To be honest, in ordinary life, the user is more useful to think not about whether his smartphone of the NSA, and what metadata is funneling through is made on the same smartphone photos. What iOS, what Android, for example, the default tag images with GPS coordinates. Understandably, after such confessions paranoia in the press broke out with renewed force, but more importantly, to the issue joined experts, issued a list of the interesting and in General calming ideas. In short — to worry the average owner of a mobile phone about, and if you still worried, there’s an easy way to avoid surveillance. But let’s order.
For techies “off” means “de-energized”. To allow the mobile phone in such a condition, you must remove the battery — the result to use it as a listening device it becomes impossible: among the sane public in this account of doubt, no one. All of the risks people with really disconnected phone is to become a victim of impractical complex methods of radio direction-finding. Remember how are > antivorovskie chips, strengthened on the goods in retail trade: a private power cell in these chips no, they “honk” due to the energy induced by the stationary scanner in a miniature antenna. Much the same way, and the antenna part of the mobile phone can be made to “respond”, showering her radio signal with a frequency of tens of megahertz.
Of course, electronics phone will not turn on, so learn, for example, the IMEI or use the microphone in a similar way possible. But knowing the characteristic features of a specific instance or model of phone, you can determine that it is in a radius of several meters (and the direction finder can be installed, for example, in the car driving around the area). At least in laboratories this method works, and therefore it cannot be excluded that they enjoy the special services.
The task is easier if you look at the problem through the eyes of the layman, that is, to assume that “off” is understood as “in standby”. In this case, the power source of the phone, the operating system and applications work — and, hence, there are several easy ways to access them. It is easier to identify the location of a phone according to the signals of nearby cell stations. If to modify the phone — for example, to implant in him an additional chip or application (in the latter case, you can do without direct access to the machine) — you can use it for eavesdropping, covert photography and other similar actions.
A common problem with these methods is the high cost. You can apply them (and there are some data suggests that it was used) to monitor individuals, but the mass exploitation seems to be unprofitable. However, the search for explanations reveals another — and most interesting — option. It is associated with a component, known as the baseband processor (BBP).
In Russian language this term translated established, but little that explains the “baseband processor”, and a standardized Russian version, apparently not at all. For simplicity, we call him radioprotection that at least will facilitate understanding. The idea in General terms the following: in parallel with the CPU and GPU, RAM and other hardware obvisly available and used by the host operating system (iOS, Android, etc.), digital mobile devices, there is always a tiny, invisible to the user, a separate microcomputer (let’s call him picoamperes) responsible for the network part. The basis of it — the same radioprotector, which has its own memory, and even its own operating system, typically real-time. For example, most iOS and Android devices, this operating system Nucleus RTOS and ThreadX.
Baseband-OS takes a few kilobytes (“piquadro”) and for their size works wonders: cryptography, file system, and even window graphics, if necessary. But in the vast majority of cases we, of course, the baseband components do not see: they work silently, independently, taking on the task of direct communication with mobile stations.
Radioprotector and obiska — topic so interesting, how much and little known even to make a memory dump here is not a trivial task, to say nothing about the code analysis and modification. The same Nucleus RTOS runs on almost three billion devices (simple cell phones, smartphones, USB fobs, etc.), but how many times have you heard of her? Only a rare coincidence sometimes gives the user a hint, that smartphone, probably, is much more complex than it seems: for example, if during a phone call primary OS hangs, the call somehow is not interrupted. In addition, software for radioprotector have to change to “unlock” the cell, cut the binding to a specific operator.
With the outside world baseband processor communicates through several low-level audio interfaces such as I2S, SPI network, and the ancient language AT commands (probably a commemorative for those of you who have dealt with modems). However, information on this topic is extremely scarce — and it would be great if the experts among the readers will clarify and add details. In the context of today’s topic are two important fact. Firstly, baseband-computer lives its own life, which is the owner of the phone might not suspect (for example, he is able to periodically Wake up and communicate with the mobile station without its activity). Second, radioprogramma can be changed — at least with the phone, but can be remotely (no one but the manufacturers usually do not know all the intricacies of the baseband software running on a specific device).
Thus, in the face of BBP security services have perhaps the most powerful spy tools; to assess its potential to the wider public yet. The good news is that this spy becomes helpless, if you take out the battery from the phone. In the case of the iPhone about it, of course, not a speech. For other models – only option. It will not save you from costly attacks, but they are unlikely to be applied against you: NSA passed this data to other secret services, so they brought the drones.