The FBI can spy on your smartphone's microphone & listen to nearby conversations
The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.
The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.
Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.
The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.
Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.
The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone."
An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."
Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone."
Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened.
This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters.
In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.
So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output.
Like Ardito's lawyers, Scarfo's defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible.
This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work.
The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance."
Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators.
There is "no law that would allow me as a private investigator to use that type of technique," he said. "That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations."
http://news.cnet.com/2100-1029-6140191.html
A popular police wiretapping tool 'Nice Recording eXpress' includes backdoor with hardcoded password
Software used by law enforcement organizations to intercept the communications of suspected criminals contains a litany of critical weaknesses, including an undocumented backdoor secured with a hardcoded password, security researchers said today.
In a scathing advisory published Wednesday, researchers recommended people stop using the Nice Recording eXpress voice-recording package. It is one of several software offerings provided by Ra’anana, Israel-based Nice Systems, a company that markets itself as providing "mission-critical lawful interception solutions to support the fight against organized crime, drug trafficking and terrorist activities." The advisory warned that critical weaknesses in the software expose users to attacks that compromise investigations and the security of the agency networks.
"Attackers are able to completely compromise the voice recording/surveillance solution as they can gain access to the system and database level and listen to recorded calls without prior authentication," the researchers from security consultancy SEC Consult wrote. "Furthermore, attackers would be able to use the voice recording server as a jumphost for further attacks of the internal voice VLAN [virtual local area network], depending on the network setup."
The researchers verified that the vulnerabilities exist in version 6.3.5. They went on to say that partial fixes for some of the flaws have been released. Still, they advised customers not use the product "until a thorough security review has been performed by security professionals and all identified issues have been resolved."
The most serious of the weaknesses is a root backdoor account that contains poorly secured login credentials that can't easily be changed.
"The MySQL database table 'user' contains a 'root' user with USRKEY/ user id 1 with administrative access rights," the SEC Consult researchers wrote. "This user account does NOT show up within the 'user administration' menu when logged in as administrator user account in the web interface. Hence the password can't be changed there. As a side note: Password hashes are shown in the user administration menu for each user within HTML source code."
Additional vulnerabilities include:
unauthenticated access to sensitive files and voice recordings
low-privileged user access to other users' sensitive data
unauthenticated access which allows attackers to delete or modify data
multiple cross-site scripting flaws which allow attackers to obtain or impersonate other users' sessions
multiple SQL injection flaws which allow attackers to access records