How the NSA Accesses Smartphone Data

This image comes from a presentation called "Your target isusing a BlackBerry?...

The US intelligence agency NSA has been taking advantage of the smartphone boom. It has developed the ability to hack into iPhones, android devices and even the BlackBerry, previously believed to be particularly secure.

Michael Hayden has an interesting story to tell about the iPhone. He and his wife were in an Apple store in Virginia, Hayden, the former head of the United States National Security Agency (NSA), said at a conference in Washington recently. A salesman approached and raved about the iPhone, saying that there were already “400,000 apps” for the device. Hayden, amused, turned to his wife and quietly asked: “This kid doesn’t know who I am, does he? Four-hundred-thousand apps means 400,000 possibilities for attacks.”

Hayden was apparently exaggerating only slightly. According to internal NSA documents from the Edward Snowden archive that SPIEGEL has been granted access to, the US intelligence service doesn’t just bug embassies and access data from undersea cables to gain information. The NSA is also extremely interested in that new form of communication which has experienced such breathtaking success in recent years: smartphones.

In Germany, more than 50 percent of all mobile phone users now possess a smartphone; in the UK, the share is two-thirds. About 130 million people in the US have such a device. The mini-computers have become personal communication centers, digital assistants and life coaches, and they often know more about their users than most users suspect.

For an agency like the NSA, the data storage units are a goldmine, combining in a single device almost all the information that would interest an intelligence agency: social contacts, details about the user’s behavior and location, interests (through search terms, for example), photos and sometimes credit card numbers and passwords.

No Access Necessary

All the images were apparently taken with smartphones. A photo taken in January 2012 is especially risqué: It shows a former senior government official of a foreign country who, according to the NSA, is relaxing on his couch in front of a TV set and taking pictures of himself — with his iPhone. To protect the person’s privacy, SPIEGEL has chosen not to reveal his name or any other details.

The access to such material varies, but much of it passes through an NSA department responsible for customized surveillance operations against high-interest targets. One of the US agents’ tools is the use of backup files established by smartphones. According to one NSA document, these files contain the kind of information that is of particular interest to analysts, such as lists of contacts, call logs and drafts of text messages. To sort out such data, the analysts don’t even require access to the iPhone itself, the document indicates. The department merely needs to infiltrate the target’s computer, with which the smartphone is synchronized, in advance. Under the heading “iPhone capability,” the NSA specialists list the kinds of data they can analyze in these cases. The document notes that there are small NSA programs, known as “scripts,” that can perform surveillance on 38 different features of the iPhone 3 and 4 operating systems. They include the mapping feature, voicemail and photos, as well as the Google Earth, Facebook and Yahoo Messenger applications.

The NSA analysts are especially enthusiastic about the geolocation data stored in smartphones and many of their apps, data that enables them to determine a user’s whereabouts at a given time.

According to one presentation, it was even possible to track a person’s whereabouts over extended periods of time, until Apple eliminated this “error” with version 4.3.3 of its mobile operating system and restricted the memory to seven days.

Still, the “location services” used by many iPhone apps, ranging from the camera to maps to Facebook, are useful to the NSA. In the US intelligence documents, the analysts note that the “convenience” for users ensures that most readily consent when applications ask them whether they can use their current location.

 

Spiegel.de has the full article

(Photo: This image comes from a presentation called “Your target isusing a BlackBerry? Now what?” It shows an email from a Mexican government agency which was sent using BlackBerry encryption technology — and intercepted by the NSA nonetheless.)

You may also like...