Whistle-blower turned Russia-based privacy advocate Edward Snowden has proposed a device that will inform users when their phones are tracking or disclosing their location.
Named “The Introspection Engine”, this will be an open source, user-inspectable and field-verifiable module attached to an existing smart phone “that makes no assumptions about the trustability of the phone’s operating system”.
In a lengthy article, Snowden said: “Turning off radios by entering airplane mode is no defense. Furthermore, airplane mode is a “soft switch”; the graphics on the screen have no essential correlation with the hardware state. Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface; trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”
Snowden intended the application to be for journalists working in sensitive areas, as “smartphones are extremely complex and present a large, porous attack surface” and “even a perfectly secure phone will not save a reporter from ‘victim-operated’ exploits such as spear-phishing”.
He intended the Introspection Engine to monitor radio activity using a measurement tool contained in a phone-mounted battery case, which engine has the capability to alert a reporter of a dangerous situation in real-time. “The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on,” he said.
“This work is not just an academic exercise; ultimately we must provide a field-ready introspection solution to protect reporters at work. Although the general principles underlying this work can be applied to any phone, reducing these principles to practice requires a significant amount of reverse engineering, as there are no broadly supported open source phone solutions on the market.”
He said that from the outside, the Introspection Engine will look and behave like a typical battery case for the iPhone 6 and as well as providing extra power to the iPhone 6, the case will contain the introspection engine’s electronics core.
“The electronics core will likely consist of a small FPGA and an independent CPU running a code base completely separate from the iPhone 6’s CPU,” he said. “This physical isolation of CPU cores minimizes the chance of malware from the phone infecting the introspection engine.”
Snowden intends to build a prototype over the coming year, and verify the introspection engine’s abilities, and will be built for the iPhone 6 and later for other makes and models of phones.
“By grouping radio control test points together, leaving them exposed, and publishing a terse description of each test point, direct introspection engines can be more rapidly deployed and retrofitted into future smartphones,” he said.
However Cesare Garlati, chief security strategist at the prpl Foundation, doubted how this would aid the confidentiality, integrity and authenticity of mobile communications.
He said: “There is an easier way to make sure your mobile device doesn't send unwanted communications: turn it off and remove the battery, and if you really care about this, don't buy ‘sealed’ devices that don't allow you to remove the battery.”