 Hello and welcome to our next talk. Our speaker is Kevin. He's a security consultant and he will tell us how to prevent our own phones from spying on us. Therefore, a very warm welcome to Kevin and enjoy the talk. Thank you very much for introducing. Yeah, well, it seems to be quite a topic. I'm surprised that so many come here to this little room. I'm happy to see you all as smartphone security. How came we into touch with it? Of course, with the news all the last years, it's really a big issue. What we are doing, my name is Kevin. As already mentioned, we are making tests most of the time in the OT environment and industrial areas. We check security according to different rules and standards. We also make some consulting work for the safety of the industrial espionage. This talk now is about technology. We will see products, but this is not a sales talk. We will discuss the technology that is under the product. So we have to keep this in mind and we just want to share a little bit of the experience we made from, yeah, you will see. Smartphone security, counter surveillance for mobile phones. What do we expect the next 25 minutes? After what we have a little bit question and answer. First, how smartphones are hacked? Not too much in the technical detail. How, but what is possible? And then common techniques to prevent this. We have a lot of spy software for smartphones available around. We just have to Google it and we have a lot of functions possible for everyone today to buy and to have these apps. Of course, if we have to deal with government agencies or really industrial companies who have much more power behind them than just to download an app from the app store, we have much more difficulties as we will see. But the basic function of all smartphone spyware software is this what we can see here, the audio surveillance and is possible to listen to audio calls. That can be a phone call, but also a call via app, WhatsApp, whatever. It's also possible to activate the microphone into the room if the mobile phone is hacked. So you can, if the phone is on the desk in the home office or in the conference room, you can listen what is going on in this room. Additionally, standard technology is position tracking. You can have access to all the pictures stored on the smartphone. You can read all the text messages, even if it's from some instant messages. You have access to the social media activity, what happened. And what is also critical in sophisticated programs, you can also place files on the victim's smartphone in order to change proof, for example. So everything of this is possible, but today we just concentrate on this one function, the live audio surveillance and the audio recording because we discussed today what practical possibilities exist to prevent smartphones being used as bugs. One function we see in this spyware is also the fake switch off mode because 10 years or 20 years ago we could say, okay, we take out the battery of the smartphone and it's safe. Today it's not possible to take out the battery and even if we switched off the smartphone but it is compromised, then we think it is switched off, but it's in fact not. So this is not really a solution. What have we seen in the last couple of months going on with hacked smartphones? Yeah, many things were in the news. For example, Emmanuel Macron, his smartphone was spied on with a well-known software that we will read many times now. In Spain, this is from last week. It's a big trouble going on because many people from the parliament, from the government were spied off the smartphones were hacked. Big goals are also many journalists. And this is also from last year. And this is an interesting, how to say, goal for companies or for countries to spy on journalists to get the information where they have their sources from with whom do they communicate and what information do they really have. So this is something we regularly see and a big part, person of interest, so to speak, are human rights activists. And on many smartphones from people working for human rights, we see spyware. One thing we have to know, it is impossible to completely secure a smartphone or a smart device from the software side. A smartphone is about the smart we can discuss, but it's a computer. And every computer you can have, somehow you can get root access. And if you have root access, you have access to the microphone. And even now in the new software versions, you see, for example, if the microphone is accessed to, you have a small yellow spot in the corner of the display. But I would not trust too much to it because if you have access to the computer, you cannot also manipulate this. And by the way, by accessing the microphone, it's not important what kind of software you use to communicate. If you have a completely encrypted voice call via signal or something, it's okay. No one can wiretap it on the line. But if you have access to the microphone of the device, you have it in clear text, so to speak. So we know it's impossible to make a secure smartphone. It was not possible 20 years ago, not 10 years ago. We are not optimistic enough to say in five years it will be possible. And this headline here was interesting. Also Apple realized it, and what they do is they hardware from the hardware side switch off or disconnect the microphone because they don't trust that even in their programming, someone else could maybe access the microphone. So systems will always be hacked somehow. And it was already a very interesting talk about, for example, this Pegasus hardware came to the iPhone, how the different generations of this software used the exploits to come to the iPhone. It's very, very interesting to read it, but 20 minutes are definitely not enough to speak about this. Some weeks ago, we had from the German radio station, TV station, Bayer Schoenfunk test, they were programming an Android app. So it was not by a secret service, it was just computer geeks programming Android app to access the microphone, and it worked, so just like this. So this is nice to have this kind of TV shows to strengthen a little bit the awareness for the people what is possible with the little device we have in our pocket. To summarize who is affected, potentially everyone, it could be from the stocking, the expo's who is spying on someone who is downloading an app and tracking and listening to the room. It's economic espionage is a big, big, big number of dollars or euros that are lost there, of course, of a Wirtschaftspionage. Journalists are spied on human right activists and politicians, of course. Platform is completely independent. Android, iOS, other things, since smartphones exist it was possible to do and it will also be the thing in the future. How can a phone be used as an audio bug? So we said we don't concentrate on reading messages or reading the emails because this is always possible. But how is it possible to access the audio from a phone and buy this, the audio of the room? So online it's possible to have the live transmitting of audio and video. So the attacker is making a connection to the smartphone and is live listening what is going on in the room. This is for cheap apps possible or easily compromised smartphones. Other things are also possible. A recording of audio and video without that you know it or acoustic triggered recording of audio or time-based recording of audio if I know 10 o'clock is the conference so I make a timer that it's recording the audio. And this attacks have the, for the attacker the advantage that there's no online connection necessary. So basically the smartphone can be in flight mode or it can be completely shielded. It could be completely cut off of the network and it will still work. What's also possible listening to key words and transmitting the audio or trigger with key words a speech-to-text engine. And we have many things that are not proven but many things that are going in this direction that this is also actively used because if you have a phone that is listening to the room which is quite normal right now with artificial intelligence of realizing if a glass is breaking or the fire alarm is going on or whatever so it's listening to the room. It is triggered by key words and is making the text into a text file encrypted and sending away the text three hours later via the Wi-Fi this little packet of text is going away it's practically impossible to detect. So to find this on the fly is practically impossible and all of these attacks are possible while the smartphone is offline. So even if I have it shielded completely. So we see big enemy so to speak what are possibilities to fight against this. So basically there are three attempts to make it software solutions then a hardware solution based on shielding the electromagnetic field and a hardware solution based on shielding the audio. So these are the main areas where many companies go to make their products around it. So for the software we have to say I have to switch now a little bit of the chip better. Okay, hey cool it's still in there. Because for some things I was a little bit afraid to download the pictures so I just make kind of live googling. So if we look for anti-spy app we find a lot and these apps basically mean not necessarily something because they can of course some of them can really detect things that happened but if the smartphone is already compromised the smartphone can also switch off this kind of apps and the other thing is sophisticated spyware like for example Pegasus they detect this kind of tracers and they can on one side eliminate them and eliminate themselves so they don't leave almost any trace on the smartphone after detected. That was the wrong thing. I wanted to make here. For us it's kind of an open source tool to detect if Pegasus is installed is here from the MBT the lower link. By this it's possible to detect if the smartphone was compromised already. To make it short the software solutions the apps we can download for prevention it's not really good. For detection it works somehow. What we also have is the hardware solution and there if we find things in the internet like for example these tracking sleeves they make advertising with it anti-electromagnetic field and you put the smartphone in kind of a sock or whatever it is and they say ok it's shielded from the network so it has no connection to wifi to bluetooth to mobile phone network and by this it is secure you cannot listen to the room. They are actually as good as they look if you try it they are pretty cheap about 9 euro you can buy them I don't want to make advertising for some of the sellers here but they are very funny companies existing but basically you can ring your own smartphone when it's inside the sleeve. So for that it has for sure GSM connection or 4G connection or whatever so it's not completely shielding and the other challenge with this is even if they would shield completely they would not filter the audio so you could still make kind of offline attacks with it. What other possibilities do we have? So this we saw already yeah it does not a shield audio and bluetooth and GSM does work then we have some interesting hardware shielding cases they look like this and here we go a little bit deeper so this is live on the internet and for example if you take this it should be the same like this we see do we have a better picture here this is actually the same kind of thing I just use this one here we see a big case inside the case is another case of stainless steel with very good electromagnetic shielding qualities and these shielding cases are really tested also in an EMC laboratory and they work surprisingly good so if you have a phone inside this device nothing is coming out and nothing is coming in from the radio frequency so no bluetooth connection no GSM connection and nothing these suitcases are usually used if you have a conference in a big company DAX 30 or DAX 40 and so everyone has to give his phone to the men on the desk and they are put into this case and you can be sure no one is transmitting audio from inside the room outside they work the challenge with this is no audio shielding so if this case is in the same room with the people who are talking it's still possible that audio is going to the phone and record the audio from the room to transmit it later so this is not a practical solution in many cases of course it's heavy you don't want to have it when you are going and the last thing is many people have a problem to give away their phone so if you sometimes we don't have a chance if you go to another embassy or whatever we give away the phone but if you are in a conference and you have to give away your phone especially in the security environment it's not the best thing many people are happy with but however this is very common a solution that many companies do and the next thing I wanted to show you is a audio solution here it's called PELTA and this I have live here and I wanted to use this chance to introduce you what these people made it's kind of an audio jamming box no, perhaps to no and this is designed to put the smart phones inside and for two smart phones to put inside and there exists an audio jamming inside the box the thing is the audio jamming is not put it here you cannot hear other solutions are also on the market where you hear the audio in the room but even this supersonic digital audio jamming noises have a physiologic affecting our body in a way so this is a little bit difficult and the people who made this product they made kind of a digital audio signal that is killing the AD WANLA the analog digital WANLA oh, my brain is going off from the smart phones and even these highly sophisticated microphone arrays of modern smart phones with seven MEMS microphones it's possible to kill so to speak so in practical things the smart phone is inside the box it's not shielded against radio frequency so you can still hear it if it's ringing but the smart phone itself does not hear any noise from outside and if you like later we can try it outside and this is why I have it here because if you find things that do not work it would be funny to find it out because we tried it with many networks and with many microphones and it was really so that the audio was completely shut down depending on the network provider if it's a telecom for example or someone else we had even the effect that the noise was interpreted from the provider as a noise so it was cut off completely so the other one heard nothing and on the other provider the other one heard just the digital noise so it's an interesting solution for that we would be interested if this kind of hardware or solution as kind of technology would work to strengthen the security of vulnerable people in this regard because it would be a technology that is affordable for people that is possible to keep on the home office to keep in a conference without giving away the mobile phone and that gives not only psychological security but real security because it's literally not possible to listen into the room no matter if it's an offline or online attack it's not possible to prevent smartphones from being hacked it was not in the past, it's not possible right now and it will not be in the future and I hope that by searching and making research into this direction we find some possibilities to make this a little bit more safe for the future this was the information about the technologies what do you think what are your questions in this regard first a big round of applause and then we have a small Q&A and the first question is already here so I will give it to you on the microphone do you need power to use the device or is it still just passive so for this device specifically this needs power it has a TZ-Holstecker so there's no intelligence inside nothing that can be hacked so no USB something but it needs power it needs 18 volts something like this any more questions so do you think this problem could be also solved with a hardware switch built in in the phone that switches off the microphone in hardware this is what some do not only for phones so Apple made it with the iPad and other manufacturer of for example smart displays for the wall for example anti-spy version of the display and it's nothing with the software it's just that no microphone is inside because even they cannot trust that if a microphone is built inside the device no one can access it so yeah it is a solution if you can really switch it off with smartphones it's another challenge because you don't have only one microphone inside you have many you have an array a lot of Apple is very sophisticated in the noise cancelling in this regard so they have really the little phase shift digital analyzes inside it's crazy what they are doing so just to switch it off in a smartphone is a challenge but if it's possible it will work yeah by the way for the technology it's very interesting if you want to go deeper in how our Devanla could be bricked or how smartphones microphones work and how they are what they are able to do most of the microphones used and smartphones are MEMS microphones this if you google it you find the technology but interestingly not a lot of manufacturers of these MEMS microphones exist on this world so you can count them on two hands so that means that all smartphone manufacturers use more or less the same microphones and if you download the data sheet of the MEMS microphone you see surprising technical specifications for example it's possible to listen to blah blah blah in a radius of seven meters so they are really highly sophisticated hardware yeah it was more than the answer to the question but yeah okay any more question yes in the back there okay people said that if the smartphone is in flight mode it collects even more data with regard to the motion and other things or even audio triggers do you recommend to switch off or switch to flight mode when you put it into this device or not can you confirm that this is true that in flight mode there is more data collected so this was meant in the connection if the smartphone is compromised and is on flight mode it's still possible to record the audio in the room and for that of course the biggest problem is that it is compromised the smartphone you can have different approaches in preventing the room of getting wiretaps so for example if you're at home it makes no sense if you're working in a home office or the Deutsche Bundestag it makes no sense to put it in flight mode because you have to be reachable but you could put it in the box and if someone rings you you still hear it because you hear audio from the box but the smartphone cannot hear what is going around if you're in a conference and you have the device on your desk so this specific device then it makes also sense to have it not in flight mode because you can see if someone is calling but no one can listen however depending on the security level it's usual today that not only for conferences the smartphones are collected and shielded but also the complete room is scanned and monitored and for that it makes again sense to have it in flight mode because we have to know the people have to know what phone or what radio peak is legitimate and what not so it depends on the security on the risk management behind but both can be reasonable thank you any more questions yes again is there something that makes phones more easy to compromise than laptops for example depends how much money have your enemies basically computer is a computer it's a very good question but I don't want to answer it from a technical I want to answer it from a philosophical way because we know for example for phones exists Pegasus and we know the danger and we know the kind of spyware and we know that Google and Apple they are always trying to prevent the zero days and to be very good in the latest updates there is always a possibility to jailbreak it basically the same that spyware is doing but this is what we know actually I would not be so much afraid of what we know I would be more afraid of what we do not know and this affects also the computers so yes and no okay anyone okay it doesn't look like it then another big round of applause for Kevin