Cellphone Insecurity

Apple takes great pains to secure its phones against intrusion.  So in theory does Google.  It turns out, that might not be such a big deal.

What do government agencies want to know from your cell phone?  Top of the list is who you are calling or texting.  Makes sense, right?

Well, it turns out that call data is being backed up on the cloud.  In Apple’s case, the iCloud.  Same difference.  A “cloud” is just a fancy name for a set of computer servers whose location is unknown to you.  These servers are used to store data from a large number of different users, and perhaps millions have access to these devices.

That includes, it seems, government agencies and some of the bad guys.  (Sometimes it can be hard to tell the difference.)

Anyway, Russian software company, Elcomsoft, announced this week that it can download call records from the Cloud or iCloud.  All it needs is the user name and password, and there are software programs to break passwords.  So all it really needs is the username.

So, the government doesn’t need your phone, and it doesn’t need to pay some hacker $1 million to hack the phone, to get most of the information it wants.  They don’t have to subpoena the phone company.  Anyone who wants the phone numbers of your family members or contacts doesn’t have to do that either.  They can just do it.

What’s not clear from the article is how detailed the calling information is.  Does it show your location when you place the call?  I imagine there are divorce attorneys who would love to get their hands on that.

This makes a strong case for using prepaid, “burner” phones.  Burners aren’t just for dealers anymore.


Sources:

  1. Brant, Tom, “Russian Software Downloads Call Records From iCloud,” PC Magazine, 17 November 2016.  http://www.pcmag.com/news/349677/russian-software-downloads-call-records-from-icloud?mailing_id=2469884&mailing=SecurityWatch&mailingID=A93358A7603BA1B0E91034E7487A3040
Advertisements

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s