Wiretapping with Mobile Phones

The Guardian Unlimited has a special report on the privacy (or rather, the anti-privacy) features of mobile phones in Europe. As technical experts have long known, these little buggers have the ability to pervasively monitor their users as they walk around, reporting location and calls.

Recently I spoke at the Department of Homeland Security’s Privacy Advisory Committee. During that talk, I said that one of the things we would be able to do in the future is to remotely turn on the microphone of mobile phones to wiretap rooms without people’s knowledge.

Well, wouldn’t you know — the cell phone industry (at least in Europe) is ahead of me. According to the report in The Guardian:

According to a report in the Financial Times, the operators (under instructions from the authorities) can remotely install software onto a handset to activate the microphone even when the user is not making a call.

I’m sorry that I don’t have the original reference to the Financial Times article. However, a few moment’s reflection will reveal to any sophisticated technologist that this sort of attack is trivial as long as the phone has the ability for remote software install, and as long as the remote software that’s installed can execute call features.