The most incredible revelation has just appeared on the BBC News web site. Apparently Edward Snowdon has revealed in a Panorama interview that smartphones can be taken over by sending them an SMS.
“The former intelligence contractor told the BBC’s Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners’ knowledge.” it begins. It continues with “Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.”
That’s pretty specific, and as I said, incredible. For anyone with a shaky knowledge for the English language, “incredible” means difficult or impossible to believe. If it were true, then one of the following must also be true:
- All the handset makers in the world would have to pre-install a wedge to intercept SMS traffic before the OS got to the hardware.
- Apple would have to be in on it; and there would have to be something hidden in the publicly available Android source code that no one had noticed.
- All the hardware used in smartphones would have the ability to intercept SMS and implement a hypervisor to manipulate the OS in way I can’t even comprehend (and with the chip maker’s collusion.
None of the above strikes me as very likely, so if there is any truth in it, what could it be?
The obvious answer is that GCHQ and the NSA have some dodgy Apps which, if you install them and give them permission, could do things on receipt of a SMS. Not such a big deal – criminals are doing this and I’d be surprised if governments weren’t in on that game too. He could also be referring to known exploits in some phone OSs that could be used to compromise its security. But the BBC quote is clear that this is something “new”, and applies to all, or at least the majority of smartphones. It does not say “some handsets”; the implication is clearly that all handsets can be pwned by the spooks whenever they want. I’ve kept the text of the original article, as I suspect they’ll be needing to change it!
It could also be that Mr Snowden is being grossly mis-represented in a case of sloppy journalism, or in a deliberate attempt to hype the forthcoming Panorama program. The term “encrypted text message” rings an alarm bell here; no one who knew anything about the subject would have used the word “encrypted” to refer to a specially crafted or encoded message.
Or it could be that the publicity-seeking Mr Snowdon has sold some credulous hacks a fairy story and they’ve lapped it up.
Having now seen the Panorama documentary being hyped, there was nothing new. I got the feeling that Edward Snowdon was edited to make it appear that he was saying something new and sensational, although he never said the things would implied by the BBC. The limit was basically the “news” that security agencies had a programme to make use of vulnerabilities in handsets. As I’ve said before, it appears that our intelligence agencies have been involved in spying; shock, horror.
The remainder of the documentary was very lightweight. The obligatory pony-tailed conspiracy theorist was dug out to claim that the security services were doing the impossible; establishment figures said Snowdon was a traitor who made intelligence gathering more difficult.
As per usual, no one at the BBC thought to question whether the claimed capabilities were technically feasible. That’s what happens when you only hire arts graduates to the news department. Anyway, facts would have spoiled the story.