Is Your iPad Ratting You Out to the Feds?

Doug Hornig, Senior Editor

David Miranda was detained in a London airport for almost nine hours. When the government set him free, they kept all of his electronics so they could hack them at their leisure. Security experts believe they even turned them into stealthy listening devices. All with court approval.

Your home computer—assuming you still have one, of course—should be safe from the grabby hands of public officials. In theory, at least. Law enforcement personnel are supposed to obtain a search warrant before they barge into your house and start confiscating electronic equipment.

But when you're on the road and perhaps storing important documents on your laptop, tablet, or smartphone, all bets are off. Your devices are subject to seizure on the flimsiest of pretexts, and any data they hold can be pirated.

That's the lesson every traveler should learn from the recent Miranda episode, an incident that, ironically, involved a man with the same last name as the one whose case nearly a half-century ago represents a legal landmark. The earlier Miranda (Ernesto) had his conviction on domestic violence charges voided by the Supreme Court because police failed to inform him that he had the right to remain silent and to have access to an attorney. The decision resulted in the requirement that suspects under arrest must henceforth be given "the Miranda warning," i.e., be read their rights before any questioning can begin.

The present Miranda (David) has become the poster boy for governmental abrogation of basic rights.

You see, David Miranda is the partner of Glenn Greenwald, the British journalist responsible for publishing documents leaked by Edward Snowden.

No matter what one may think of Snowden and his actions, what happened to Miranda is troubling.

On August 18, he was traveling from Germany to his and Greenwald's home in Brazil, a journey that included a stopover at London's Heathrow airport. While in the transit lounge, he was stopped by officers and informed that he was to be questioned under Schedule 7 of the Terrorism Act 2000. This controversial law, which applies only at airports, ports, and border areas, allows officers to stop, search, question, and detain individuals.

Miranda, a Brazilian citizen, was held for eight hours and fifty-five minutes. Not coincidentally, nine hours is the maximum allowable detention period under the law, before officers must release or formally arrest the person of interest. Even though he was released without charges, officials confiscated his electronics, including mobile phone, laptop, camera, memory sticks, DVDs, and game consoles. They wanted the time to hack them, and amazingly the British law allows it.

Under the terrorism law, anyone whose property is taken in this manner is supposed to get it back seven days after confiscation. But in this instance, the UK High Court ruled that British authorities could keep Miranda's property for continued access to his electronics for a total of ten days. Further, the High Court gave authorities judicial permission to "continue investigating the materials" they seized, allowing them to hack all of Miranda's devices as much as they liked.

As a caveat, the Court ruled that British police don't have "official" permission to share or "use" anything they find. But that proscription amounts to little more than a polite nod to privacy advocates. No one doubts that Miranda's hard drives were copied and all personal information extracted. Nor did the Court prohibit authorities from modifying the devices.

This kind of warrantless search and seizure is hardly confined to the UK. An August 2008 exposé in the Washington Post revealed publicly for the first time that the US Department of Homeland Security had been exercising similar powers in secret for quite a while. And its reach is even broader. The policies apply to anyone entering the country by any means, and they cover hard drives, flash drives, mobile phones, iPods, pagers, beepers, and video and audio tapes, as well as books, pamphlets, and other written materials. Moreover, anything confiscated may be held indefinitely. The courts have approved all of these actions.

As in Britain, there are supposedly restrictions in place. For example, federal agents are mandated to take measures to protect business information and lawyer-client privileged material. Copies of data must be destroyed when a review is completed, and no probable cause exists to keep the information.

However, agents are allowed to share the contents of seized computers with other agencies and private entities for data decryption and "other reasons." Copies sent to non-federal organizations must be returned to the DHS, but there is no way to ensure against copies of copies being made and retained. There is also no limitation on authorities keeping notes or making extensive reports about the materials.

The Miranda incident raised the expected howls of protest from journalists and others who fear that such tactics lower a big chill over freedom of the press. This criticism is especially applicable since almost no one suspects Miranda of being involved with terrorism.

No one but the British government, that is. Its "terrorism" net is very wide and of a very fine mesh. It has to be, in order to comply with an injunction from the British high court, which blocked law enforcement from using or sharing material seized from Miranda in a criminal investigation—shortly after a Metropolitan Police (Met) lawyer announced the force had launched just such an investigation.

The injunction permits the authorities to "inspect, copy, disclose, transfer, distribute" the data only in the protection of national security or for investigating whether Miranda himself "is a person who is or has been concerned in the commission, preparation or instigation of acts of terrorism."

For its part, the Met says that it is treating this as a criminal case because Miranda was carrying tens of thousands of pages of digital documents to his partner Greenwald, including "highly sensitive material the disclosure of which would be gravely injurious to public safety." A spokesperson added that the British Home Secretary "does not accept that we are concerned here with journalistic material" and believes that Miranda "is not a journalist, and stolen documents can't be held in confidence and don't qualify as journalistic materials."

The question of who is and is not a journalist is one that's been propelled into the limelight by the Snowden/Greenwald affair, and it's an intriguing one. But what we're more concerned with here is technology.

Breaking and Entering

Specifically, what should Miranda expect has happened to his electronics and, by extension, what should you expect if your own devices are spirited away in an airport for "closer inspection," either in the US or some other country without even minimal concern for privacy rights?

Don't think it'll never happen. Security experts believe that, in addition to suspected terrorists and their sympathizers, there are plenty of other potential targets of domestic and foreign authorities alike, including: political activists of any stripe; journalists specializing in political stories; known hackers and data security specialists; academics involved in political research; corporate personnel connected to certain types of technology; business leaders charged with large-scale decision making; and probably any number of other focus groups that are less obvious.

If you are singled out, the first concern, of course, is data theft. You must assume that all stored information has been compromised... or at least looked at and probably copied for a more leisurely perusal later on. There is no defense against this. If you have to carry sensitive material, you're at risk. Encryption will only slow them down.

Best bet is not to have anything important on there in the first place. If you must transport critical info, make sure you have copies back home—they mean it when they say "indefinite holding." Plus, if you have a hard drive on which sensitive material was previously stored, you might want to wipe that clean. Simply erasing it isn't enough: you need to run a program that completely overwrites all of the data, making retrieval impossible.

But perhaps more insidious is that many government officials may, with impunity, "modify" your computer or phone. They can install hard- or software that gives them future access to your machine and anything you do on it.

For instance, they can add a keylogger that keeps track of all your keystrokes, stores them, and transmits them to a remote computer of their choice.

They can load a Trojan that will be all but impossible for you to detect. It'll just sit there until you do something that it's been programmed to watch for, at which time it will activate and broadcast the desired data. Or the Trojan's purpose may be to provide a back door for a remote controller to enter your computer system, take it over, and use it for any desired purpose. You can essentially be turned into a bot and even be added to a botnet.

Your phone can be turned into a listening and/or tracking device. It can be made to transmit not only your location, but also anything you do with the phone, including voice calls, texts, video, websites visited, app usage, files read, and so on to a designated receiver.

This can be accomplished through physical modifications that can be difficult if not impossible to spot. One method is to remove the SIM (subscriber identity module) card that acts to identify and authenticate subscribers to a mobile service, and replace it with a clone. The spy SIM will contain additional software which allows a wide range of access to device information. Luckily, there's a way to defeat this. Just remove your SIM card and make a tiny mark of some kind on it. Then, if your phone is ever confiscated, or lost, and returned to you, you can check the SIM card. If your mark is gone, the SIM has been compromised, and you should discard the phone.

A second hardware modification a hacker might try is to replace your battery with one that's visually identical but houses a smaller battery and a variety of surveillance tools. Again, you can mark your battery. Or, if you notice that its life diminishes after it's been out of your hands, that could be a sign of tampering. Of course, it could also just mean it's like any other phone and the battery is dying slowly. If you have an integrated battery like in an Apple iPhone, then this might be a pretty difficult task.

Dealing with malware that's been surreptitiously placed on your computer is difficult, because it's sure to have a built-in capability of evading discovery. But it is possible to see if the machine is making any unauthorized transmissions. To do that, you need to be tech savvy enough to use a network sniffer such as Wireshark, which is free and open source. It can detect when your device is making an unexplained network connection, and if it is, to where.

However, if the firmware itself has been modified, then even that won't work, as programs like Wireshark are dependent on the underlying operating system and the drivers telling them the truth.

Once the hardware or firmware has been changed, you won't have any idea what's going on. In that case, you'd need expensive and specialized external hardware to do the job. Or you could pay for a full professional examination of the device. It can be expensive, but depending on the value of the potential data loss, it could be worth it.

The kinds of actions outlined here are especially likely in the case of a high-profile person like David Miranda. Gathering information from his devices on an ongoing basis would be invaluable, especially in the event of future prosecutions. He must expect that it has happened and now has no real choice except to replace all of his electronics.

But the recent revelations about the extent of NSA spying should leave little doubt that one doesn't have to be associated with a fugitive whistleblower to attract the watchful eye of the "national security" apparatus. Further, with corporate espionage on the rise and much of this technology just as available to the private sector, you never know who might be listening in on you.

If someone slipped an extra chip inside your iPhone or modified the operating system under the covers, would you know? Of course not.

Remember, your phone, tablet, or laptop need only be out of your sight and in a skilled hacker's hands for a few minutes in order for the damage to be done. And at that point, there is virtually no way to know that your device is spying on you.

All of this exactly why demand for security software, hardware, and services continues to rise. With the incredible proliferation of electronic devices—many of which are equipped not just with data storage and networking but with microphones, cameras, and even GPS chips and motion sensors—there is fertile ground for new threats to government, business, and personal security. Data security is only increasing in importance, and the companies that provide it are prospering. Just the kinds of companies we keep our eyes out for in Casey Extraordinary Technology.

Sep 12, 2013
comments powered by Disqus