NSA whistleblower Edward Snowden and hardware hacker Andrew “Bunnie” Huang have possibly come up with a solution for warning users when their phones are revealing their location via radio transmissions.
The purpose of the device
The device – dubbed “introspection engine” due to its capability to show the inner workings of the phone at any given time – is still just an idea, a blueprint. Snowden and Huang are trying to make it real and are hoping to create a prototype over the coming year, to see if it can do what they believe it can.
The intended users are journalists, activists, and human rights workers that have to use their phones while in high-risk environments, but need to be sure that their phones won’t unwittingly broadcast their location to adversaries looking to silence them.
In theory, while the phone is in “airplane mode,” it should not be sending out radio signals, and can still be used to take photos, record conversations, etc. In practice, malware can make the phone do just that, without the phone alerting the owner that this is happening.
The introspection engine is meant to detect this type of activity, and warn the phone owner of it in real time.
Details about the device
The initial prototype is meant for the 4.7” iPhone 6, as it’s the preferred tool of many reporters.
“From the outside, the introspection engine will look and behave like a typical battery case for the iPhone 6. However, in addition to providing extra power to the iPhone 6, the case will contain the introspection engine’s electronics core,” Snowden and Huang explained.
“The electronics core will likely consist of a small FPGA and an independent CPU running a code base completely separate from the iPhone 6’s CPU. This physical isolation of CPU cores minimizes the chance of malware from the phone infecting the introspection engine.”
They pored over repair manuals for the device and discovered where the test points for monitoring the status of the cellular modem, the GPS, as well as the Wi-Fi and Bluetooth radios. They are baked into the circuit board design to assist with debugging, and effectively provide data on the device’s radio status.
The introspection engine will use these points to gather information about the phone’s “radio activity.” This will be done via a custom flexible printed circuit designed with contacts pre-loaded at signal test point locations.
“For NFC, we decided that the risk/reward of selectively enabling and monitoring Apple Pay is not worth it. In other words, we do not expect journalists operating in conflict zones to be relying on Apple Pay to get their work done. Therefore, to simplify the effort, we opt to fully disable Apple Pay by disconnecting the RF front end from its antenna,” they added.
Also, the NFC’s antenna can be easily separated from the phone’s main logic board, by removing the one screw secures it, they noted.
For more details about the device, you can check out this blog post, but it’s good to know that they aim to make it completely open source and user-inspectable. It will be possible to verify whether the device works as it should whenever the user wants, and is expected to be easy to use, so that field reporters don’t have to choose between doing a good job and keeping themselves safe.
“Over the coming year, we hope to prototype and verify the introspection engine’s abilities. As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time. If the prototype proves successful, the FPF may move to seek the necessary funding to develop and maintain a supply chain,” they concluded, and added that, with the minimal cooperation of system vendors, the techniques developed in this work should also be applicable to other makes and models of phones.