I can see you (and hear you)…

Dec 21 2006

By Kurt Seifried (kurt@seifried.org)

An interesting month, earlier in the month we have a report that a judge has ok’ed “roving” wiretaps, which use a person’s cell phone as a bug to transmit everything it hears to law enforcement. Oh, but it gets better; this has been going since at least 2004.

To top things off we have Apple Computers Inc. “Security Update 2006-008″ from earlier in the week. This flaw allows an attacker to create Java applets that can use the built in iSight camera on an Apple computer to take images and upload them to a server.

Stop for a moment and look around. How many devices are there in the room with built in cameras and microphones, and the ability to communicate with other devices?

If you think this is bad, it’s only going to get worse:

  • Cell phones (with cameras)
  • Apple computers
  • Windows systems with web cameras
  • VOIP phones
  • Computers with Skype loaded
  • Wifi phones (with Skype loaded)
  • PDA’s

Pretty much everything now has some form of wireless connectivity, be it Bluetooth, WiFi, WiMAX (well soon), cellular capabilities (GSM, 4G, etc.) to name a few.

Add to this new cell phone capabilities, ostensibly designed to make 911 calls more reliable and easier trace. Features like disabling the ability for a caller to hang up on a 911 call, instead giving that ability to the 911 call center (short of taking out the phone battery the call will stay connected no matter what). GPS services are also becoming more common, allowing a 911 call center to remotely query your phone for it’s location, assuming they haven’t queried the phone towers to find your location (directional antenna, signal strength, and chances are more than one tower can “see” you).

As far as IP enabled devices go (VOIP phones, your computer, etc.) the complexity of these devices is mind boggling (most run a fully fledged operating system such as Windows or Linux) and provide environments capable of browsing the web (which means Java support!) and sending and receiving email. The history of these devices is rife with security issues, according to the CVE database for security vulnerabilities and exposures:

  • 37 matches for “VOIP”
  • 11 matches for “Skype”
  • 33 matches for “Bluetooth”
  • 13 matches for “WiFi”
  • 115 entries for “Wireless”

The number of potential covert channels with remotely exploitable vulnerabilities, or capabilities built in to allow law enforcement access makes it almost certain that at least one will be present with you at all times (a cell phone, a computer, etc.).

Maybe we should all invest in sound proof cell phone holders and tape to put on the cameras?

Any ideas from you guys?

FBI taps cell phone mic as eavesdropping tool

Roving wire taps - Judge’s decision

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • Digg
  • del.icio.us
  • Reddit
  • digg
  • Technorati
  • StumbleUpon

Related posts:

  1. February 18, 2008 - Death of the Analog Cell Phone Network
  2. Vishing Incidents: A Preview of the Road Ahead
  3. The Future Of Computing - Closed Platforms
  4. Canada Revenue Agency Training Identity Theft Victims
  5. Year of the Olympic-sized R4t?

Posted by Kurt.Seifried on Thursday, December 21st, 2006, at 8:00 am, and filed under Articles, Future Forecast.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.