On Sep 8, 2013, at 6:09 PM, Perry E. Metzger wrote:
> Not very surprising given everything else, but I thought I would
> forward the link. It more or less contends that the NSA has exploits
> for all major smartphones, which should not be surprising....

> http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html
A remarkably poor article.  Just what does "gain access to" mean?  There are 
boxes sold to law enforcement (but never, of course, to the bad guys) that 
claim they can get access to any phone out there.  If it's unlocked, everything 
is there for the taking; if it's locked, *some* of it is hard to get to, but 
most isn't.  Same goes for Android.

The article mentions that if they can get access to a machine the iPhone syncs 
with, they can get into the iPhone.  Well golly gee.  There was an attack 
reported just in the last couple of weeks in which someone built an attack into 
a fake charger!  Grab a charge at a public charger, get infected for  your 
trouble.  Apple's fixed that in the next release by prompting the user for 
permission whenever an unfamiliar device asks for connection.  But if you're in 
the machine the user normally connects to, that won't help.  Nothing, really, 
will help.

Really, for the common phones out there, the NSA could easily learn how to do 
this stuff with a quick Google search - and maybe paying a couple of thousand 
bucks to some of the companies that do it for a living.

The article then goes on to say the NSA can get SMS texts.  No kidding - so can 
the local cops.  It's all unencrypted, and the Telco's are only too happy to 
cooperate with govmint' agencies.

The only real news in the whole business is that they claim to have gotten into 
Blackberry's mail system.  It's implied that they bought an employee with the 
access needed to weaken things for them.
                                                        -- Jerry

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to