No, you can’t remotely turn on phones

nsa_eye11

In the NBC interview, Snowden confirms that the NSA can remotely turn on Brian William’s phone. This isn’t true. Just because the NSA can hack into a lot of phones doesn’t mean it can hack a specific model of phone at all.

The NSA has a lot of power over phones, but it’s not omnipotent. There are limitations.

The basic hack Snowden is describing is hacking the “baseband processor”. A phone is actually two computers: a low-power computer that managed communications with the cell tower, and a high-power compute that manages the screen. Right now, when your phone is in your pocket, that high-power computer is off, but the low-power baseband processor is still running, talking to the tower.

The code in baseband processors is crap. It’s relatively easy to find vulnerabilities that can be used to take control of the baseband processor, either by reviewing the code, or setting up a hostile cell tower (like using OpenBTS) and fuzzing. The code is so fragile it’s hard not to find a bug in it.

With that said, there are many different baseband processors. There’s a good chance that when a vendor ships a new phone, the NSA doesn’t have an 0day exploit yet for the new processor that comes with the phone. Also, while they can exploit most phones, there are some phones for which they never find a robust exploit.

Also, once they get into the baseband processor, they then have to get into the main phone system (Android or Apple). That requires a whole new set of exploits, which sometime won’t work. That’s what recent news about a debug feature in Samsung phones was so important — because it created a “backdoor” allow a baseband processor to take control of the phone.

Snowden saw programs that were widely successful at getting intelligence from phones, but he doesn’t understand the details. Yes, there may be a model of phone out there where the NSA was able to “remotely turn it on” (probably because a baseband processor was never truly off), but that doesn’t mean that when you turn off your iPhone that the NSA can do anything with it. Your iPhone, or Brian Williams’ phone, is safe from “remote turn on”.  On the other hand, if you have an iPhone, the NSA is..

Read more: http://blog.erratasec.com/2014/05/no-you-cant-remotely-turn-on-phones.html#.U4c-w3byCSo