If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#61
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Tue, 11 Dec 2018 10:22:25 -0500, nospam
wrote: In article , default wrote: Just because the phone appears to be turned off, doesn't mean it is. yes it does. Anyone can download an app that can turn it into a surveillance device. they could, but they'd have to launch it for it to take effect. Once it is on the phone the phone can be remotely monitored it doesn't require that the app be launched. yes it does. You don't understand how microprocessors work. oh yes i do. The android operating system (any/every OS) is programmed into a chip. It is not carved in silicon, it is in a "protected" area of memory, but it can be accessed and modified. not easily, it can't. It's very easy if you know how, but there's one hell of a learning curve. The processor chip has to (it is a requirement) to allow for something called interrupts where it is told to break the routine it is running and go off and do something else. That is done on a "machine level" (totally ones and zeros in registers - memory locations- that makes little sense to humans) including you. That is true. I do very little with machine language, I know enough to peek and poke - look at a register or jamb a value into one, if I know where in hell it is. I don't consider myself able to use assembly language most days. That's just a little better than machine language. That's what all the talk is about wanting the source code- nobody can read one's and zeros and make sense out of it. If you have the actual high-level program you have a long arduous task to figure out what it is doing - unless you have the program with the notations that tell what it is doing. The first few programs I wrote I didn't do any notations because it seemed easy enough to tell what was going on. A few months later I had no clue as to how the program I wrote actually worked. It would be child's play for someone (with the knowledge) to integrate a few snippets of code that runs in the background and never alerts the operator (malicious code does it all the time - the processor doesn't know the difference) nope. it's definitely not child's play and requires *much* more than a few snippets of code to run in the background. Nope. That's where the operating system comes in. All you want to do is use functions that someone else has programmed into the system. Your code is just a line or two to tell the other code to run. An operating system is a pretty difficult thing to design, but that doesn't stop people from using computers. It is just another step deeper into the workings to get it to do the things you dream up. I don't consider myself a programmer, there are guys way way better than I. I program controllers (little computers with limited abilities or dedicated purposes) with a high level computer language. The phone doesn't have an on-off switch, it has a pushbutton that sends a request to the processor to send it into a hibernate state. (that is what "off" is to you) The battery is still connected and still feeding a trickle of power to the processor. The uP can wake itself periodically to check some variable (like sound, light, movement, etc.) It can go to sleep and wake up for a few microseconds every second or less with minimal change in battery drain. nope. the on/off switch is managed by a separate power management chip, completely separate from the main cpu. It used to be done that way. These days the processor has that and more built into it. the main cpu is *off*. it's far too power hungry to be on all the time waiting for a button press. Yeah that seems logical if you are thinking of a processor burning up 6 watts doing millions of operations per second. That isn't how it is done today. The processor sleeps in between periodic waking to see if it is wanted. My controllers, for instance, can output a steady pulse width modulated signal to keep a motor turning at a fixed speed even if the main part of the processor is sleeping.. it can't make decisions or change the speed of the motor, but it can output just what it needs to run at one speed, and that doesn't eat a lot of power. The chips designed for phones, and tablets are designed differently than those for desktops. I suspect they will eventually replace all desktop processors too. I've got at least one Windows computer with no fan in it that can run anything from WinXP and up. As long as the battery is connected and charged, the phone is not off, it is just hibernating and waiting for a button push. only the power management chip is on. the rest of the device is off, including the radios, which means *it* cannot be remotely accessed. Yeah the radios are power hogs. (right up there with the leds that light the screen) That doesn't mean it can't just switch on and off long enough to send out what it has recorded. It is the radio transmitters that use a lot of energy the receivers use little. An hour of fairly high fidelity audio can be compressed into 50 megabytes and that can be dumped in about three seconds at 150 Mbps. The company you bought your phone from, programs them wirelessly using wireless capability already built into wireless phones. no they definitely don't. not even close to correct. You are ignorant of the way cell phones work. They don't open them up and tinker with the guts - they are sales people and wouldn't know how, but they do know how to access your phone and activate it even if they don't know what activation entails. also wrong. I program controllers that use all the same things a cell phone does. cell phones don't use the same controllers you use. They don't, but they work the same and have the same capabilities. The uP in a cell phone can do more and faster is the only real difference. (well, that and the cost) I needed a device to behave differently (refuse to come on when it was dark out). I just had it wake itself every 15 minutes and check the light and when it sensed enough light it would allow the operator to turn it on and become active. The operator didn't know what the processor was doing only that it didn't do anything when it was dark. That could just as easily been a sound and I could program it to check for noise every second and it would still get plenty of sleep time and not drain the battery... not relevant to a cellphone. Relevant to how the processor in a cell phone can be made to work to conserve battery capacity. A cell phone can do the same things and you would never have to know about it. It could, for instance, record every conversation nearby and store it digitally in a compressed format, time stamp it, stamp the GPS coordinates, etc.. I could have it wait until it was by a wifi, or cell phone tower, and dump the recorded conversations in one fast burst transmission. Even if the phone was in a faraday shield it could still be recording and only phone home when it was let out. Minimal battery drain too.... only if an app was running and definitely not minimal battery drain. That may have been the case in 1990, but with cmos and all the advances in depletion and enhancement mode mos devices that no longer holds true. I know you'd like to think that apps need permission and all, and IF the people vetting the apps are doing their jobs that is true. But you can't check the app yourself to see if it is doing what it claims. false. it's very easy to determine which apps are running and how much data they're using. also, the phone would be warmer than normal if it was transmitting back to some outside entity and the battery would be dead in hours. They say ignorance is bliss. That's where the spy apps you can buy operate. Most of them need physical access to a cell phone to put the app on them, but once it is on there, it can hide it's operation from the OS and the operator. exactly what i said, that physical access is required to modify the phone. The applications sold for consumer use that is true. You either have to have the phone long enough to install the app or have the target open a file that can exploit a vulnerability in the operating system. You don't need the phone if you can trick it into installing the app by opening some file that seems unrelated. Spyware doesn't advertise it's presence, that would be counter-productive. And when was the last time you read the boiler plate legal statements laughingly referred to as "privacy statements?" You can often find the legalese written in such a way as to allow, just what they seem to be telling you they would never do. A team of Philadelphia lawyers might understand privacy statements but they are often written to obfuscate, not enlighten. the legal statements do not give free access to monitor and record user actions. You base this opinion on your many years of service to the bar? In what state? The feds can do pretty much the same things, without even having the phone anywhere nearby; as long as it is communicating with cell towers or wifi. They are using the same technology that the cell phone company uses to program your phone. no they can't, and the cell phone company doesn't program anything. you have no clue about this stuff. The guppy that doesn't realize exactly how tiny it really is. Most folks get their phone and look at the pretty screen and think, "how nice it has the weather." That weather app knows your GPS location and it can just as easily tell someone where that phone is, if it is part of it's program. Nearly all apps have the ability to "update." Every time you turn the phone on, or periodically, it may be checking for dozens of app updates and sending your location back to someone else. checking the weather is not the same as secretly recording audio or video. Data mining companies are big business, there's money in it. quite a bit, however, that has nothing to do with hacking people's phones. You, my friend, are a guppy swimming in shark infested waters and are blissfully unaware of it. ad hominem. unlike you i'm *very* aware of what can and cannot be done. Someday you may learn how wrong you are. I take the paranoid viewpoint and only discover that things are worse than I thought they were. When money is involved veracity is elusive. Stumbled upon this: https://www.quora.com/Is-it-true-tha...y-is-installed All depends on your understanding what it means that a phone is turned off. As far as my testing has shown, a turned off iphone has really disconnected from the cellular and wifi networks. The ip addresses is liberated and can be re-used by other devices. As such, it would not be possible to initiate a remote wake-up through a “wake-on-lan” packet in order to send location data. But, since most phone firmware’s are closed source - it could theoretically be possible that a phone could be instructed to go into a deep sleep, and power up at regular intervals to do some hidden communication. This certainly is not used widely as people on prepay systems would have noticed mobile data usage. If this is indeed used, it would involve government ordered snooping, infiltration in many organisations (telco and IT), which I’m certain is actually happening. ps: I worked for a telecom operator as integration specialist part of Legal Interception department. |
Ads |
#62
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Tue, 11 Dec 2018 12:12:33 -0500, nospam
wrote: In article , default wrote: I know my Tracphone is off when I turn it off because the charge will last for months and it can't get calls. It could certainly have some kind of beacon in it, but that seems very unlikely. It only cost $10. exactly. if your phone was transmitting to some outside entity, the battery would be dead within hours. That's only true if the phone is fully functioning. which it would have to be to spy on someone. It could still record audio with just a tiny smidgen of the power it takes to receive and transmit. Compress the audio and transmit in a burst and you'd never know it by the battery capacity. nope. recording audio would require an app to be running, and that means the phone is powered on and fully operational. you would definitely notice a dead battery when you turned it on, or tried to. if it received a call or text while 'off', you'd definitely know something unusual was going on. You wouldn't know if a background program was running. nonsense. of course someone would. The uP is always on. In a well designed secure system it is only supposed to be checking the power button every few milliseconds. the cpu isn't what's checking the power button. But off and hibernate are not the same thing. that's the point. The little controllers I like to use have: sleep, nap, rest, and hibernate. They all save the battery life, but there is no such thing as off. The different sleep states are just there because some functions can be programmed to run while the thing is sleeping... those little controllers you supposedly like to use have nothing to do with how cellphones work. It only shuts down when the battery drops below a certain level, that's an automatic function designed to prolong battery life, but I can tell it to ignore that feature and let it run until it hasn't got enough energy to function. Not a good practice with rechargeable batteries but acceptable for disposable batteries or super capacitors - the chip only does what it was programmed to do. actually, you can't, since the battery has its own microcontroller, which will shut down when the charge is too low. and there's still the question how a phone that's off can be remotely turned on by some magical signal that is received by a radio that's off. I don't know about Android and iPhone, but I'm guessing that people think off means the screen is black because few people actually turn them off. you guess wrong. people are well aware of the difference between sleep versus fully off. people don't turn off their phones because if they did, they would not be able to receive calls, texts and push notifications. it would also take a minute or two to boot if they wanted to use an app or call/text someone. It can be on and still act as if it is off. You have no way of telling without some pretty sophisticated test equipment, and even then, if I thought it may be monitored I'd find a way for it to hide all activity until the threat passed. nonsense. it's very easy to tell if a phone is truly off or only pretending to be off. they also might be listening to music, podcasts or internet radio with the phone in their pocket, screen off. The condition of the screen doesn't indicate what the phone is doing, it is just there so the operator can tell what it wants you to know or allow you to do. you're still not getting it. Well, I can't help you there. It has been my experience that people tend to believe what makes them feel most secure. That's what they want to believe, and the majority do it that way. I figure it has something to do with an evolutionary factor that made them better at surviving. From a tribal perspective you want cooperation not competition if the species is as weak (physically) as humanity is. The majority will function better if they are not overly anxious about their survival prospects and just go along with the leaders (who are determined by strength and competitive edge) But that's just a theory, not my field of study, and I digress... Believe what you want to believe, that's your right. Try to remember one thing: Anyone can teach me something, no one has the same experience that I do or the same perspective that I do. I have to able to learn - teaching is passive, learning is active. |
#63
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Tue, 11 Dec 2018 12:12:36 -0500, nospam
wrote: In article , default wrote: Not even off is off. The processor just sits there and periodically wakes up and checks the condition of the push button to see if someone is trying to turn it on. nope. it's the power management chip checks that. the processor is far too power hungry to be checking for a button press and only powers on if the pmu tells it to. The move of large scale integration is to have more and more done by a single part. It lowers manufacturing costs. Cell phones are nearly ubiquitous and they cram as much specialized function on the single die as they can. From a design point of view, if the processor uses just a few micro amps of current in the off state I'll let it decide when the button is pressed. The battery capacity is on the order of thousands of milliamp hours for the sake of argument say your cell phone is one amp/hour, and you need 1 micro amp to monitor the condition of the on-off switch it will take a million hours to discharge the battery. Check my math, but that's about 114 years! The battery would self discharge sooner, the cell phone would be obsolete sooner, and the original owner would be pushing up daisies. you're ignoring self-discharge and other factors. No. I specifically mentioned self discharge, four lines up from your comment. Up that to 25 micro amps while in a surveillance mode (not unreasonable) and the battery life is cut to ~5 years. still wrong. Now, if you want Video, pictures, gps, and second by second real time surveillance it should be noticeable to most people. that's the point. What's the point? You want that stuff real time? If the phone is turned off and you want to hide battery drain, you can't have it. Can't be done. (can't be done in real time) If the phone is on (and the data needs to be current) you'd never know it was under surveillance by the battery life. But a lot has to do with the way you do it and how current and complete the data you are collecting has to be. A clever software designer will find ways to maximize the battery life with various tricks in hardware and software. If the person uses the phone or keeps it on for incoming calls, you'd never notice the difference surveillance adds. false. ignorant If your phone is a 3G tablet computer, your battery is probably going to be in the 3,000 milliamp/hour range. The hand held phones are in the 500-1000 range last time I checked. check again. Older iphones are 1400 mah; but you are correct, the newer XS models are pushing 3K to keep their 5.8" screen alive smartphone batteries are typically in the 3000 mah range, with tablets in the 5000-10k mah range. My old 10" tablet is 7K, this year's model is 10K. |
#64
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Tue, 11 Dec 2018 12:12:34 -0500, nospam
wrote: In article , Paul wrote: and there's still the question how a phone that's off can be remotely turned on by some magical signal that is received by a radio that's off. RFID-like schemes transmit enough power to run circuitry. You could do it that way. no you couldn't. the range of rfid is *very* short and it requires the device to be powered on It is indeed very short, a few feet as a rule. But RFID does not require self-power it rectifies energy inductively coupled into it via a loop antenna then uses that energy to transmit its data. To do that city wide, would just take a powerful transmitter, operating on some frequency other than the cellphone frequency. The addressed responding device, only has to operate its transmitter and regular receiver, long enough to ping back. That wouldn't run the battery down too much, since the regular circuitry goes back to sleep until the passive RFID chunk receives another burst of energy during the next ping. no. It wouldn't be feasible city wide maybe. You'd have tens of thousands of tags trying to squawk their data to receivers that would have to be nearby because their transmit power is too low. |
#65
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 11/12/2018 18:41, default wrote, amonst other things, ...
Someday you may learn how wrong you are. I take the paranoid viewpoint and only discover that things are worse than I thought they were. When money is involved veracity is elusive. I've really enjoyed your post! :-) It's rather satisfying to see the bull****ter called 'nospam' put firmly in his place! Thank you! -- Regards, David B. |
#66
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Tue, 11 Dec 2018 17:50:59 -0500, nospam
wrote: In article , default wrote: Just because the phone appears to be turned off, doesn't mean it is. yes it does. Anyone can download an app that can turn it into a surveillance device. they could, but they'd have to launch it for it to take effect. Once it is on the phone the phone can be remotely monitored it doesn't require that the app be launched. yes it does. You don't understand how microprocessors work. oh yes i do. The android operating system (any/every OS) is programmed into a chip. It is not carved in silicon, it is in a "protected" area of memory, but it can be accessed and modified. not easily, it can't. It's very easy if you know how, but there's one hell of a learning curve. even if someone knows how, it's still incredibly difficult. there needs to be multiple exploits *and* a payload that works across many different devices without causing any other problem. An ordinary computer virus might work across many devices, but here we are only talking about a specific targeted device with a known OS. and then there's the problem of getting it installed, which *requires* *physical* *access* to the device. That is 100% wrong. For some consumer level spy programs it may be true, but not government level hacking especially when they can bring pressure to bear on the cell provider. even assuming all of that happens, if the user decides to update the os, the hack will be overwritten with a system that has one or more of the exploits, likely all of them, patched, making it not possible to reinstall it (plus the hacker would need physical access again). You think the whole OS is rewritten when you do an update? I don't know for a fact but I suspect the phone's memory limitations, might make that unwieldy enough to make it impractical. My wife has one of the win 10 net books and it has yet to complete a single update successfully - the 32 gigs of system storage is not enough from the looks of it. if the user thinks something's not quite right, which is likely if it's spying on them, and they do a reinstall of the existing os, the hack is gone. Do you know anyone that has installed an OS from scratch on a cell phone? If it can be done, something I'm skeptical about, how many people could do it? I think you'd have bricked phones as a result. I managed to do it to an android TV box, but that's not something I will attempt again, since it took me a week to get back to square one. The processor chip has to (it is a requirement) to allow for something called interrupts where it is told to break the routine it is running and go off and do something else. That is done on a "machine level" (totally ones and zeros in registers - memory locations- that makes little sense to humans) including you. That is true. I do very little with machine language, I know enough to peek and poke - look at a register or jamb a value into one, if I know where in hell it is. I don't consider myself able to use assembly language most days. That's just a little better than machine language. then why did you bring up machine language and interrupts as a method to hack a phone? Because all processor chips allow peek, poke and debug, and with tools like that you can do pretty much whatever you like - I, on the other hand am not it that class of programmer but I can and do get help when I need it. That's what all the talk is about wanting the source code- nobody can read one's and zeros and make sense out of it. If you have the actual high-level program you have a long arduous task to figure out what it is doing - unless you have the program with the notations that tell what it is doing. the source code is not always available, and that doesn't get you past the code signing. The first few programs I wrote I didn't do any notations because it seemed easy enough to tell what was going on. A few months later I had no clue as to how the program I wrote actually worked. then it wasn't written particularly well. It was written OK, but with no notation I couldn't remember how it all fit together. It would be child's play for someone (with the knowledge) to integrate a few snippets of code that runs in the background and never alerts the operator (malicious code does it all the time - the processor doesn't know the difference) nope. it's definitely not child's play and requires *much* more than a few snippets of code to run in the background. Nope. That's where the operating system comes in. All you want to do is use functions that someone else has programmed into the system. Your code is just a line or two to tell the other code to run. it doesn't work that way. Your ignorance is showing again. operating systems don't come with a built in 'spy' function that's waiting for a line or two in some rogue app to call it. Who said anything about a spy function. They already have the equivalent of tape recorders, cameras, audio recorders and transmitters - or in other words everything you might want in a surveillance device. An operating system is a pretty difficult thing to design, but that doesn't stop people from using computers. It is just another step deeper into the workings to get it to do the things you dream up. it's more than 'another step' to hack a phone, especially when the os is designed to be secure. Ah, yess... the legendary security of operating systems. I've got this bridge over in Brooklyn that I want to sell, are you interested? I don't consider myself a programmer, there are guys way way better than I. I program controllers (little computers with limited abilities or dedicated purposes) with a high level computer language. programming a microcontroller has absolutely nothing to do with hacking a cellphone. two wildly different scenarios. You are becoming tiresome. Honest ignorance is one thing, stubborn stupidity is more than I wish to deal with. You have earned your place in the bozo bin. Congrats! |
#67
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , default
wrote: Just because the phone appears to be turned off, doesn't mean it is. yes it does. Anyone can download an app that can turn it into a surveillance device. they could, but they'd have to launch it for it to take effect. Once it is on the phone the phone can be remotely monitored it doesn't require that the app be launched. yes it does. You don't understand how microprocessors work. oh yes i do. The android operating system (any/every OS) is programmed into a chip. It is not carved in silicon, it is in a "protected" area of memory, but it can be accessed and modified. not easily, it can't. It's very easy if you know how, but there's one hell of a learning curve. even if someone knows how, it's still incredibly difficult. there needs to be multiple exploits *and* a payload that works across many different devices without causing any other problem. and then there's the problem of getting it installed, which *requires* *physical* *access* to the device. even assuming all of that happens, if the user decides to update the os, the hack will be overwritten with a system that has one or more of the exploits, likely all of them, patched, making it not possible to reinstall it (plus the hacker would need physical access again). if the user thinks something's not quite right, which is likely if it's spying on them, and they do a reinstall of the existing os, the hack is gone. The processor chip has to (it is a requirement) to allow for something called interrupts where it is told to break the routine it is running and go off and do something else. That is done on a "machine level" (totally ones and zeros in registers - memory locations- that makes little sense to humans) including you. That is true. I do very little with machine language, I know enough to peek and poke - look at a register or jamb a value into one, if I know where in hell it is. I don't consider myself able to use assembly language most days. That's just a little better than machine language. then why did you bring up machine language and interrupts as a method to hack a phone? That's what all the talk is about wanting the source code- nobody can read one's and zeros and make sense out of it. If you have the actual high-level program you have a long arduous task to figure out what it is doing - unless you have the program with the notations that tell what it is doing. the source code is not always available, and that doesn't get you past the code signing. The first few programs I wrote I didn't do any notations because it seemed easy enough to tell what was going on. A few months later I had no clue as to how the program I wrote actually worked. then it wasn't written particularly well. It would be child's play for someone (with the knowledge) to integrate a few snippets of code that runs in the background and never alerts the operator (malicious code does it all the time - the processor doesn't know the difference) nope. it's definitely not child's play and requires *much* more than a few snippets of code to run in the background. Nope. That's where the operating system comes in. All you want to do is use functions that someone else has programmed into the system. Your code is just a line or two to tell the other code to run. it doesn't work that way. operating systems don't come with a built in 'spy' function that's waiting for a line or two in some rogue app to call it. An operating system is a pretty difficult thing to design, but that doesn't stop people from using computers. It is just another step deeper into the workings to get it to do the things you dream up. it's more than 'another step' to hack a phone, especially when the os is designed to be secure. I don't consider myself a programmer, there are guys way way better than I. I program controllers (little computers with limited abilities or dedicated purposes) with a high level computer language. programming a microcontroller has absolutely nothing to do with hacking a cellphone. two wildly different scenarios. The phone doesn't have an on-off switch, it has a pushbutton that sends a request to the processor to send it into a hibernate state. (that is what "off" is to you) The battery is still connected and still feeding a trickle of power to the processor. The uP can wake itself periodically to check some variable (like sound, light, movement, etc.) It can go to sleep and wake up for a few microseconds every second or less with minimal change in battery drain. nope. the on/off switch is managed by a separate power management chip, completely separate from the main cpu. It used to be done that way. These days the processor has that and more built into it. other way around. it used to be done with the main processor, but now there are dedicated chips for various other functions. the main cpu is *off*. it's far too power hungry to be on all the time waiting for a button press. Yeah that seems logical if you are thinking of a processor burning up 6 watts doing millions of operations per second. That isn't how it is done today. for smartphones, it definitely is done that way. 3-5 watts tdp is typical. The processor sleeps in between periodic waking to see if it is wanted. not entirely, it doesn't. it throttles up and down based on what it's doing. a lot of background processes are running at all times. My controllers, for instance, can output a steady pulse width modulated signal to keep a motor turning at a fixed speed even if the main part of the processor is sleeping.. it can't make decisions or change the speed of the motor, but it can output just what it needs to run at one speed, and that doesn't eat a lot of power. a motor controller is *very* different than a cellphone. The chips designed for phones, and tablets are designed differently than those for desktops. no they aren't. other than the instruction set (arm versus x86) and lower tdp, there's very little difference. both have multi-core cpus and gpus, sometimes with other functionality as well (e.g., npu). there are now windows laptops with arm chips, which means the instruction set difference no longer applies. in other words, the chips in modern phones are desktop class. I suspect they will eventually replace all desktop processors too. they already have. see above. intel is in a bad spot and amd is not much better. I've got at least one Windows computer with no fan in it that can run anything from WinXP and up. the lack of a fan has absolutely *nothing* to do with chip design. As long as the battery is connected and charged, the phone is not off, it is just hibernating and waiting for a button push. only the power management chip is on. the rest of the device is off, including the radios, which means *it* cannot be remotely accessed. Yeah the radios are power hogs. (right up there with the leds that light the screen) That doesn't mean it can't just switch on and off long enough to send out what it has recorded. It is the radio transmitters that use a lot of energy the receivers use little. An hour of fairly high fidelity audio can be compressed into 50 megabytes and that can be dumped in about three seconds at 150 Mbps. compressing it would require an app running in the background, in addition to capturing the audio, and you're assuming 150mbps data link. and then there's the problem where the user wants to use the microphone for some other purpose when the spy app has it in use. The company you bought your phone from, programs them wirelessly using wireless capability already built into wireless phones. no they definitely don't. not even close to correct. You are ignorant of the way cell phones work. it's not me who is ignorant. i know quite well how cellphones work, going back to amps days. the only 'programming' that a phone seller would do is activating it, which is little more than scanning the imei and iccid, which can be done by the user on their own. none of that has anything to do with installing a malicious app on the phone to spy on the user. They don't open them up and tinker with the guts - they are sales people and wouldn't know how, but they do know how to access your phone and activate it even if they don't know what activation entails. also wrong. I program controllers that use all the same things a cell phone does. cell phones don't use the same controllers you use. They don't, but they work the same and have the same capabilities. The uP in a cell phone can do more and faster is the only real difference. (well, that and the cost) false. the processors in modern phones are desktop class processors with multi-core cpus, gpus and other functionality. a microcontroller doesn't need any of that. I needed a device to behave differently (refuse to come on when it was dark out). I just had it wake itself every 15 minutes and check the light and when it sensed enough light it would allow the operator to turn it on and become active. The operator didn't know what the processor was doing only that it didn't do anything when it was dark. That could just as easily been a sound and I could program it to check for noise every second and it would still get plenty of sleep time and not drain the battery... not relevant to a cellphone. Relevant to how the processor in a cell phone can be made to work to conserve battery capacity. nope. A cell phone can do the same things and you would never have to know about it. It could, for instance, record every conversation nearby and store it digitally in a compressed format, time stamp it, stamp the GPS coordinates, etc.. I could have it wait until it was by a wifi, or cell phone tower, and dump the recorded conversations in one fast burst transmission. Even if the phone was in a faraday shield it could still be recording and only phone home when it was let out. Minimal battery drain too.... only if an app was running and definitely not minimal battery drain. That may have been the case in 1990, but with cmos and all the advances in depletion and enhancement mode mos devices that no longer holds true. you definitely have no idea what you're talking about. I know you'd like to think that apps need permission and all, and IF the people vetting the apps are doing their jobs that is true. But you can't check the app yourself to see if it is doing what it claims. false. it's very easy to determine which apps are running and how much data they're using. also, the phone would be warmer than normal if it was transmitting back to some outside entity and the battery would be dead in hours. They say ignorance is bliss. then you must be super-happy. That's where the spy apps you can buy operate. Most of them need physical access to a cell phone to put the app on them, but once it is on there, it can hide it's operation from the OS and the operator. exactly what i said, that physical access is required to modify the phone. The applications sold for consumer use that is true. You either have to have the phone long enough to install the app or have the target open a file that can exploit a vulnerability in the operating system. You don't need the phone if you can trick it into installing the app by opening some file that seems unrelated. that's what i said originally. Spyware doesn't advertise it's presence, that would be counter-productive. however, it existence can be detected, if by no other reason that battery life will be noticeably worse. another way would be seeing the device active on a router. And when was the last time you read the boiler plate legal statements laughingly referred to as "privacy statements?" You can often find the legalese written in such a way as to allow, just what they seem to be telling you they would never do. A team of Philadelphia lawyers might understand privacy statements but they are often written to obfuscate, not enlighten. the legal statements do not give free access to monitor and record user actions. You base this opinion on your many years of service to the bar? In what state? i base it on the fact that if there was *anything* remotely close to that, lawyers and privacy advocates would be all over it. that's actually happened before, and the the companies claimed they weren't actually spying and quickly modified the agreements. in any event, feel free to find a license agreement that says what you claim it does and then link it here. Someday you may learn how wrong you are. someday you might learn that it's you who is *very* wrong, although i doubt that will be any time soon, if ever. I take the paranoid viewpoint and only discover that things are worse than I thought they were. When money is involved veracity is elusive. Stumbled upon this: https://www.quora.com/Is-it-true-tha...mobile-phones- can-still-be-tracked-if-the-battery-is-installed you might want to, you know, *read* it first. As such, it would not be possible to initiate a remote wake-up through a łwake-on-lan˛ packet in order to send location data. .... But tracking a turned off phone is considered impossible, and rightly so. When you turn off your phone, it will stop communicating with nearby cell towers and can be traced only to the location it was in when it was powered down. .... It is not possible to track a phone when it is switched off. thereby confirming exactly what i've been saying. this part is the most amusing: łThe best way to track an Śoffą phone is to ‹ secretly ‹ install a chip, connected to the phoneąs battery supply" first of all, that would require physical access of the phone and second, there isn't any free space in a modern phone for this secret spy chip to fit. third, many phones have an internal battery, so some disassembly and reassembly would be required, all without breaking anything in the process. lastly, there's the problem where if there is some sort of problem requiring service and the user is told that the warranty is void because it's been modified... so, no. |
#68
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , default
wrote: Not even off is off. The processor just sits there and periodically wakes up and checks the condition of the push button to see if someone is trying to turn it on. nope. it's the power management chip checks that. the processor is far too power hungry to be checking for a button press and only powers on if the pmu tells it to. The move of large scale integration is to have more and more done by a single part. It lowers manufacturing costs. a single part doesn't preclude multiple components on one chip, and a pmu isn't very big anyway. Cell phones are nearly ubiquitous and they cram as much specialized function on the single die as they can. actually, they can't. they'd *love* to cram quite a bit more than they already do, but there's a limit to everything. From a design point of view, if the processor uses just a few micro amps of current in the off state I'll let it decide when the button is pressed. The battery capacity is on the order of thousands of milliamp hours for the sake of argument say your cell phone is one amp/hour, and you need 1 micro amp to monitor the condition of the on-off switch it will take a million hours to discharge the battery. Check my math, but that's about 114 years! The battery would self discharge sooner, the cell phone would be obsolete sooner, and the original owner would be pushing up daisies. you're ignoring self-discharge and other factors. No. I specifically mentioned self discharge, four lines up from your comment. you did mention it, however you are still ignoring it. Up that to 25 micro amps while in a surveillance mode (not unreasonable) and the battery life is cut to ~5 years. still wrong. Now, if you want Video, pictures, gps, and second by second real time surveillance it should be noticeable to most people. that's the point. What's the point? You want that stuff real time? If the phone is turned off and you want to hide battery drain, you can't have it. Can't be done. (can't be done in real time) it can't be done when the phone is turned off. period. If the phone is on (and the data needs to be current) you'd never know it was under surveillance by the battery life. the reduced battery life would be one of several indicators that something unusual is going on. But a lot has to do with the way you do it and how current and complete the data you are collecting has to be. A clever software designer will find ways to maximize the battery life with various tricks in hardware and software. If the person uses the phone or keeps it on for incoming calls, you'd never notice the difference surveillance adds. false. ignorant there are many ways to tell, some of which are trivial. If your phone is a 3G tablet computer, your battery is probably going to be in the 3,000 milliamp/hour range. The hand held phones are in the 500-1000 range last time I checked. check again. Older iphones are 1400 mah; but you are correct, the newer XS models are pushing 3K to keep their 5.8" screen alive smartphone batteries are typically in the 3000 mah range, with tablets in the 5000-10k mah range. My old 10" tablet is 7K, this year's model is 10K. in other words, your initial claim was wrong. |
#69
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , default
wrote: and there's still the question how a phone that's off can be remotely turned on by some magical signal that is received by a radio that's off. RFID-like schemes transmit enough power to run circuitry. You could do it that way. no you couldn't. the range of rfid is *very* short and it requires the device to be powered on It is indeed very short, a few feet as a rule. nope. more like an inch or two. But RFID does not require self-power it rectifies energy inductively coupled into it via a loop antenna then uses that energy to transmit its data. except that's not going to do much with a phone that's off. |
#70
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , David B.
wrote: On 11/12/2018 18:41, default wrote, amonst other things, ... Someday you may learn how wrong you are. I take the paranoid viewpoint and only discover that things are worse than I thought they were. When money is involved veracity is elusive. I've really enjoyed your post! :-) It's rather satisfying to see the bull****ter called 'nospam' put firmly in his place! Thank you! if you understood even a tiny fraction of was being discussed, you would realize he has not done that at all. |
#71
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 11/12/2018 22:51, nospam wrote:
In article , David B. wrote: On 11/12/2018 18:41, default wrote, amonst other things, ... Someday you may learn how wrong you are. I take the paranoid viewpoint and only discover that things are worse than I thought they were. When money is involved veracity is elusive. I've really enjoyed your post! :-) It's rather satisfying to see the bull****ter called 'nospam' put firmly in his place! Thank you! if you understood even a tiny fraction of was being discussed, you would realize he has not done that at all. You seem to have no comprehension that spyware/malware may actually be 'built in' to these devices during the manufacturing process, not afterwards by hacking. -- Regards, David B. |
#72
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , David B.
wrote: You seem to have no comprehension that spyware/malware may actually be 'built in' to these devices during the manufacturing process, not afterwards by hacking. they aren't. |
#73
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
nospam wrote:
In article , default wrote: and there's still the question how a phone that's off can be remotely turned on by some magical signal that is received by a radio that's off. RFID-like schemes transmit enough power to run circuitry. You could do it that way. no you couldn't. the range of rfid is *very* short and it requires the device to be powered on It is indeed very short, a few feet as a rule. nope. more like an inch or two. But RFID does not require self-power it rectifies energy inductively coupled into it via a loop antenna then uses that energy to transmit its data. except that's not going to do much with a phone that's off. https://blog.atlasrfidstore.com/acti...s-passive-rfid Active RFID Transponders That's the operating mode of my digital water meter on the house. The pickup truck driving down the street at 20MPH triggers the transponder on the side of the house. Only enough energy from the "reader" is required, to create an electrical signal to wake the transponder. It doesn't *power* the transponder radio transmissions, It only *wakes* the transponder. And there is orders of magnitude difference in how much "ping" is required. The "ping" part doesn't have to work at the same frequency as the transponder uses. It fact, it's better if they're widely spaced (that pinger might run pretty well continuously on the pickup truck). https://www.mouser.com/applications/...gy_harvesting/ "... tens of microwatts at around 40 feet" As long as the resonant element has sufficient amplitude on output, it can trigger the logic input of the transponder. It's the voltage level that counts, rather than the power. 2uA at 3V or 6uW is sufficient to run my digital wrist watch, The quartz crystal on there seems to be happy with a fraction of the total device power. In fact, with quartz crystals, you have to be careful not to drive them too hard. I would expect though, that there wouldn't be as good resonators available for, say, 433MHz. For quartz, it would be an overtone. There are SAW filters, but (not being a SAW filter person) I bet those use power that we don't got. Maybe an LC wouldn't be sharp enough or have a high enough Q. Paul |
#74
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , Paul
wrote: But RFID does not require self-power it rectifies energy inductively coupled into it via a loop antenna then uses that energy to transmit its data. except that's not going to do much with a phone that's off. https://blog.atlasrfidstore.com/acti...s-passive-rfid Active RFID commonly used for toll booth transponders, not cellphones. a smartphone can *read* a passive tag, but it must be held close to the tag (inches), powered on and configured to do something for that specific tag. it's not a viable method to install malware. |
#75
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , default
wrote: The android operating system (any/every OS) is programmed into a chip. It is not carved in silicon, it is in a "protected" area of memory, but it can be accessed and modified. not easily, it can't. It's very easy if you know how, but there's one hell of a learning curve. even if someone knows how, it's still incredibly difficult. there needs to be multiple exploits *and* a payload that works across many different devices without causing any other problem. An ordinary computer virus might work across many devices, but here we are only talking about a specific targeted device with a known OS. except that you'd need to have multiple versions ready to go ahead of time for every phone and os since you have no way to know what a yet unidentified suspect might be using. there's no time to request and develop a custom version, and you might not even know what it is anyway. and then there's the problem of getting it installed, which *requires* *physical* *access* to the device. That is 100% wrong. it isn't, which *your* link confirmed. do try to keep your story straight. For some consumer level spy programs it may be true, but not government level hacking especially when they can bring pressure to bear on the cell provider. nope. the cell provider could turn over call records, text messages, data usage and location information, but that's about it. that's *very* different than spying on the user. the carrier *can't* remotely install apps nor can they activate the microphone or camera. if the device owner used an encrypted voice and/or messaging app, there won't be any call records or text messages to turn over, and if they used a vpn for data connections, the data usage info is going to be completely worthless. even assuming all of that happens, if the user decides to update the os, the hack will be overwritten with a system that has one or more of the exploits, likely all of them, patched, making it not possible to reinstall it (plus the hacker would need physical access again). You think the whole OS is rewritten when you do an update? that depends on the update and how it's installed. except that it doesn't need to rewrite the entire os. all it needs to do is patch at least one exploit the hack is using, at which point, it no longer works and might even crash, at which point, a full reinstall might be done. I don't know for a fact but I suspect the phone's memory limitations, might make that unwieldy enough to make it impractical. it's not impractical in the least. My wife has one of the win 10 net books and it has yet to complete a single update successfully - the 32 gigs of system storage is not enough from the looks of it. that's not a phone. do try to stay on topic. if the user thinks something's not quite right, which is likely if it's spying on them, and they do a reinstall of the existing os, the hack is gone. Do you know anyone that has installed an OS from scratch on a cell phone? oh yes. many, many people. If it can be done, something I'm skeptical about, how many people could do it? most people can, but if not, they can have someone else do it. no big deal. I think you'd have bricked phones as a result. nothing is perfect so that's always possible, however, it's highly unlikely, but if it does happen, it can usually be debricked. worst case, take it to a phone store. if it really is bricked, they'll replace it, in which case whatever hack was supposedly there will be long gone. I managed to do it to an android TV box, but that's not something I will attempt again, since it took me a week to get back to square one. that's not a phone. do try to stay on topic. The processor chip has to (it is a requirement) to allow for something called interrupts where it is told to break the routine it is running and go off and do something else. That is done on a "machine level" (totally ones and zeros in registers - memory locations- that makes little sense to humans) including you. That is true. I do very little with machine language, I know enough to peek and poke - look at a register or jamb a value into one, if I know where in hell it is. I don't consider myself able to use assembly language most days. That's just a little better than machine language. then why did you bring up machine language and interrupts as a method to hack a phone? Because all processor chips allow peek, poke and debug, and with tools like that you can do pretty much whatever you like - no they don't. processor chips don't know anything about peek, poke and debug. that's where the os and development tools comes in. I, on the other hand am not it that class of programmer clearly. but I can and do get help when I need it. which you definitely do. That's what all the talk is about wanting the source code- nobody can read one's and zeros and make sense out of it. If you have the actual high-level program you have a long arduous task to figure out what it is doing - unless you have the program with the notations that tell what it is doing. the source code is not always available, and that doesn't get you past the code signing. The first few programs I wrote I didn't do any notations because it seemed easy enough to tell what was going on. A few months later I had no clue as to how the program I wrote actually worked. then it wasn't written particularly well. It was written OK, but with no notation I couldn't remember how it all fit together. therefore not written ok. It would be child's play for someone (with the knowledge) to integrate a few snippets of code that runs in the background and never alerts the operator (malicious code does it all the time - the processor doesn't know the difference) nope. it's definitely not child's play and requires *much* more than a few snippets of code to run in the background. Nope. That's where the operating system comes in. All you want to do is use functions that someone else has programmed into the system. Your code is just a line or two to tell the other code to run. it doesn't work that way. Your ignorance is showing again. nope. unlike you, i have written numerous mobile apps and ****loads of desktop apps and know quite well how it all works internally. what you've said is simply wrong. operating systems don't come with a built in 'spy' function that's waiting for a line or two in some rogue app to call it. Who said anything about a spy function. you did. They already have the equivalent of tape recorders, cameras, audio recorders and transmitters - or in other words everything you might want in a surveillance device. once again, there must be an app running to capture that data, which is going to need a *lot* more than "a few snippets of code to run in the background". without such an app, there won't be any surveillance. An operating system is a pretty difficult thing to design, but that doesn't stop people from using computers. It is just another step deeper into the workings to get it to do the things you dream up. it's more than 'another step' to hack a phone, especially when the os is designed to be secure. Ah, yess... the legendary security of operating systems. I've got this bridge over in Brooklyn that I want to sell, are you interested? more of your ignorance. hacking an ios device is *extremely* difficult, to the point where it's effectively impossible to hack even with physical access. android is easier (some devices more so than others), but it still requires more than "a few snippets of code to run in the background". I don't consider myself a programmer, there are guys way way better than I. I program controllers (little computers with limited abilities or dedicated purposes) with a high level computer language. programming a microcontroller has absolutely nothing to do with hacking a cellphone. two wildly different scenarios. You are becoming tiresome. i was about to say the same, but your ludicrous conspiracy theories and sheer ignorance needs to be nipped in the bud. Honest ignorance is one thing, stubborn stupidity is more than I wish to deal with. given that you have both, how do manage to get through the day? You have earned your place in the bozo bin. Congrats! in other words, you can't back up what you said. no surprise there. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|