Edward Snowden and collaborator Andrew “bunnie” Huang participated in the MIT Media Lab’s invite-only Forbidden Research conference, with an anti-snooping hardware mod for the iPhone 6. The trouble with drawing lines in the sand is that they’re so easily rubbed out.They’re calling it an “introspection engine,” and it feels a lot like opening Pandora’s box.
He and collaborator Huang have never met in person; Snowden carefully obscures his physical location, but said he hasn’t “seen any indication” that interested parties in the US government know where he is.Snowden participated in the conference from Russia via video connection.
Its wires would snake through the phone’s SIM port in order to attach to test points on the circuit board. The wires would then monitor the iPhone’s radios by monitoring its antennas.The “introspection engine” itself isn’t even at prototype level yet, although the pair have done testing to see whether you can. What Snowden and Huang envision is something like a tiny oscilloscope, in the form of one of those battery-extender cases. It’s a little like Wireshark, in that it would capture network I/O in order to disclose and track it, but it would work for the iPhone’s GPS, Bluetooth, Wi-Fi, and cellular modem.
But the story here isn’t really the hardware. Using an oscilloscope to reverse engineer something is not news. Neither is it about Snowden, or his motives. The story here is what this device is meant to do. Huang casually mentioned a “kill switch” that could turn the phone off automatically if it detected improper I/O, instantly cutting off whatever the phone was doing at the time.
Mods like the introspection engine aren’t meant to counter the everyday security problems we mere mortals encounter — credit card scams, phishing, our global passive dragnet, and the like. Snowden isn’t trying to market this to everyone. A device like this has implications for what a user can do with his phone, sure. But the real use case for this device is watching the watchmen. Who needs this kind of countermeasure? The little guy, the underdog: someone who’s being monitored by hostile entities with deep pockets. A reporter or whistleblower. Maybe someone on the run. But… on the run from whom?
Commercial availability of malware and zero-day vulnerabilities means that, more and more, attackers have the means to make phones do extremely deceptive things. At the same time, more and more, our own justice system seems to be the attacker. Snowden warned in 2014 of the possibility that carefully applied malware could leave a phone still transmitting with its radios, even though the phone appeared to be off. Recent legal developments about the use of stingrays have made it obvious that cell phones are a mouthwatering target when you want to track someone down — so much so that the law goes outside the law to get that all-important metadata. Remember when Glenn Greenwald caught the NSA backdooring Cisco routers for distribution to “hard target networks”? What else are they intercepting, and under what presumably secret authority? Didn’t we make a bunch of Constitutional amendments to address these reservations?
But then what happens when someone who really has done something terrible uses a device like this to evade capture, or to do more harm? At what point does “watching the watchmen” turn into blinding them to what they should be able to see? It’s getting more and more difficult to hold all the conditionals in my head when I think about who has moral authority here, and why. The justice system appears to be equally conflicted. We’re supposed to be innocent until proven guilty, and “not transmitting data from your phone” shouldn’t be a restricted state. But it has to be acknowledged that in the wild, the ability to thwart lawful wiretapping could let the actual bad guys get away. In this way, the courts reflect the real world: stare decisis means that whatever powers you grant your own team, you give also to the other guys, and you can bet they’ll use it against you. Sometimes people on the run are fleeing oppression and violence, and those chasing them deserve to be thwarted. Sometimes, though, those roles get flipped around, and it’s hard for anyone to tell who’s in the right. That fact is what makes this device both smart and dangerous.
The bottom line is that this device is not intended for civilian users in their everyday lives. “Our approach is: state-level adversaries are powerful, assume the phone is compromised,” Huang remarked to Wired. “Let’s look at hardware-related signals that are extremely difficult to fake. We want to give a you-bet-your-life assurance that the phone actually has its radios off when it says it does.”