How the NSA Gets Into Your Smartphones

By now, it probably comes as no surprise that the National Security Agency (NSA), aside from collecting Americans' telephone data and foiling the vast majority of Internet security protocols, can spy on people's smartphones.

But thanks to an article in German magazine Der Spiegel, we now know more about the extent to which the NSA has broken into the security of Google, Apple and even BlackBerry, which was once thought to be uncrackable.

Der Spiegel worked with Laura Poitras, the documentary filmmaker and Berlin resident who along with journalist Glen Greenwald is one of the few people with full access to the documents leaked by former NSA contractor Edward Snowden.

The documents obtained by Der Spiegel suggest that neither Google, Apple nor BlackBerry willingly cooperated with the NSA to infiltrate their devices. Nevertheless, with or without their help, if the NSA wants to target a smartphone, it appears it has the resources to make it happen.

MORE: Why the Latest NSA Leak is the Scariest of All

It's no surprise that Android devices are vulnerable — the same open-source policies and lack of security software that make Android devices a prime target for malware also make them easily susceptible to surveillance.

But BlackBerry has long been known for its extremely strong security. Unable to compete with iPhones and Androids in terms of features, user experience and perceived "coolness," BlackBerry has long counted on its security chops to keep its dwindling market edge. 

It's unclear exactly how the NSA compromised BlackBerry security, but if the agency has actually managed to crack the advanced "elliptic curve cryptography" that BlackBerry devices employ, the NSA's cryptography capabilities are far more extensive than was previously suspected.

"That's very unlikely," security expert Nadim Kobeissi, the founder of encrypted messaging service Cryptocat, told Tom's Guide. According to Kobeissi, it would be "very shocking" if the NSA has managed to crack elliptic curve cryptography, which is considered the 'next generation' of encryption.

Amidst the string of impressive NSA victories is one surprising failure: The report in Der Spiegel seems to suggest that the NSA might not have an easy way into Apple devices.

However, according to the article, co-authored by Marcel Rosenbach, Laura Poitras and Holger Stark, "the documents leave no doubt that if the intelligence service defines a smartphone as a target, it will find a way to gain access to its information."

Is Apple the most secure smartphone?

Google Play, the Android app store, is far less regulated than those of Apple and BlackBerry, though Google has taken steps in recent years to better police the store for malicious software.

Android's operating system is designed to give users the maximum amount of control over their devices. That includes security; it falls on Android users, not Google or the carriers or the manufacturers, to put security software on their phones.

Apple, however, is another story. The company takes full control of its phone security, meaning users don't need to do anything to be secure.

Apparently, that approach has paid off: Der Spiegel's article is light on details, but seems to suggest that the NSA can only get into iPhones by hacking into the computers with which the iPhones sync.

But newer iPhones no longer need to sync with computers; instead the devices get over-the-air updates and can sync data wirelessly via iCloud.

This suggests that Apple's security is much more difficult to thwart than other smartphones'—but again, Der Spiegel is vague and did not disclose the actual documents on which it is reporting.

MORE: 10 Pros and Cons of Jailbreaking Your iPhone or iPad

Der Spiegel also reports that the NSA was able to retroactively track iPhone users' whereabouts by accessing backlogged location data. However, starting with version 4.3.3 of the iOS operating system in 2011, iPhones store location data for no more than seven days, thereby limiting the NSA's surveillance options.

But that's not the only way the NSA can track a smartphone user's location. Most smartphone apps request access to the device's GPS and may store location-based data for much longer periods of time. For many smartphone users, the convenience of these location-based apps outweighs the security vulnerabilities.

Putting the 'crack' in CrackBerry

When BlackBerrys first came on the market, they were nicknamed "CrackBerrys" because they were so popular that people joked they were more addictive than crack cocaine. But after Der Spiegel's revelations, "CrackBerry" has a whole new meaning — one that reflects far less positively on the device.

Even though BlackBerrys only rank a distant ninth place on the list of terrorists' favorite mobile devices (Nokia is reportedly No. 1), the NSA has devoted significant resources to cracking the BlackBerry, a system that was once considered impregnable.

Thanks to its "BlackBerry Working Group," a team of specialists devoted to finding new workarounds to BlackBerry security, the NSA could access text messages and emails sent across the BlackBerry Internet Service. That is, until 2009, when BlackBerry purchased the cryptography company Certicom and integrated its advanced "elliptic curve cryptography" into the BlackBerry operating system.

That was enough to keep the NSA out of BlackBerrys for almost a year. But according to the Snowden documents viewed by Der Spiegel, in March 2010, the NSA found a way back in. "Champagne!" the self-congratulatory memo cheers.

By 2012, the NSA was also able to listen in on a number of BlackBerry telephone calls.

Does this mean the NSA has cracked elliptic-curve cryptography? "If that was the case it would be most definitely outrageous news," Kobeissi told Tom's Guide. "Especially because the NSA itself lists elliptic-curve cryptography as the standard they use internally for top secret information. If they actually cracked it and they say they use it themselves they would be lying about their own standard of encryption."

Robert Graham of Errata Security doesn't want to discount the possibility, however. "We think the NSA has  made breakthroughs in mathematics," he told Tom's Guide. "That breakthrough may the newer elliptical curves. We just don't know where."

Perhaps ironically, another NSA memo shows the agency worries that BlackBerry's steadily decreasing popularity means that Americans are less secure. This seems to suggest that the NSA believes it is the only one to have penetrated BlackBerry's security, Der Spiegel reports.

Email or follow her @JillScharr. Follow us @TomsGuide, on Facebook and on Google+.

This thread is closed for comments
    Your comment
  • What is the deal with the NSA scare articles lately? If you people are suprised by any of this crap then you are years behind.

    No one is looking to get into your phone, computer, bla bla bla unless you have something to hide. Anyone with any sensitive data has it encrypted onto a drive that isnt even plugged into a network. Cant hack into something that isnt plugged in.
  • "... even BlackBerry, which was once thought to be uncrackable."

    Not by anyone with half a brain. Did they even try to claim this? Who 'once thought' this anyway?

    "It's no surprise that Android devices are vulnerable — the same open-source policies and lack of security software that make Android devices a prime target for malware also make them easily susceptible to surveillance."

    That idea that open source is insecure is pure FUD. There is nothing to back this claim up at all. Furthermore what does 'lack of security software' even mean? Security is a part of the existing software, extra software is not required for a secure system.

    The problem with Android, above all others, is still that vendors do not issue updates.
  • Also, perhaps the title should be "We Do Not Know How the NSA Gets Into Your Smarphones"