NSA using leaky smartphones and bypassed A5/1 to track people globally

According the Washington Post, citing documents leaked by Edward Snowden, the NSA is fully capable of capturing GSM (Global System for Mobile communications) traffic that’s encrypted with the A5/1 algorithm. In addition, the agency’s mobile traffic analysis is used to infer relationships, by harnessing metadata collected from cell towers and data delivered to mobile advertising networks.

Last week, the Washington Post reported that the NSA is collecting cellular location in bulk, to the order of 5 billion records per day globally. On Tuesday, the paper reported that in addition to bulk collections, the intelligence agency uses a collection of data sorting tools to separate the bits of collected metadata and turn them into actionable information. The process, as described by the report, outlines the exact fears that privacy watchdogs and government critics had when the NSA’s metadata collection programs were exposed earlier this summer.

In addition to using cellular tower data to pinpoint a person’s location, the NSA also uses WiFi and GPS information to locate subjects, as those signals “reveal their location in a variety of ways including leaked location information from their IP address, mobile apps and built-in location based services,” the Post explained.

Moreover, as part of a project called HAPPYFOOT, the NSA also intercepts traffic generated by mobile applications that relay location information to advertising networks. All of this intercepted data, and collected metadata, is then sorted and used to infer relationships between people or identify persons of interest.

The NSA’s use of advertising networks is interesting, because the FTC just reached a settlement with a flashlight application developer for collecting and transmitting consumer information, including location data, to advertising networks without permission. This settlement was important to privacy advocates, because they’ve long warned the public that mobile advertising platforms were privacy and legal risk.

For example, Privacy Rights Clearinghouse warned against the privacy risks of smartphones as far back as 2005. At the time, they noted that the data collected by smartphones and transmitted to carriers (metadata), could not only pose privacy risks, but pose a conflict within federal privacy laws, which rarely keep pace with technology.

In 2011, software security vendor Veracode examined the Pandora mobile app, and discovered no less than five advertising libraries being used by the application. Pandora later removed the libraries, but one of them was Google’s AdMob, a company purchased by the search giant in 2010.

Among the various personal bits of information being collected by AdMob, Veracode discovered that it was also attempting to gather COARSE and FINE location data. In addition to WiFi and GPS, the NSA also collects metadata related to COARSE and FINE to locate people using the HAPPYFOOT program.

Veracode’s Tyler Shields explained at the time:

“So what does this mean to the end user? It means your personal information is being transmitted to advertising agencies in mass quantities…”

“In isolation some of this data is uninteresting, but when compiled into a single unifying picture, it can provide significant insight into a person’s life…When all that is placed into a single basket, it’s pretty easy to determine who someone is, what they do for a living, who they associate with, and any number of other traits about them.”

Again, Shields was speaking about the same type of data collection and relationship inference being conducted by the NSA, years before proof of such collection and relationship mapping existed. Since 2011, the amount of data transmitted online and collected by advertisers and data brokers has only grown.

So given the latest information on the topic, it seems as if the NSA took advantage of the situation. If the advertisers were collecting the data anyway, the NSA simply needed to use the existing legal framework on interception and collection to gain access to it.

When it comes to intercepts, the Washington Post story also includes a document that shows the NSA can collect A5/1 GSM traffic that is unencrypted, encrypted when the crypto variable is known, and when the crypto variable is unknown. Thus, if the GSM traffic is using A5/1, the NSA can bypass the encryption completely and process it with no problem.

The notion that the NSA can bypass A5/1 isn’t a surprise. In fact, plenty of lawful interception vendors sell hardware that can decrypt A5/1 GSM traffic. The security that is offered by A5/1 has been exploitable years, and academic knowledge that it was vulnerable has existed for decades. But between 2003-09 researchers started taking a hard look at it, and working on ways to develop a more practical attack. So, assuming they’re not using existing vendor technology, then the NSA has perfected the process.

To replace A5/1 and address security concerns, A5/3 was developed, offering a stronger 128-bit encryption. But in 2010, researchers showed that it too could be broken. Still, A5/3 is a better alternative to A5/1, and while adoption of the new algorithm is spreading, there are many carriers still using A5/1 in Europe and Asia. Leaving those using the older system exposed to bulk collections of metadata.

On Tuesday, as news of the NSA’s mobile analysis operations broke, Deutsche Telekom announced that they were the first operator in Germany to move away from A5/1 and adopt A5/3. However, due to the number of older phones in use that do not support A5/3, the mobile operator said that calls to those devices will still work, but that they would revert to the older standard.

The Washington Post’s story serves as a strong reminder that we live in a data-driven world, and that true privacy is a rare thing. Advertisers buy and sell the data that creates our online existence, and sometimes this information is collected without the average consumer’s knowledge or informed consent. However, even for those of us who go to great lengths to protect our privacy, the Post’s report shows that the odds are good that something somewhere is collected, and the NSA has a copy.