Speaking on a program on BBC, Edward Snowden the well known security specialist who brought to open the US spying on Internet across the globe has highlighted the risk of Smart Phone hacking through a simple SMS message. He says that UK intelligence agency has a suite of products identified as “Smurf suite” which has different tools that can enable switching on a phone and listening in without the knowledge of the user.
It is interesting to note that Mr Snowden has expressed a view that iPhone has a special software that can activate itself without the owner having to press a button and gathering information and hence he prefers not to use an iPhone.
The issues that Snowden has brought to light is a result of inherent technical issues in the mobile system according to experts and cannot be easily secured except by the use of proper encryption when the instrument is used. The “Laws on Encryption” therefore become important.
According to technologists smart phones work on two sets of software one being the “Baseband Computer” which controls the radio communication and the other the smart phone computer. The Baseband computer follows the communication standards by the network such as GSM and are amenable for hacking. (See the technical explanation here).
While for many snooping by Government agencies is not a real concern, the possibility that the malicious code used for snooping can leak out of the security agencies or can be developed in the underworld separately (If not already done) and hence it can be misused by fraudsters. Here in lies the risk of using Smartphones particularly for critical financial uses such as banking.
The revelation throws up an important question on the right of people to use “Encryption”. Recently India tried to formulate an encryption policy which envisaged that text messages in unencrypted form should be stored by the user for at least 90 days and shared on demand with the security agencies. However, the revelations which indicate a “Security Risk” in not encrypting changes the logic for the use of encryption. In fact it appears that mobile users can exercise a “right of self defense” to secure their instrument and communications must be recognized.