Are you being watched … by your phone?
The TV show Person of Interest says everyone with a mobile phone is a target for snoops. Is that true?
by Mike Elgan
September 22, 2012
“You are being watched.”
Those are the first words uttered in the opening monologue of a really cool TV show called Person of Interest on CBS. The show’s Season 2 premier airs this week on Thursday, Sept. 27, at 9 p.m. or 8 p.m., depending on where you live.
“Person of Interest,” developed by J. J. Abrams and Jonathan Nolan, is about a mysterious billionaire software genius who built an anti-terrorism surveillance supercomputer for the government but left himself a back door for the system to feed him the Social Security numbers of people in New York City who will be involved in a murder, which the supercomputer can predict.
He doesn’t know whether those people will be the victims or the murderers, but he uses the information to try to stop the crimes before they happen. To do this, he hires a former special forces soldier-turned-CIA super-ninja to go out and beat up the bad guys and save the innocent.
The show is about a lot of things. It’s a detective thriller, a bromance, a shoot-em-up action show. It’s about espionage, government snooping and machine consciousness. But mostly, it’s a show about cellphones.
Specifically, Person of Interest highlights the many ways to hack, track, listen in on and use smartphones to monitor people.
Characters in the movie routinely “clone” cellphones, listen in remotely via the microphones in phones, track people in real time via the GPS technology in their handsets, “Bluejack” phones, and download contacts and other information wirelessly.
One character has a supercomputer; the other has super-ninja fighting skills. But their most effective superpowers are their mobile phone skills.
How realistic is all this? Let’s have a look.
Mobile phone cloning
Cloning enables a phone to make and receive calls that appear to be coming from another phone.
Cloning used to be a lot easier. And in some countries, such as India, it’s still a widespread problem.
In the old days, you needed only to get a couple of unique identifying numbers from the target phone and then enter them on a secret menu on the clone phone.
These days, it’s very difficult. If you want to get the requisite secret identifying numbers, your best bet is to hack a cellular carrier’s database or use expensive, specialized equipment to snatch the numbers from the airwaves (a technique that also requires physical access to the SIM card).
For the petty crooks who used to clone phones in order to sell phones that could make free calls (billed to the victim), cloning is an industry in decline.
Besides, the “benefits” of cloning are largely available through other means, such as free VoIP calls, and some of the techniques I detail below.
Organizations with extensive hacking resources can, and probably do, clone phones. But the ability to clone one phone via another quickly and wirelessly is not possible as it is depicted in Person of Interest.
Tracking people in real time
Phone apps, such as SpyBubble, Mobile Spy, FlexiSpy, StealthGenie and others work invisibly in the background and handle several types of espionage, including real-time location tracking. After the software is installed on an individual’s phone, you can watch on a map as he roams around town.
But these apps need to be physically installed on a phone. To the best of my knowledge, they can’t be installed remotely, though it’s possible that the user could be tricked into installing software with similar functions. This could be done by spoofing a legitimate app, for example.
However, a spy organization or government agency wouldn’t need to install an app on your phone to track your location. They only need to gain access to the location tracking that your wireless carriers already do.
Carriers already collect this data and sell it to anyone with the money to buy it. And they routinely provide location data to law enforcement agencies that request it.
Listening through phone microphones
In Person of Interest, the stars use other people’s phones as remote microphones for listening in on conversations — not just while they’re on calls, but even when they’re not using their phones.
That form of eavesdropping, like phone cloning, used to be a lot easier. Nowadays, I know of no viable generally available software tools that make it possible to listen through a phone’s microphone when it’s not being used for a call.
That said, all of the standard mobile phone spy tools listed above claim that they offer the ability to listen in on calls as they’re taking place.
Reading text messages remotely
SpyBubble, Mobile Spy and other tools also let you grab text messages, both incoming and outgoing. The messages can also be made available to law enforcement agencies by carriers — and, presumably, they’d also be available to any hacker who can access the carriers’ databases.
Apps like SpyBubble and Mobile Spy also deliver a large number of data types from victims’ smartphones, including complete call and SMS logs, all contacts, all email, all URLs visited on a browser (including search queries, which are displayed in URLs), all photos and videos taken with phones, and more.
If cheesy apps like those can do it, you can be sure that sophisticated hackers, spy agencies, organized crime groups and others can do it, too.
Bluejacking is the use of Bluetooth wireless technology to either send messages or files to a phone, or connect to it in other ways. The benefit of Bluejacking is that the connection isn’t conveyed through a carrier, so it’s harder to track. And it’s anonymous.
Bluejacking is easy. In fact, you can download Bluejacking software from the Google Play store, or from any number of other sites.
Some software lets you find “hidden” open Bluetooth connections. And you can typically send messages, pictures or even sounds.
Although Bluejacking is primarily used in sophomoric pranks, it can also be used for social engineering, which is one of the things the characters in Person of Interest use it for.
For example, you could send fake error messages to make someone believe his phone is malfunctioning. You could then offer to fix it for him and then install spyware once you have access to the phone.
The technology is easy to use. But a skilled hacker is also skilled at tricking people, and that’s the real reason Bluejacking is such a threat.
The bottom line is that the phone hacking activity depicted on TV is exaggerated. The characters in Person of Interest remotely crack, take over and track phones far more quickly and easily than is possible in real life.
However, everything they do in the show is possible in principle, under the right circumstances. And in fact, nearly all the hacker talk and technical jargon used in Person of Interest is shockingly realistic for network TV, which usually dumbs down such language.
More importantly, I believe the show provides a valuable service by introducing the public to the kinds of things that are possible with a phone — making them aware of the fact that a modern smartphone is, above all, the Mother of All Surveillance Devices.
All mobile phone owners should know that they’re carrying a microphone, a camera, a tracking device and an automatic logging tool that records their electronic interactions with other people, as well as other activities. And they should know that these devices can convey that information without their knowledge.
Are you being watched, tracked and hacked right now? Probably not. But it’s impossible to know for sure. In fact, the only way to be 100% sure that you’re not being spied on by your phone is to get rid of it. In the meantime, watch a few episodes of Person of Interest. It’s a great show, and it could give you a healthy dose of paranoia about what your mobile phone is theoretically capable of.
- Are you being watched … by your phone?
- Hacker group claims access to 12M Apple device IDs
- California Assembly OKs bill banning warrantless smartphone tracking
- Can Facedeals overcome ‘creepy’ factor?
- Are biometric ID tools evil?
- Ill. bans firms from asking workers, job seekers for social media info
- ‘Wall of Shame’ exposes 21M medical record breaches
- California to get tough on online privacy
- Judge dismisses privacy lawsuit against LinkedIn
- Privacy groups hail Google, FTC settlement over Apple Safari tracking