Sometimes we fail to appreciate the fact that today, right now, we're living in a sci-fi universe. The smartphone is a miracle of mathematics and engineering genius, converting a little over 4 ounces of inert matter into a Star Trek-level wondercomputer. But the downside of storing your entire world inside an ass-pocket-dwelling supercomputer is that there are always those who are itching to turn that technology against you in ways you'd never expect, like ...
If you work a desk job, chances are you keep your smartphone handy on your desk while you're working. And why not? If you get a call, it's hard to pull your phone out of your pocket with your butt custom molded and sweat glued to your chair. The whole point of a mobile phone is convenience, so there's really no reason not to keep it right there by the keyboard.
That is, there wasn't until a cadre of supervillains (ahem, "researchers") from Georgia Tech decided to create a program that turns your innocent-looking smartphone into a nosy little asshole that sits there spying on your every keystroke. Passwords, email messages, IMVU sex chats -- your phone could be eavesdropping on all of it. You might suspect that some kind of camera or microphone hack is at play here, but the real modus operandi is even sneakier: As you clack away on the keyboard, your phone's accelerometer can pick up the tiny impacts resounding through your desk and, based on the distance of the keys from the phone, mathemagically deduce which keys you're stroking.
Comstock Images/Comstock/Getty Images
Phones with motion sensitivity on the level of an iPhone 4 can guess what you're typing with up to 80 percent accuracy. And this clever bit of spyware can easily Trojan horse its way onto your phone as part of an otherwise trustworthy-looking app, since it doesn't arouse your tinfoil-hat suspicions by asking for permission to use your camera or microphone. The humble tilt sensor is rarely protected against privacy intrusions, because who would ever have guessed that the little gizmo that flips your screen over when you turn your phone sideways could also be used as a goddamn drunken Facebook status update interceptor?
Of course, the algorithm for figuring out what you're typing based on tiny desk tremors is mind-bogglingly complicated, and the whole system is easily defeated by ... just not setting your phone next to your keyboard, so the chances of such an attack by your local garden-variety hacker are low. But since we already know that the government is trying to listen in on us at all times, we're typing up this article with a phone next to the keyboard just to let them know that we know.
Martin Poole/Stockbyte/Getty Images
It's called subtlety, guys.
Ryan McVay/Photodisc/Getty Images
By this point, you might be ready to chuck your smartphone out the nearest window and go back to living without one like folks did in the Stone Age (the '90s were the Stone Age, right?). The only problem with that strategy is that every smartphone out there is a potential threat to you whether you own one or not. For example, did you know that any old Joe Android can brush against you in a grocery store and remotely steal the data right off your credit card with his phone? And that once that information is on his phone, he can wave it at a register and pick up $300 worth of Slim Jims and Mountain Dew on your tab?
Don't worry, not all of your cards are vulnerable. But if you're one of the millions of people carrying a futuristic "contactless" card -- the kind you just wave in front of a terminal to pay for stuff, such as American Express' ExpressPay -- then you'd better keep that fucker in a lead-lined wallet because, as you may have already realized, they're designed to have their radio chips scanned from inches away.
Comstock Images/Comstock/Getty Images
Anniversary provided by "Some Dude."
That means all it takes is a modern phone with near field communication (NFC) capabilities and a special scanning program, and voila -- a crook can use thief magic to pass right through a solid wallet to steal your credit card with goddamn radio waves, and you don't even get the satisfaction of a fleeting grope. Yep, in our technological age, even the intimate act of digging inside a stranger's pocket has become detached and impersonal for the sake of convenience.
Now, before you ask: Yes, someone has already created this, and yes, you can totally download it for free if you know where to look. The program's creator, Eddie Lee, demonstrated the hack with his own phone at DefCon 2012, then released his simple app on the Internet as a flashing "Fuck you, fix this!" sign to credit card companies.
Jupiterimages/Brand X Pictures/Getty Images
"It's like Candy Crush, only with people's lives!"
The program is also capable of shipping card data to someone else's phone, meaning you can go on a shopping spree on Madison Avenue with a card your buddy just swiped from Sunset Boulevard. Now that's modern convenience, folks!
John Foxx/Stockbyte/Getty Images
Imagine this: You're sitting at a coffee shop, preparing to Vine about the horrific lack of a design in the foam of your cappuccino, when your phone suddenly alerts you that it's down to 2 percent power. Holy shit, tragedy has struck! Not a single wall socket in sight -- but hey, is that a free cellphone charging kiosk over there? Thanks, modern convenience!
What could it hurt? It's FREE!
So you hook up to the free charger, the battery indicator flares back to life, and the world narrowly averts missing out on your latest coffee-related outrage. Meanwhile, a hidden device that a "technician" packed inside the charger is casually mining your phone for personal data, stealing all your saved passwords and bathroom mirror self-portraits, and probably slipping you some nasty phone STDs for good measure. Smooth move, moron -- you just did some lowlife a big convenience by plugging your phone directly into his phone-hacking machine.
Don't feel too bad for being fooled, though. In 2011, over 360 people fell for the same trick at the DefCon convention in Las Vegas. And in case you've never heard of it, DefCon is a conference for professional hackers and security experts from around the world. That's right: A convention full of actual hackers was easily taken in by this so-obvious-nobody-expected-it ruse. Fortunately, the kiosk was operated by Aries Security, and instead of actually snatching data from everybody's phones, the kiosk displayed an educational message reminding these security "experts" not to plug their phones into a random box at a hacker convention.
We're not sure if the anthropomorphic sheep was intended to make this more or less unsettling.
This ploy is known in the security industry as "juice jacking," a term we're pretty sure they borrowed from the porn industry. Based on the same concept as ATM skimming, a criminal could set up a fake phone charging station (or tamper with an existing one) to immediately steal your data, or install a program on your phone to steal it later.
While charging stations in high-profile areas like airports and shopping malls are probably safe, fake charging stations (just like fake ATMs) could crop up anywhere -- especially with numerous no-name companies renting them out to special events. Your best bet to avoid such a disaster? Carry your own cord and find an electrical outlet of the plain old-fashioned variety. Or, you know, maybe just learn to cope with the hardship of missing a prime tweeting opportunity every now and then.
We know, it's easier said than done.
But really, just stealing the data off your phone is minor when you consider ...