According to the BBC...
Smartphone users can do "very little" to stop security services getting "total control" over their devices, US whistleblower Edward Snowden has said.
The former intelligence contractor told the BBC's Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners' knowledge.
Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.
The UK government declined to comment.
Mr Snowden spoke to Panorama in Moscow, where he fled in 2013 after leaking to the media details of extensive internet and phone surveillance by his former employer, the US National Security Agency (NSA).
He did not suggest that either GCHQ or the NSA were interested in mass-monitoring of citizens' private communications but said both agencies had invested heavily in technology allowing them to hack smartphones. "They want to own your phone instead of you," he said.
Mr Snowden talked about GCHQ's "Smurf Suite", a collection of secret intercept capabilities individually named after the little blue imps of Belgian cartoon fame.
"Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing," he said.
"Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on.
"Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers."
Peter Taylor's film Edward Snowden: Spies and the Law also covers:
- The contentious relationship between the British government and social media companies. The intelligence agencies and the police want the companies to co-operate in detecting terrorist content but the programme learns that not all companies are prepared to co-operate to the extent that the agencies would like.
- Documents leaked by Mr Snowden that appear to show that the UK government acquired vast amounts of communications data from inside Pakistan by secretly hacking into routers manufactured by the US company, Cisco.**
'Necessary and proportionate'
Mr Snowden also referred to a tool known as Paronoid Smurf.
"It's a self-protection tool that's used to armour [GCHQ's] manipulation of your phone. For example, if you wanted to take the phone in to get it serviced because you saw something strange going on or you suspected something was wrong, it makes it much more difficult for any technician to realise that anything's gone amiss."
Once GCHQ had gained access to a user's handset, Mr Snowden said the agency would be able to see "who you call, what you've texted, the things you've browsed, the list of your contacts, the places you've been, the wireless networks that your phone is associated with.
"And they can do much more. They can photograph you".
Mr Snowden also explained that the SMS message sent by the agency to gain access to the phone would pass unnoticed by the handset's owner.
"It's called an 'exploit'," he said. "That's a specially crafted message that's texted to your number like any other text message but when it arrives at your phone it's hidden from you. It doesn't display. You paid for it [the phone] but whoever controls the software owns the phone."
Describing the relationship between GCHQ and its US counterpart, he said: "GCHQ is to all intents and purposes a subsidiary of the NSA.
"They [the NSA] provide technology, they provide tasking and direction as to what they [GCHQ] should go after."
The NSA is understood to have a similar programme to the Smurf Suite used by GCHQ on which it is reported to have spent $1bn in response to terrorists' increasing use of smartphones.
Mr Snowden said the agencies were targeting those suspected of involvement in terrorism or other serious crimes such as paedophilia "but to find out who those targets are they've got to collect mass data".
"They say, and in many cases this is true, that they're not going to read your email, for example, but they can and if they did you would never know," he said.
In a statement, a spokesperson for the UK government said: "It is long-standing policy that we do not comment on intelligence matters.
"All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."
The government believes Mr Snowden has caused great damage to the intelligence agencies' ability to counter threats to national security.
Mr Snowden maintains he has acted in the public interest on the grounds that the surveillance activities revealed in the thousands of documents he leaked are carried out - in his words - "without our knowledge, without our consent and without any sort of democratic participation".
An article by Sarah Silbert appeared on "engadget UK" May 16th 2014 more specifically targeting CISCO...
"As promised, the release of Glenn Greenwald's new book, No Place to Hide, has brought plenty more Snowden leaks, and one document is particularly mind-blowing. The photo above shows an NSA team intercepting and bugging a Cisco router before it's sent to a customer who's been targeted for surveillance. In the document, an internal newsletter from June 2010, the chief of the NSA's Access and Target Development department explains the process of intercepting routers, servers and other internet hardware to install beacon implants, then resealing them and sending them on to targets.
A quote from the document follows:
Here's how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets' electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.
Pretty crazy, right? It's not clear how often the agency has used this technique, but the document has prompted a response from Cisco. According to Mark Chandler, the company's SVP of General Counsel and Security, Cisco has never cooperated with the government to "weaken products."
** Remember my post about the Cisco routers, delivered to the Cypriot government, with their security tags tampered with? This has been known for a while. Not only does Cisco manufacture, it designs, maintains and upgrades everything. How can they 'not know' about it?