So, you think your handset is "Off" when you switch it off? Think again. It could be lying doggo and waiting to bite you in the bum as you pass through airport security
Even as the news breaks that the latest aviation security rules imposed by the US will require passengers travelling to America direct from the UK, other European and Middle East and African airports to turn on their mobile handsets, tablets and laptop computers at security to prove A) that they function and B) that they are fully charged, (or be divested of "powerless devices" and then being forced undergo "additional screening"), it seems that the devices may be 'on' all the time anyway - even if users believe they have switched them off.
Apple iPhones and Samsung Galaxy smartphones are top of the list of devices to be subject to "particular attention during during security checks" after reports in the global media that al-Qaida "scientists" in Syria and the Yemen (and what a perversion of a profession that particular appellation is) have developed bombs that can be placed in mobile devices and be taken on board aircraft without being detected. Soon it will take as long to check-in as it will to fly to the US East Coast. Time to bring back the transAtlantic ocean liners?
Given the new strictures it seems timely to mention a new report, published today on SCMagazineUK.com reminding readers that, as smartphones and other mobile devices are embedded with more than one operating system, a piece of kit may appear to be switched "off" when, in fact, it is still well and truly "on".
Not dead, just sleeping
Furthermore there have long been rumours to the effect that various US (and by extension UK - and probably other) national security bodies and agencies have the capability to download to iOS and Android OS-powered handset or other mobile device a piece of malware code that stops the on/off switch from working as it should by turning-off the screen and making the device seem to be totally "off" when, in fact it is in "sleep" mode and thus able to be monitored, taken-over and managed by the likes of the NSA', all without the user being aware of it.
Back at the GSMA's Mobile World Congress 2012 in Barcelona, Rik Ferguson of the security software company Trend Micro, caused something of a stir when he demonstrated that it was entirely possible to transform a mobile handset using the Android OS into a remote audio and video spying tool via the covert downloading of malware.
Delegates and visitors were amazed and aghast and you can be certain that various companies, organisations and agencies have since continued to research and develop the capability to hijack handsets and for the past 18 months and more lots of stories have been circulating in the technical media about just how easy it would be for a powerful body to eavesdrop on unsuspecting device owners and users.
This scuttlebutt has been to some extent validated as a technical possibility by a discussion thread on the SecurityStackExchange forum. As the industry moves into an era multi-core devices, some smartphones are periodically awoken from a state of hibernation (to all intents and purposes "offness" as far as the user is concerned) to receive updates and instructions from remote command-and-control servers. It is far from being beyond the wit of man, or operatives of the NSA etc. to gain access to those communications and use them for their own purposes.
Al-Quaida's terrorist twist to the BYOD trend
In the past, most companies provided, retained ownership of and control over the devices supplied to employees. That made security comparatively easy for the company made it comparatively difficult for hackers to compromise such devices and networks.
But that was then… Now BYOD (bring your own device to work and for work) is becoming increasingly popular. It saves companies money and staff like it because they can carry their own personal stuff around with them (and use it as and when) as well as work and work-based and related apps and services. However, with that flexibility comes loss of central control.
As Keith Bird of Check Point says, the trend "highlights the advancing sophistication that those behind stealthy malware are developing. A recent Check Point survey of 800 IT professionals found that 63 percent of organisations that allowed personally-owned mobile devices to connect to their corporate networks did not manage corporate information on those devices".
He adds, "It goes to show once again how important multiple layers of protection are across all Internet connected devices to protect a company network and illustrates the critical role that sharing the threat intelligence can be in helping organisations keep up to speed with new attacks so they can adequately defend themselves against malware".
Obviously cyber-criminals will be working to exploit the BYOD and other network and specific device security loopholes now evident in some smartphones and other mobile devices. Huge amounts of corporate and personal data will be com promised if users believe their devices have been switched off but in reality are no more than lying doggo awaiting their illegitimate master's voice to activate them into hijack mode.
Changing circumstances will require much more attention to be paid to security and security reviews, device configuration and the training of users if companies are to be protected from insidious malware.
It's better by boat
Meanwhile, back at Heathrow Airport, passengers are being told that mobile devices must be fully charged and be capable of proving to the satisfaction of security checkers that they are so.
However. given that most smartphones now come with two or more microprocessors installed and running together, but separately, it is quite feasible that a user may believe that the entire device is off one processor is still running, hidden and chuntering away in the background downloading and accessing who knows what - whilst draining through battery power whilst it does so.
Passenger: "I assure you that I topped-up the battery before I left home two hours ago, and the phone has been off the entire time. Now the battery power is half-used. What's going on?
Goon: "We'll be keeping your iPhone, and your Galaxy sir. Oh yes, and your Kindle and the iPad, and your camera whilst we're at it. You'll may or may not be able to buy them back on the web in due course. Meanwhile, you're not travelling anywhere. Please accompany me to that little windowless and very hot room over there, take all your clothes off and bend over. With any luck you'll be home in a few days."
Email Newsletters
Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.
Subscribe