Friday, December 21, 2012

The NSA, iPhones, iPads and Juice-Jacking

National Security Agency Seal

Really fascinating stuff!

Neal Ungerleider …How America's Spies Use iPhones And iPads:

Years ago, when spooks and government employees needed a secure smartphone, they turned to Research in Motion's BlackBerry. Times have changed, however. More and more government agencies are capitulating to the fact that their employees prefer Androids and iPhones. Even the National Security Agency (NSA) has adopted to changing times. Fast Company recently discovered that a copy of the NSA's security guidelines for iOS devices (PDF) is online and publicly available.

The unclassified NSA document, written by the Mitigations Group of the Information Assurance Directorate, is intended as a security recommendation manual for network administrators in the government and law enforcement sectors. Although most of it is written in a mixture of bureaucratese and dry technical manual styles, it provides valuable insight into iPhone and iPad spy capabilities and what the ubiquitous devices can do.

NSA employees are specifically worried about iPhones being hacked and converted into intelligence-gathering devices. A long section on risk mitigation warns on outsiders turning on “hot mikes” inside phones, of remote camera activation, of GPS location data being used to spy on users, and for spoofing credentials. While the NSA notes that iPhones are less susceptible to Bluetooth attacks than other smartphones, they are susceptible to exploitation via email spam and cellular networks.

While most of the NSA document reads like a standard best practices checklist, one thing stands out. The NSA seems to feel that human behavior on the part of an iPhone user is the biggest security liability--and endless suggestions are offered to mitigate the risk. One of the biggest risks for iPhones, according to the documents, is being plugged into an unsecured outlet for recharging. Security experts such as Brian Krebs have warned of the (possibly hypothetical) risk of "juice jacking"--rogue charging kiosks at airports or conventions secretly copying data from a victim's phone. As a precaution, the document recommends “provid[ing] additional AC outlet chargers” to users.

Photo by DonkeyHotey - http://flic.kr/p/9PCvvc

No comments:

LinkWithin

Related Posts Plugin for WordPress, Blogger...