Ever since Edward Snowden went into hiding after leaking details of the NSA's global surveillance apparatus in 2013, he has gone without a smartphone—for fear that he could be tracked and even executed. For Snowden, that's not a problem that's likely to go away anytime soon. Now, the famous crypto expert is looking to stop others from being snooped on through their smartphones: specifically, journalists.
With the help of renowned hardware hacker Andrew "Bunnie" Huang, the two have designed a device called the Introspection Engine: a new kind of smartphone case that will let reporters know when their smartphones are under surveillance.
As first reported by Wired, the kind of surveillance Snowden and Huang are worried about isn't just some G-man snooping in on a reporter's phone calls. It's the potentially fatal kind of surveillance: the kind where a foreign government uses a reporter's phone as a tracking device for a cruise missile or a kill squad. It's simply too easy for a government to compromise your smartphone with malware remotely, then hijack the device's radios to shine a big metaphorical beacon in the sky, saying "come and get me" to anyone listening.
If the state wants to track you based on your smartphone, it might seem like a smarter move to go—like Snowden—without one. But for journalists who require their phones to stay in touch with their editors and sources, as well as take photos, that's not necessarily an option. Nor is putting your smartphone into Airplane Mode—which isn't effective anyway, because malware can spoof your smartphone's radios being off, even as they're secretly working. As for popping your smartphone into a radio-blanking Faraday bag? Well, that's only good so long as you don't need to use it for work. "Journalists need to take pictures in the field; they need to have their phones on," explains Huang.
Enter the Introspection Engine, half-case and half-internal modification for an iPhone 6. To install it, Huang and Snowden imagine that you would first either modify—or more likely, pay an expert to modify—your smartphone by directly tapping into its radios through the iPhone's SIM card slot. This direct feed of the radio signals would then become accessible via a flexible circuit board added by the mod, which would snake out from the SIM slot and connect to the Introspection Engine battery case. The case gives the phone extended battery life, but more importantly, it contains an oscilloscope—a device for observing signal voltages—that directly detects when the device's radios are transmitting. If your Introspection Engine case starts buzzing when your phone is off, or when you're in AirPlane mode, guess what? You've been compromised.
In a sense, this is all theoretical. You can't buy an Introspection Engine at this point, nor have Huang and Snowden even created a prototype. Yet Huang says he's confident this will work, based upon the fact that oscilloscopes can accurately detect transmissions from any smartphone radio.
Instead, the two are releasing a paper about their idea now to get the crypto community's feedback on the Introspection Engine's design before they prototype it. After that, they will release an open-source reference design, and eventually hope to figure out a way to sell modified smartphones and Introspection Engines to anyone who wants one. And since bringing in third parties are vectors for further compromise, the two have designed the Introspection Engine to make sure that it can be verified as working correctly by individuals with limited technical strength, either by following an online tutorial or by simply switching the device out of Airplane Mode with the Introspection Engine on, and seeing if it sends an alert.
What isn't theoretical is that journalists are being killed by governments, on purpose, using the very techniques the duo are trying to thwart. "Frontline journalists are state-level adversaries," says Huang, referencing the death of Marie Colvin, an American journalist who may have been murdered in a targeted bombing by the Syrian government by hacking her smartphone. Nor is she the only one, believe Snowden and Huang. Because they risk their lives reporting from conflicted regions, and because they give voice to the voiceless, journalists are frequently targeted by regimes who want them silenced. For these sorts of governments, it's well worth the million or so dollars it costs to purchase a zero-day exploit (or an exploit that is still unknown and un-patched by device makers) from the black market, and figure out a way to have it remotely installed on journalists' phones—so the next time those reporters come through their neck of the woods, they know it.
Plus, designing for journalists in mind has another practical benefit, argues Huang. "The challenge of designing any security system is understanding the threat model, and who the target is. A lot of systems go off the rails because the scope keeps creeping up," Huang says. In the case of journalists, "we have a really clear idea of who we're trying to help, and who we're up against."
They envision a day in which newsrooms help protect their reporters by distributing Introspection Engine-ready smartphones to all their staff, before they hit the field—although obviously, the real dream would be a future in which they didn't have to.