Is the smartphone really turned off?

This is a text automatically translated from Italian. If you appreciate our work and if you like reading it in your language, consider a donation to allow us to continue doing it and improving it.

The articles of Cassandra Crossing I'm under license CC BY-SA 4.0 | Cassandra Crossing is a column created by Marco Calamari with the “nom de plume” of Cassandra, born in 2005.

New year, new article from Cassandra! If we can't remove our smartphone's battery, is it really off when we turn it off?

This article was written on 06 January 2021 from Cassandra

Is the smartphone really turned off?

Or is it an enemy in your pocket? The “NoReboot” bug is proof of the dangers of the IoT.

As Cassandra's 24 graying readers will remember, your favorite prophetess' concerns about the intrinsic danger of connected objects date back to 2006.
It was then about the presence of a “return channel” in an object that only had to receive, and which could also be programmed remotely via television signal, these were the very rare @MHP set-top boxes, which quickly fell into oblivion as “stillborn” technologies, because they were the result only of desires for omnipotence of some corporations, and not of real customer needs.

But the worry of having apparently “our” objects actually running programs on behalf of third parties and transmitting our personal data to them was just the beginning.

In reality, “not knowing” what an object did was more dangerous than using it knowing exactly what it did.

A lot of years have passed, the world of technologies has changed and IoT and smartphones are among us.
Almost all people are not at all concerned about how many and which household or worn objects are controlled not by them but by third parties, and that these objects transmit data detected with a vast quantity and types of sensors.

The pervasive computer, once seen as a blessing, has now totally infiltrated reality, while almost all the inhabitants of the digitalized part of this planet are calm and happy.

Even the recent news on the widespread use and abuse of interception software such as Galileo, FinFisher and NSO leaves the majority of users calm, as "I have nothing to hide anyway".

Cassandra therefore, doing her job, will still try to give warnings, instilling healthy doubts and fears, as was once done with children who wanted to play with matches.

Are you convinced that, if you want, you can turn off your smartphone, your laptop, your baby surveillance camera, your fitness bracelet, your car, so as to be sure that it does nothing, that it doesn't listen, that it doesn't report?

The answer is yes, you are convinced; in fact, most of these objects ultimately have an electrical power supply, and therefore all you have to do is disconnect it to make them deaf and inert.

Even objects that run on batteries often allow the battery to be removed, thus certainly becoming inert themselves.

But can objects that contain a non-removable battery, such as smartphones, really still be turned off and rendered inert?

The answer is no, unfortunately also no. If an object is operated by software, even if turning it off and on is governed by an "off button", this is not an "electrical switch". The button simply runs a software, which “should” turn off the object.

And the software cannot be trusted.

It is already dangerous when it is unnecessarily complex and therefore poorly written, but it becomes a weapon as imperceptible as it is unstoppable when it is written with malice.

Are you convinced that you can turn off your ultra-secure smartphone? Maybe one of the iCosi family?

Well, the answer is that you are wrong.

This article "Persistence without “Persistence”: meet The Ultimate Persistence Bug, NoReboot” which for now only concerns owners of Apple smartphones, details how iOS can be subverted to “mimic” the switching off and on again procedures, in order to leave the mobile phone apparently “off”, but in reality in full functioning, network, wifi and Bluetooth included.

And be able, consequently, to make it act as a surveillance device, even in apparently extremely private situations.

Little else remains to be said. Let's simply close as the author of the very interesting article does.

“Never be sure that a device is turned off”

also sponsoring his advice to “Check that your device is not compromised”.

In fact, the dangerous "compromise" is not that of a possible installation of a computer sensor, like that of NSO, but that made "by design" by the manufacturer, which always exists and is becoming the rule.

Too much paranoia? Let's hope!

At least today's paranoids would not discover, in ten years' time, that they were once again incurable optimists.

Marco Calamari

Join communities