to custom build.
If you just want basic security then look up Secdroid on XDA developer forums. He makes them for Nexus 4 which you can buy directly off google at below cost. I wouldn't recommend them for high profile security (ie: you sell drugs and get caught) unless you never store anything on them except Redphone contacts and use Textsecure, tunneled through a vpn in Iceland preferably.
-
Recently one of my friends told me something along the lines of 'if your phone is on they can use it to listen to your conversations' i thought to myself... no way... really? I guess it is true, this is pretty fucked. When ever we would talk about anything we would turn our phones off. Its pretty intense now i cant imagine what it will be like in 10 years.
Batman did it.
-
Game has changed guys.
If your phone accelorometer is on (that thing that flips the screen when you turn the phone) and you leave it lying beside your laptop/keyboard it can be used to record keystrokes. It can also be used to record your movements. It can also be used to figure out your screen unlock pattern.
Your laptop most likely also has a mic an adversary can remotely enable to listen in. Avoid this by running some sort of live O/S, the usual suspects like dee.su or Tails, or your own custom build. Or anything besides Windows/OSX
-
Game has changed guys.
If your phone accelorometer is on (that thing that flips the screen when you turn the phone) and you leave it lying beside your laptop/keyboard it can be used to record keystrokes. It can also be used to record your movements. It can also be used to figure out your screen unlock pattern.
Your laptop most likely also has a mic an adversary can remotely enable to listen in. Avoid this by running some sort of live O/S, the usual suspects like dee.su or Tails, or your own custom build.
Do you have any information on this? I would love to know how an accelormeter could be used to record keystrokes on your laptop unless someone already has some sort of info on how you type. I could see how it could figure out your screen unlock pattern.
-
Bruce Scheneir has a few articles on it, here's one
http://www.schneier.com/blog/archives/2013/02/guessing_smart.html
It's a growing side channel. Just google 'accelerometer passwords' there is loads of articles out about it recording keyboard strokes just by sitting on your desk.
-
+1 my man Astor.. chock full o' useful knowledge! 8)