12.29.06
FBI Uses Razr, Nextel, and Samsung Phones as Bugs, Even When They’re Off
As reported in this Dec. 13, 2006, wire story in the Seattle Times (and originally reported by CNET on Dec. 1), the FBI now has the capability of using several high-end models of cell phones to conduct audio surveillance, even when the phones are powered off.
The new technique, public details of which are scant, came to light in a Nov. 27, 2006 court opinion (excerpts) issued by US District Judge Lewis Kaplan in a case involving a multi-year investigation of top members of the Genovese crime family in New York state. Ten of 34 defendants in the case had moved to suppress evidence gathered using the cell phones. In the opinion, Kaplan ruled the evidence was legally obtained under Federal laws authorizing “roving bugs.”
The FBI, not surprisingly, will not discuss specifics of the technique. Kaplan’s opinion states, “The device functioned whether the phone was powered on or off, intercepting conversations within its range wherever it happened to be.”
James Atkinson, described by CNET as “a counter-surveillance consultant who has worked closely with government agencies” and employed by the Granite Island Group in Massachusetts, told reporters that the technique likely utilizes the built-in capability of higher-end cell phones to automatically download software and firmware updates. A special update could be “pushed” to the phone causing it to discreetly activate the microphone, capturing all sound in its vicinity and transmitting it in the clear, where it could be easily intercepted and recorded. This approach, long discussed in security and hacker circles, would not require physical access to the phone, Atkinson said.
The only defense against such surveillance would be to physically remove the phone’s battery, or to be inside a Faraday cage, which blocks all static electrical fields and electromagnetic radiation.
Nextell, Motorola Razr, and Samsung 900 series phones are reported to be particularly vulnerable to such an exploit, though other makes and models are as well. Ironically (for the mobsters), the US Commerce Department web site first posted a public warning about just such a vulnerability in 2001. Court documents related to court approval of the roving taps list Nextel as the carrier used by at least one of the indicted suspects, John Ardito. When queried for the story by CNET, Nextel, Mortorola and various wireless carriers declined to comment.
While some security experts consulted by CNET maintain the Bureau probably gained access to the cell phones and physically installed a special transmitter (pointing in part to related affadavits that discuss a “listening device placed in the cellular telephone”), the general consensus favors the remote activation method.
The FBI’s use of similar remote activation of OnStar systems in GM cars for surveillance purposes was revealed as a result of a 2003 lawsuit.
In 2004, the BBC reported that intelligence agencies and industrial spies routinely use remote activation of cell phones to conduct covert surveillance. The news article was written as a backgrounder after British MP Clare Short revealed that UN Secretary General Kofi Annan and other senior UN officials had been bugged by British spy agencies during the lead-up to the invasion of Iraq. The BBC backgrounder theorized that remote activation of UN delegates’ cell phones was the likeliest method the surveillance had been conducted.
Short’s revelations came after the collapse of the prosecution of Katherine Gun, an employee of GCHQ (the British equivalent of the NSA), who was charged with releasing a secret email from US spies “requesting British help in bugging UN delegates ahead of the Iraq invasion.” Short stated categorically that she had “seen transcripts of Kofi Annan’s conversations.”
A year prior, in 2003, a security sweep at the European Union headquarters in Brussels revealed the phone lines of six EU member countries had been tapped during a period of intense diplomacy surrounding the then-pending invasion of Iraq. That case, however, reportedly involved physical listening devices and not remote activation of cell phones. Belgian police told reporters for Le Figaro they had identified the devices as American, but EU officials said at the time they could not identify their origin.
A 1994 Federal law — the Communications Assistance for Law Enforcement Act (CALEA) — mandated that carriers modify their networks to make it easier for law enforcement (and now, post-PATRIOT ACT, intelligence agencies) to tap digital telephone communications. In 2005, the FCC issued an administrative “Final Rule” extending CALEA to internet broadband and Voice-over-IP (VoIP) providers. EPIC and other privacy groups filed suit, challenging the measure as an illegal expansion of the law. (More at EPIC’s web site.)
