iTnews
  • Home
  • News
  • Technology
  • Security

Smartphone data can be intercepted by NSA: report

By Juha Saarinen on Sep 9, 2013 6:05AM
Smartphone data can be intercepted by NSA: report

Is IPsec standard safe?

The main United States spy agency is able to access user data from Apple iPhones, Blackberries and Google Android devices, according to secret documents sighted by German media.

Der Spiegel has reported on National Security Agency (NSA) documents it sighted that claim the spy bureau has working groups aiming to get access to data held on the phones, and that these have succeeded in compromising devices from leading manufacturers.

According to the documents sighted by the German news organisation, there is no mass surveillance of smartphones by US security agencies. Instead, individuals are targeted on a case by case basis, and the surveillance takes place without the smartphone makers' knowledge.

Presently, the NSA is able to access much of the personal data stored on smartphones. This includes a user's contact list, text messages, notes as well as geographic location information, Spiegel reported.

The documents mention a specific example where the NSA was able to hack in to a person's computer by means of an iPhone set up to sync with it.

Blackberry devices and its email service, which until now was thought to be secure, could also be compromised by the NSA and its United Kingdom counterpart, the Government Ccommunications Headquarters (GCHQ).

However, Blackberry spokespeople told Spiegel that there was no "back door" in its platform but would not otherwise comment on alleged government surveillance of telecommunications traffic.

The revelations of smartphone surveillance capabilites come after last week's leaks by former NSA contractor Edward Snowden that showed the agency has made a concerted effort to circumvent and undermine encryption protocols commonly used to secure data traffic.

Internet giants Microsoft and Yahoo expressed deep concern over security agencies' efforts to subvert encryption and authentication protocols, saying they could be abused. 

"We are unaware of and do not participate in such an effort, and if it exists, it offers substantial potential for abuse. Yahoo zealously defends our users' privacy and responds to government requests for data only after considering every applicable objection and in accordance with the law," Yahoo said in a statement.

In response to news of the NSA allegedly tampering with security protocols, a Democrat congressman, Rush Holt, has tabled a bill in the US House of Representatives that would ban the agency from introducing backdoors or degrading commonly-used encryption.

The NSA sought in 1994 to introduce the so-called Clipper chip encryption device for use in computers and telecommunications quipment, with the government holding the unscrambling key in escrow. 

Civil liberties groups opposed the Clipper chip, which would make it possible for agencies that obtained the decryption key from the government to listen in on communications, and the device was not adopted by manufacturers.

Which protocols are broken?

Meanwhile, cryptographers are trying to understand which, if any protocols, the NSA has managed to compromise.

One of the founders of the Electronic Frontier Foundation, John Gilmore, noted that the NSA took part in and led the Internet Engineering Task Force (IETF) committee developing the Internet Protocol Security (IPsec) standard.

IPsec is a suite of protocols used to authenticate traffic, and also to encrypt data packets for end-to-end security. It is commonly used for virtual private networking (VPN) secure communications applications.

Gilmore said that committee participants with NSA connections would suggest measures that reduced privacy or security for the IPsec standard, and also retained a way for the protocol to specify that no encryption is appled.

The final IPsec standard became "incredibly complicated" Gilmore said, to the point that it was very difficult to analyse and also unusable as a drop-in privacy improvement due to major deployment problems.

NSA employees also lied to the IETF standards committees claiming US export controls banned debating secure cellphone encryption protocols with non-Americans in attendance, according to Gilmore.

Gilmore said current cellphone encryption for voice packets was easily breakable along with that used for the control channel.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cryptographygchqietfinfosecipsecnsasecuritysnowden

Partner Content

Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
By Juha Saarinen
Sep 9 2013
6:05AM
0 Comments

Related Articles

  • Chinese researchers attribute 'top-tier' backdoor to NSA Equation Group
  • Don't remove PowerShell: US, UK and NZ security agencies
  • Java 15 introduced a cryptographic vulnerability
  • FBI says Russian hackers scanning US energy systems
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
NBN Co taking orders for 'non-premises' connections

NBN Co taking orders for 'non-premises' connections
NSW Police scores $100m to connect body-cams to firearms, tasers

NSW Police scores $100m to connect body-cams to firearms, tasers

Digital Nation

IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
The security threat of quantum computing
The security threat of quantum computing
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.