Can the NSA Remotely Turn On Your Mobile Phone? Page 2


Finding a bug in a baseband processor may only be a matter of time, but the NSA would need to find bugs in every single type of processor, and sometimes find new bugs when old ones get patched.

But even if you have control of the baseband, you still aren't into the operating system, which you would need to do in order to get really important information such as emails, contact lists, documents and more. Do the baseband processors have enough control over the operating-system processor to turn the phone on?

Dial 0 for Operating System

Accessing a phone's operating system from its baseband "requires a whole new set of exploits, which sometimes won't work," wrote Graham.

7 Everyday Techs Spying On You

An Iranian government scientist claims to have invented a real, working time machine -- the latest in a list of wild inventions from the country with no basis in reality. But that got Anthony thinking ... is time travel possible?
Sara Hayward/Getty Images

He argued that it's safe to assume that most phones are safe from remote activation. The NSA may be looking for such vulnerabilities, but that doesn't mean it always has them. MORE: 13 Security and Privacy Tips for the Paranoid

Zdziarski takes a different stance. "Based on what we know NSA's abilities are," he said, "they are probably putting their best people on trying to find exploits for [mobile phones] and I think it's entirely possible they could have exploited certain phones to this degree."

Zdziarski pointed out that all smartphones have a number of strong links between the baseband and the operating system, such as the federally mandated ability to make emergency calls. Even if a phone's access screen is locked by a PIN or password, it can still call 911.

"If the baseband is the master of that main processor, I'd think one way or another, it would have some type of control over being able to power up that processor," Zdziarksi told Tom's Guide.

Top 10 Spy Tactics

It's possible that a means of accessing the operating system from the baseband is built right into the phone. The NSA has put "backdoors" — hidden exploits — into other products, so it's not unreasonable to assume something similar happens in a mobile phone. Zdziarski has come across many undocumented features buried in iPhones that seem to be designed to yield the phone's data.

The NSA also has an enormous budget, and it's been known to pay top dollar for zero-day (previously unknown) exploits on the black market.

"I'm not saying this is easy. Even if had zero cooperation [from phone companies], I can see a process like this costing tens of millions of dollars," said Zdziarski. "But the NSA has tens of millions of dollars to spend."

Ultimately, all of this is speculation. Snowden might have read a document about baseband hacks that has not yet been released to the public. Several independent hackers and researchers have published research on hacking a baseband, but so far no one has issued a proof-of-concept hack for remotely turning a phone on by going through the baseband.

Malware, That's Where

There is another possible explanation for the NSA's alleged ability to turn on depowered smartphones, but it is far less broad, and requires compromising a smartphone before you're able to remotely activate it.

A phone infected with malware, ideally during a brief period when spies have physical possession of the device — sometimes called an implant — could be made to turn on via remote command, or do a number of other things.

But as Graham points out, it doesn't seem that Snowden and Williams were talking about implants.

"The question was Brian Williams holding a phone asking what the NSA could do to it — in the future (power it on)," Graham wrote. "He wasn't asking what they'd done to it in the past (install an implant)."

Baby, Turn Me On

So how worried should you be that the NSA is turning your phone on? The answer is, unless you're a foreign spy or a very high-value target, probably not very much.

The Cat Who Couldn't Spy: A CIA Fail

While the NSA does do some broad surveillance on all Americans, Snowden told Williams that most high-level smartphone hacks, including turning it on remotely, hacking the microphone or camera, or stealing data stored on it, are aimed at specific individuals.

"It's important to understand that these things are typically done on a targeted basis," Snowden told Williams. "It's only done when people go, 'This phone is suspicious. I think it's being held by a drug dealer. I think it's being used by a terrorist.'"

Get More from Tom's Guide

This article originally appeared on Tom's Guide. Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Recommended for you