This answer is dangerously naïve. Phone basebands and radios are full of vulnerabilities, if you don't want your phone to be a potential surveillance device given any minimally sophisticated adversary you should either turn off the radio or preferably shut it off entirely and remove the battery.
Hypothesis B: it's not dangerously naïve, it's deliberate misinformation designed to coax technical but unskeptical people into lowering their guard against this class of threat.
A little OT but strongly related: in France you can go to prison if you refuse to give your phone's password to the police (nothing like a "free country", I guess).
Is there a way to set up a phone so that typing a "special" password puts the phone in an alternate state with different apps and content, etc. (and possibly erase the regular content)?
- I presume that's considered willful destruction of evidence and interfering with an official investigation, and worse charges than whatever you were probably facing (unless you really did fuck up and committed something bad).
- Investigators are not going to be typing your password into the running original device, they're going to be trying it against an offline clone of the encrypted storage. All that will happen is the decryption won't succeed and they'll tell you that it was the incorrect password and continue holding you until you give it up.
> Investigators are not going to be typing your password into the running original device, they're going to be trying it against an offline clone of the encrypted storage
Oh no, absolutely not. We're not talking about "investigators" here, just random cops in a random precinct who have zero infrastructure, zero knowledge about anything, and aren't pursuing any serious "investigation".
They will absolutely type your password into the running device. They're doing this all the time.
On point 3, while I agree he shouldn't be required to give up his password, we should note that they did find child porn on other devices and that there is testimony from another witness of more porn on those hard drives. I'm just saying that this is a bit different than there being no sufficiently prosecutable evidence and the courts requiring it. In fact, that's why they claim his 5th Amendment rights aren't violated (though obviously the length of his sentence relies upon that). He could currently be prosecuted under the current evidence, and that matters.
Google Play is a rootkit. Google will fully cooperate with any government. If you use GrapheneOS on a pixel device your bootloader is closed source and the system-on-chip is largely undocumented and impossible to audit without serious resources. So yeah. Shit's fucked man.
> Google will fully cooperate with any government.
I'll remind you that on previous MacOS versions (8 years ago?) researchers had discovered that the Mac laptop's integrated webcam could be turned on without the green LED turning on. So basically: the webcam turning on without the user knowing it. And way weirder: some random company somehow had the rights to sign code using that "feature".
The story got pretty much killed.
I'm sure if some digging had been done, you'd have found some three letter agency behind the shell company enjoying the very strange right to turn the webcam on on MacOS devices without the LED turning on.
For everybody out there: rest assured though, Apple are the good guys and there's no way they have the ability to turn on the webcam of your Mac laptop today without you knowing about it. [1]
> French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.
I would assume this is possible. If the gov wants to bad enough, I'd guess most OSes have a way to remotely control and observe. A state has resources to research 0days, bank them, and use them as needed. But probably not worth using unless it's for a high value target.
Considering most mobile phone operator would require you to install additional software to be able to use their network and that they would most likely cooperate with the authority if asked by the justice department.
No, it's not a bot ring. I assume you think that because I posted links to stackexchange quite a few times the last few months. Instead, I just skim over stackexchange.com as part of my feed and when there's something what I assume HN interests, I post it here.
I don't care much about Karma. I posted this specific topic since I find it kind of hilarious that police should now lawfully be able to do something they are almost surely not able to do. And I enjoy discussions to such topics here on HN, because most of the time the viewpoints mentioned here are at least of the same quality of the answers on stackexchange.
But it’s a good question. I want to know.
I am assuming this is not possible. The only thing i know of is capable of doing so is pegasus. But it’s very expensive afak.
It costs about 2-5M$ to buy or develop a new weaponized zero-click vulnerability that would allow you to simultaneously hack all 1,000,000,000 iPhones in use. So around 1/20 of a cent per iPhone.
To me the real question is. Technical feasibility aside.
Would the cell phone manufacturers (Apple, Samsung, Motorola, Nokia, Xiaomi, etc) say no when faced with the possibility of losing market share in France. Because of a law pushed through under the cover of security. Many a liberties have slipped under that blanket cover called security.
I think they will put in this feature if it's not already there.
I think the way it probably works is that if the US gov. wants to root someones phone anywhere in the world they just do it via some API given to them by apple/google directly.
If a foreign country wants to do it to someone on foreign soil (like the saudis to bezos did [1]) they exploit some vulnerability brought on the free market (like the whatsapp/video message exploit chain the saudis used, or exploits like the NSO zero-click iMessage exploit [2]).
If a foreign country wants to spy on its own citizens who protest the government, they could just use the local phone carriers capability to silently ping, update firmware or change system settings remotely, those are intentionally part of the mobile standards (including intentionally weak encryption) so governments can spy on its people.
Not to undermine the plausibility of your suggestions, but I like to wonder how answers like this read like to someone with direct experience and knowledge.
I know for a fact that my electronics (including smartphone) is being monitored (including this post) by my government.
That probably doesn't surprise others. What isn't as known is that the government also intrudes into chats with other people on social media.
They don't just monitor, but actively interfere.
Edit: By the way, Nokias and other dumbphones (without physical off-switches -- the PinePhone has them, but good luck getting one) can also get their mic and GPS remotely activated. The partial solution is to get one with a removable battery and remove the battery whenever not in use.
iPhones can be hacked into through IMEI if you connect them, but are useful, encrypted offline-only PDAs if you don't install any app.
Also, if your electronics are being spied on by the government to this degree, chances are you are also being physically monitored.
This is always a dumb take I see by so many people. No goverment is monitoring all electronics and there is zero evidence that is the case. Sure companies collect a lot of user data and that user data could easily be given out with a request. Or maybe if you are a really big target they might use a zero day against you but they are never going to have all electronic devices connected to a botnet. You and many other people can test it right now, just run a basic traffic analyzer through your phone or PC.
IANAL nor French, but reading the article, is this just saying that French police can get a warrant, issued by a judge, that allows them to tap a suspect's device (not longer than 6 months)? I just want to make sure I got the facts right.
As far as I understand that, since there is no explicit clause prohibiting an extension after 6 months. I think it is safe to assume that it can be extended by another 6 months provided the suspicion persists (i.e. a judge can be convinced).
I'm not french myself, so take it with a grain of salt.
Readit News
Say, a transcribed text of a conversation, for example's sake.
Is there a way to set up a phone so that typing a "special" password puts the phone in an alternate state with different apps and content, etc. (and possibly erase the regular content)?
- Investigators are not going to be typing your password into the running original device, they're going to be trying it against an offline clone of the encrypted storage. All that will happen is the decryption won't succeed and they'll tell you that it was the incorrect password and continue holding you until you give it up.
- This is hardly unique to France, US courts have jailed suspects for refusing to provide passwords in numerous cases. https://arstechnica.com/tech-policy/2017/03/man-jailed-indef...
Oh no, absolutely not. We're not talking about "investigators" here, just random cops in a random precinct who have zero infrastructure, zero knowledge about anything, and aren't pursuing any serious "investigation".
They will absolutely type your password into the running device. They're doing this all the time.
https://cdn.arstechnica.net/wp-content/uploads/2017/03/rawls...
I'll remind you that on previous MacOS versions (8 years ago?) researchers had discovered that the Mac laptop's integrated webcam could be turned on without the green LED turning on. So basically: the webcam turning on without the user knowing it. And way weirder: some random company somehow had the rights to sign code using that "feature".
The story got pretty much killed.
I'm sure if some digging had been done, you'd have found some three letter agency behind the shell company enjoying the very strange right to turn the webcam on on MacOS devices without the LED turning on.
For everybody out there: rest assured though, Apple are the good guys and there's no way they have the ability to turn on the webcam of your Mac laptop today without you knowing about it. [1]
[1] yes, this is sarcasm
> French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.
https://www.lemonde.fr/en/france/article/2023/07/06/france-s...
Why would anyone stir up the civil libertarians if the thing you are making legal is not possible?
Even if warrants are initially mandated for a specific search, couldn’t this erode into, ‘it’s just a quick scan’?
What if it’s ‘useful’ to ‘quick scan’ their own President? ‘Confirming their security’.
Could this evolve into a subtle shift in the balance of power? In other words, a political crisis?
Where the intelligence agencies have informational advantages over any elected office.
From information into knowledge, you could easily have behind the scenes figures who have unmatchable insight and ability to coordinate.
Suddenly every target has value…
This is a question with one short answer (at the time of my comment). It's hard to imagine why it made the top on its own merits.
I don't care much about Karma. I posted this specific topic since I find it kind of hilarious that police should now lawfully be able to do something they are almost surely not able to do. And I enjoy discussions to such topics here on HN, because most of the time the viewpoints mentioned here are at least of the same quality of the answers on stackexchange.
If it had a discussion or even a good answer, it would have made perfect sense.
I assumed the goal would be stack overflow karma, as that's actually valuable.
Do you know what other hardware your baseband processor has the ability to inspect?
Would the cell phone manufacturers (Apple, Samsung, Motorola, Nokia, Xiaomi, etc) say no when faced with the possibility of losing market share in France. Because of a law pushed through under the cover of security. Many a liberties have slipped under that blanket cover called security.
I think they will put in this feature if it's not already there.
If a foreign country wants to do it to someone on foreign soil (like the saudis to bezos did [1]) they exploit some vulnerability brought on the free market (like the whatsapp/video message exploit chain the saudis used, or exploits like the NSO zero-click iMessage exploit [2]).
If a foreign country wants to spy on its own citizens who protest the government, they could just use the local phone carriers capability to silently ping, update firmware or change system settings remotely, those are intentionally part of the mobile standards (including intentionally weak encryption) so governments can spy on its people.
[1] https://www.wired.com/story/bezos-phone-hack-mbs-saudi-arabi... [2] https://www.wired.com/story/apple-imessage-zero-click-hacks/
That probably doesn't surprise others. What isn't as known is that the government also intrudes into chats with other people on social media.
They don't just monitor, but actively interfere.
Edit: By the way, Nokias and other dumbphones (without physical off-switches -- the PinePhone has them, but good luck getting one) can also get their mic and GPS remotely activated. The partial solution is to get one with a removable battery and remove the battery whenever not in use.
iPhones can be hacked into through IMEI if you connect them, but are useful, encrypted offline-only PDAs if you don't install any app.
Also, if your electronics are being spied on by the government to this degree, chances are you are also being physically monitored.
https://www.lemonde.fr/en/france/article/2023/07/06/france-s...
I'm not french myself, so take it with a grain of salt.