posted on Apr, 18 2014 @ 04:42 PM
I am posting this to give people an idea of the dangers of Smartphones, especially non-rooted Smartphones. I think it needs to be reiterated and
kept in the collective mind. The following applies to both the personal and corporate use of Smartphones. The impact can be devastating when you have
been hacked. I wrote responses for an ATS user (modified and added to a bit now), since they asked good and important questions. I use myself as the
"target" in the example as I work in a field where Intellectual Property theft is rampant.
A Scenario
(example of a potential situation in regards to industrial espionage)
Company A has heard I have technology they want (since I own a research company) and they don't know exactly where I am because I have everything
tied to another address (I prefer a certain amount of anonymity), but they have my contact phone number that goes to a Smartphone. Imagine that I am
not rooted and they have hired a hacker to get into my phone to get as much info as they can. (BTW, I have two Smartphones, one is personal (public
and non-rooted) and has things I don't care about, and the other (private and rooted) has technical information). For the purposes of this exercise,
we will consider that I use the public non-rooted phone containing ALL the sensitive information.
I have an ongoing relationship with Company B and they want to buy or license my technology. Company B asks me to take pictures of my technology and
send it to them with information concerning operation of the technology in preparation for a meeting and sale. This could be any product or technology
in actual fact or even sales leads information. So I take pictures of the technology on my phone and I put some text information on the phone for a
presentation along with some personal notes that delve deep into the technology from my main computers, just in case I forget something.
Company B and I have our meeting scheduled. Prior to, or going to the meeting, Company A hacks my phone, makes copies of all the pictures and all the
data/patents pending, and know by my GPS tracking information where I am and when I will get to the meeting. They also know from the EXIF data that
the pictures were taken where the technology resides, probably at my house, so they know the exact location of the technology and all the information
pertaining to the Intellectual Property. In the corporate environment of a large building, GPS information could be resolved down to a room containing
the target information or technology.
Even though my house has an alarm system, the lines are cut and a jammer used to disable the wireless system so that a couple of thieves can come in
while I am at the meeting, grab the technology and all of my research data, without any fear of me showing up. Because they know where my phone is
through GPS tracking and that I have the phone with me. They confirm my location easily, because during the meeting, Company A turns on the mic and
camera on my phone and records the entire meeting, to insure they have even possibly more data on the technology, who I am meeting with in Company B
and what the technology is worth to Company B. (You can apply this to sales leads and your competitors undercutting your sales and business interests
as well.)
By the end of the day, when I am on my way home, Company A has physically stolen the technology, all the research data and the patents, and they have
even wiped all the data and pictures from my phone. I have nothing left, no device, no pictures, written notes or research data to prove anything to
Company B except a filed patent pending. Now imagine this with trade secrets and formulas, nothing is left. This has not happened to me, but it can
happen to anyone.
Non-rooted Smartphone technology is a tool for criminals.
Now if it is the NSA, CSIS or some other government organization, they can track you anytime. When I went down to San Antonio, Texas for a DHS related
project, they tracked me from the time I left the house (Ontario, Canada) to the time I got back. In fact, they even G7'd me (gave me a special kind
of diplomatic/military immunity) which allowed me to pass right through security checkpoints. Everyone knew me by name, captains, FE's, stewardesses
and customs officials, without me showing any ID, which I'll tell you was pretty creepy.
That's the power of tracking and hacking on Smartphones in a government and corporate environment ;-) Now apply it to yourself at a personal level
with account names, email address, passwords, SSN/SIN, credit card numbers, bank account information, etc. and see what you think about that.
Some Technical Information on Rooting and Usage
Yes, the phone company frowns on ROOTING because it prevents them gaining income from contracted advertisers and government/corporate trackers, and
yes, they state it will void your warranty. However, rooting your phone is like taking almost complete control of the device (sans firmware
manipulation), it gives you the ability to put a firewall on your Smartphone, just like a firewall on a personal computer. With Rooting you become the
administrator of the OS (operating system). Once a good firewall is in place, no application or advertiser can use your data streams, your phone
number or your personal data for anything that you do not specifically allow the application or advertiser to do, which can include turning on
microphones and cameras.
Being non-rooted on a Smartphone is like having a normal computer that has open access to the internet 24/7/365 and any program within the computer
can contact advertisers, developers or government/police whenever the program in the computer decides to, you have no control. Adding a firewall to
the computer (Smartphone) allows you to block programs and prevent them from communicating. Blocking them decreases data usage and increase personal
privacy.
Imagine that your non-rooted Smartphone is like a server, it accepts all incoming requests and sends out information on demand and/or by third party
(not you) advertising, tracking, program scheduling or use.
That being said, with rooting and fire-walling you would experience data usage drops anywhere from 10% to 90% depending on how much you use your phone
and what you use it for, because the advertising and application transmissions are not allowed to communicate, with a properly set up firewall, with
their pre-programmed locations on the internet or other phone networks, therefore their data usage is negated.
Would you run your home computer this way, with no firewall? Allowing anyone and everyone (government and hackers) access to all the data on your home
computer? All your passwords, user names, account numbers, bank information, personal information, your physical location, etc.? If you are
non-rooted, it doesn't matter if it is the NSA, CSIS or a hacker, you are an open book that can be tracked and targeted anytime, day or night.
I don't mean to scare anyone, I'm just telling you the truth.
If you root your phone yourself, make sure you know what you are doing because if you screw it up, you could "brick" the phone and turn it into a
paperweight. If you get your phone rooted by a third party, make sure they are reputable with guarantees. This is very important because the third
party doing the rooting could inject their own mallware/applications into the phone which will leave you even more open to hacking.
Cheers - Dave