2013年9月12日木曜日

NSA Crack Smartphone Privacy Codes

NSAがスマホのパスワードを解読したとのこと。
解読されたスマホは、iPhone、Blackberry、Android系。

Champagne
・2010年3月
 GCHQによるBlackberry圧縮データ解読プログラム完成

NSAやGCHQは、通信データを傍受して、情報を監視との報道が多かった。
今回の報道では、各々のスマホに侵入し、保護されているデータを含め、
保存されている多くの個人データ(連絡先、SMS含むテキストメッセージ、
メモ、位置情報)やスクリプトにアクセス可能とのこと。

以前から、Blackberryの盗聴は話題になっていたが、Blackberryの広報
は、「バックドアは無い」と説明。しかし、通話、データ通信を含む
通信の政府による監視については説明がなかったとのこと。
Blackberryは世界中どこにいても、加のサーバに必ず接続するとの記憶
があったが、そこで、監視しているのだろうか。

iPhoneは、Carrier IQの実装を止めた頃に、NSAがPrivacy Codeの解読が
完了したので、NSAは、Appleに対して拒否しなかったのか。

IPSecの標準化会議に、NSA職員がさんかとのことだが、その先は不明。

グローバル企業による占有率が高いスマホは、盗聴だけではなく、書換
えやスクリプトの実行もでき、監視だけではなく、工作も可能なようだ。
グローバル企業は、現地法律により、治安当局の監視下に置かれること
を考えると、スマホをありがたがるのもどうかと思う。
ガラパゴスケータイとバカにされることが多いが、監視を考えるとまだ
ましかもしれない。

ブラックベリー禁止
中国 国営ネットの諜報活動
スマホ 個人情報を収集
GCHQ Espionage
NSAの監視先


---US NSA and UK GCHQ 'can spy on smartphones' ---
8 September 2013 Last updated at 18:58 GMT
http://www.bbc.co.uk/news/world-europe-24009342

The US National Security Agency (NSA) is reported have cracked the security codes which protect data on iPhones, Blackberries and Android devices.

German news weekly Der Spiegel says documents suggest the NSA and the British GCHQ made joint efforts to gather intelligence.

Teams looked at each phone to crack its privacy codes, Der Spiegel said.

Saturday saw thousands of demonstrators in Berlin demand that the NSA stop monitoring internet users.

Codes unlocked

The documents Spiegel has seen do not show whether or not there has been mass surveillance of phone use.

Once the intelligence teams had unlocked the codes, agencies could read a user's contacts and lists of who had been called.

The BBC's Steve Evans in Berlin says the reports do seem to indicate that the British and American security agencies have the ability to read private communications beyond what might have previously been thought possible - or desirable by those who fear the intrusion of the state.

The magazine did not explain how it had obtained the documents.

But one of the authors of the article, Laura Poitras, is an American filmmaker with close contacts to the NSA whistle-blower Edward Snowden.
'Champagne'

According to the documents seen by Der Spiegel, the Canadian manufacturer of Blackberry phones began using a new method to compress the data in May 2009.

Intelligence agents were unable to access some information on BlackBerry phones for about a year afterwards, the Associated Press news agency said.

Der Spiegel's article said that GCHQ then cracked the problem, too - and analysts celebrated their achievement with the word "Champagne".

A stream of recent revelations about international data surveillance has ignited a heated debate in Germany about the country's co-operation with the United States in intelligence matters.


---Smartphone data can be intercepted by NSA: report---
By Juha Saarinen on Sep 9, 2013 6:05 AM
http://www.itnews.com.au/News/356173,smartphone-data-can-be-intercepted-by-nsa-report.aspx

Is IPsec standard safe?

The main United States spy agency is able to access user data from Apple iPhones, Blackberries and Google Android devices, according to secret documents sighted by German media.

Spiegel has reported on National Security Agency (NSA) documents it sighted that claim the spy bureau has working groups aiming to get access to data held on the phones, and that these have succeeded in compromising devices from leading manufacturers.

According to the documents sighted by the German news organisation, there is no mass surveillance of smartphones by US security agencies. Instead, individuals are targeted on a case by case basis, and the surveillance takes place without the smartphone makers' knowledge.

Presently, the NSA is able to access much of the personal data stored on smartphones. This includes a user's contact list, text messages, notes as well as geographic location information, Spiegel reported.

The documents mention a specific example where the NSA was able to hack in to a person's computer by means of an iPhone set up to sync with it.

Blackberry devices and its email service, which until now was thought to be secure, could also be compromised by the NSA and its United Kingdom counterpart, the Government Ccommunications Headquarters (GCHQ).

However, Blackberry spokespeople told Spiegel that there was no "back door" in its platform but would not otherwise comment on alleged government surveillance of telecommunications traffic.

The revelations of smartphone surveillance capabilites come after last week's leaks by former NSA contractor Edward Snowden that showed the agency has made a concerted effort to circumvent and undermine encryption protocols commonly used to secure data traffic.

Internet giants Microsoft and Yahoo expressed deep concern over security agencies' efforts to subvert encryption and authentication protocols, saying they could be abused.

"We are unaware of and do not participate in such an effort, and if it exists, it offers substantial potential for abuse. Yahoo zealously defends our users' privacy and responds to government requests for data only after considering every applicable objection and in accordance with the law," Yahoo said in a statement.

In response to news of the NSA allegedly tampering with security protocols, a Democrat congressman, Rush Holt, has tabled a bill in the US House of Representatives that would ban the agency from introducing backdoors or degrading commonly-used encryption.

The NSA sought in 1994 to introduce the so-called Clipper chip encryption device for use in computers and telecommunications quipment, with the government holding the unscrambling key in escrow.

Civil liberties groups opposed the Clipper chip, which would make it possible for agencies that obtained the decryption key from the government to listen in on communications, and the device was not adopted by manufacturers.

Which protocols are broken?

Meanwhile, cryptographers are trying to understand which, if any protocols, the NSA has managed to compromise.

One of the founders of the Electronic Frontier Foundation, John Gilmore, noted that the NSA took part in and led the Internet Engineering Task Force (IETF) committee developing the Internet Protocol Security (IPsec) standard.

IPsec is a suite of protocols used to authenticate traffic, and also to encrypt data packets for end-to-end security. It is commonly used for virtual private networking (VPN) secure communications applications.

Gilmore said that committee participants with NSA connections would suggest measures that reduced privacy or security for the IPsec standard, and also retained a way for the protocol to specify that no encryption is appled.

The final IPsec standard became "incredibly complicated" Gilmore said, to the point that it was very difficult to analyse and also unusable as a drop-in privacy improvement due to major deployment problems.

NSA employees also lied to the IETF standards committees claiming US export controls banned debating secure cellphone encryption protocols with non-Americans in attendance, according to Gilmore.

Gilmore said current cellphone encryption for voice packets was easily breakable along with that used for the control channel.


---Privacy Scandal: NSA Can Spy on Smart Phone Data---
September 07, 2013 - 06:00 PM
http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html

SPIEGEL has learned from internal NSA documents that the US intelligence agency has the capability of tapping user data from the iPhone, devices using Android as well as BlackBerry, a system previously believed to be highly secure.

The United States' National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. Top secret NSA documents that SPIEGEL has seen explicitly note that the NSA can tap into such information on Apple iPhones, BlackBerry devices and Google's Android mobile operating system.

The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been.

The documents also indicate that the NSA has set up specific working groups to deal with each operating system, with the goal of gaining secret access to the data held on the phones.

In the internal documents, experts boast about successful access to iPhone data in instances where the NSA is able to infiltrate the computer a person uses to sync their iPhone. Mini-programs, so-called "scripts," then enable additional access to at least 38 iPhone features.

The documents suggest the intelligence specialists have also had similar success in hacking into BlackBerrys. A 2009 NSA document states that it can "see and read SMS traffic." It also notes there was a period in 2009 when the NSA was temporarily unable to access BlackBerry devices. After the Canadian company acquired another firm the same year, it changed the way in compresses its data. But in March 2010, the department responsible at Britain's GCHQ intelligence agency declared in a top secret document it had regained access to BlackBerry data and celebrated with the word, "champagne!"

The documents also state that the NSA has succeeded in accessing the BlackBerry mail system, which is known to be very secure. This could mark a huge setback for the company, which has always claimed that its mail system is uncrackable.

In response to questions from SPIEGEL, BlackBerry officials stated, "It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic." The company said it had not programmed a "'back door' pipeline to our platform."

The material viewed by SPIEGEL suggests that the spying on smart phones has not been a mass phenomenon. It has been targeted, in some cases in an individually tailored manner and without the knowledge of the smart phone companies.

0 コメント: