Sometimes we fail to appreciate the fact that today, right now, we're living in a sci-fi universe. The smartphone is a miracle of mathematics and engineering genius, converting a little over 4 ounces of inert matter into a Star Trek-level wondercomputer. But the downside of storing your entire world inside an ass-pocket-dwelling supercomputer is that there are always those who are itching to turn that technology against you in ways you'd never expect, like ...
If you work a desk job, chances are you keep your smartphone handy on your desk while you're working. And why not? If you get a call, it's hard to pull your phone out of your pocket with your butt custom molded and sweat glued to your chair. The whole point of a mobile phone is convenience, so there's really no reason not to keep it right there by the keyboard.
That is, there wasn't until a cadre of supervillains (ahem, "researchers") from Georgia Tech decided to create a program that turns your innocent-looking smartphone into a nosy little asshole that sits there spying on your every keystroke. Passwords, email messages, IMVU sex chats -- your phone could be eavesdropping on all of it. You might suspect that some kind of camera or microphone hack is at play here, but the real modus operandi is even sneakier: As you clack away on the keyboard, your phone's accelerometer can pick up the tiny impacts resounding through your desk and, based on the distance of the keys from the phone, mathemagically deduce which keys you're stroking.
Comstock Images/Comstock/Getty Images
Phones with motion sensitivity on the level of an iPhone 4 can guess what you're typing with up to 80 percent accuracy. And this clever bit of spyware can easily Trojan horse its way onto your phone as part of an otherwise trustworthy-looking app, since it doesn't arouse your tinfoil-hat suspicions by asking for permission to use your camera or microphone. The humble tilt sensor is rarely protected against privacy intrusions, because who would ever have guessed that the little gizmo that flips your screen over when you turn your phone sideways could also be used as a goddamn drunken Facebook status update interceptor?
Of course, the algorithm for figuring out what you're typing based on tiny desk tremors is mind-bogglingly complicated, and the whole system is easily defeated by ... just not setting your phone next to your keyboard, so the chances of such an attack by your local garden-variety hacker are low. But since we already know that the government is trying to listen in on us at all times, we're typing up this article with a phone next to the keyboard just to let them know that we know.
Martin Poole/Stockbyte/Getty Images
It's called subtlety, guys.
Ryan McVay/Photodisc/Getty Images
By this point, you might be ready to chuck your smartphone out the nearest window and go back to living without one like folks did in the Stone Age (the '90s were the Stone Age, right?). The only problem with that strategy is that every smartphone out there is a potential threat to you whether you own one or not. For example, did you know that any old Joe Android can brush against you in a grocery store and remotely steal the data right off your credit card with his phone? And that once that information is on his phone, he can wave it at a register and pick up $300 worth of Slim Jims and Mountain Dew on your tab?
Don't worry, not all of your cards are vulnerable. But if you're one of the millions of people carrying a futuristic "contactless" card -- the kind you just wave in front of a terminal to pay for stuff, such as American Express' ExpressPay -- then you'd better keep that fucker in a lead-lined wallet because, as you may have already realized, they're designed to have their radio chips scanned from inches away.
Comstock Images/Comstock/Getty Images
Anniversary provided by "Some Dude."
That means all it takes is a modern phone with near field communication (NFC) capabilities and a special scanning program, and voila -- a crook can use thief magic to pass right through a solid wallet to steal your credit card with goddamn radio waves, and you don't even get the satisfaction of a fleeting grope. Yep, in our technological age, even the intimate act of digging inside a stranger's pocket has become detached and impersonal for the sake of convenience.
Now, before you ask: Yes, someone has already created this, and yes, you can totally download it for free if you know where to look. The program's creator, Eddie Lee, demonstrated the hack with his own phone at DefCon 2012, then released his simple app on the Internet as a flashing "Fuck you, fix this!" sign to credit card companies.
Jupiterimages/Brand X Pictures/Getty Images
"It's like Candy Crush, only with people's lives!"
The program is also capable of shipping card data to someone else's phone, meaning you can go on a shopping spree on Madison Avenue with a card your buddy just swiped from Sunset Boulevard. Now that's modern convenience, folks!
John Foxx/Stockbyte/Getty Images
Imagine this: You're sitting at a coffee shop, preparing to Vine about the horrific lack of a design in the foam of your cappuccino, when your phone suddenly alerts you that it's down to 2 percent power. Holy shit, tragedy has struck! Not a single wall socket in sight -- but hey, is that a free cellphone charging kiosk over there? Thanks, modern convenience!
What could it hurt? It's FREE!
So you hook up to the free charger, the battery indicator flares back to life, and the world narrowly averts missing out on your latest coffee-related outrage. Meanwhile, a hidden device that a "technician" packed inside the charger is casually mining your phone for personal data, stealing all your saved passwords and bathroom mirror self-portraits, and probably slipping you some nasty phone STDs for good measure. Smooth move, moron -- you just did some lowlife a big convenience by plugging your phone directly into his phone-hacking machine.
Don't feel too bad for being fooled, though. In 2011, over 360 people fell for the same trick at the DefCon convention in Las Vegas. And in case you've never heard of it, DefCon is a conference for professional hackers and security experts from around the world. That's right: A convention full of actual hackers was easily taken in by this so-obvious-nobody-expected-it ruse. Fortunately, the kiosk was operated by Aries Security, and instead of actually snatching data from everybody's phones, the kiosk displayed an educational message reminding these security "experts" not to plug their phones into a random box at a hacker convention.
We're not sure if the anthropomorphic sheep was intended to make this more or less unsettling.
This ploy is known in the security industry as "juice jacking," a term we're pretty sure they borrowed from the porn industry. Based on the same concept as ATM skimming, a criminal could set up a fake phone charging station (or tamper with an existing one) to immediately steal your data, or install a program on your phone to steal it later.
While charging stations in high-profile areas like airports and shopping malls are probably safe, fake charging stations (just like fake ATMs) could crop up anywhere -- especially with numerous no-name companies renting them out to special events. Your best bet to avoid such a disaster? Carry your own cord and find an electrical outlet of the plain old-fashioned variety. Or, you know, maybe just learn to cope with the hardship of missing a prime tweeting opportunity every now and then.
We know, it's easier said than done.
But really, just stealing the data off your phone is minor when you consider ...
So you've invested in the most obnoxiously tank-like OtterBox money can buy, you don't go around stuffing random cords into your phone-holes, and, for what it's worth, you've kept your phone's antivirus software up to date. When it comes to mobile security, your smartphone is absolutely watertight.
... but is it airtight?
"I'd like to order some cocaine, please."
Ralf-Philipp Weinmann of the University of Luxembourg discovered that hackers can infiltrate your phone through the airwaves themselves, completely bypassing your operating system and antivirus software to hack directly into the radio processor. This aerial attack requires a special box that acts like a cellphone tower and tricks your phone into thinking it's connecting to a real network. Once the connection is made, the infection juice starts a-flowing, giving the hackers access to everything that the radio processor controls. And since this processor is in charge of handling phone calls, that means the hackers now have your dialer and your microphone -- and on some phone models, possibly your camera, too.
Weinmann presented his technique at the Black Hat conference in 2011 (presumably while wearing an Abe Lincoln-style stovepipe), demonstrating how a phony cell tower can remotely and silently "answer" your phone and broadcast any conversations within earshot to prying ears. Yes, kind of a crude version of what Batman was using in The Dark Knight. But you don't have to be as rich as Bruce Wayne to wield this kind of power: The same brand of tower was set up at Burning Man 2008 for about $4,500.
Ryan McVay/Photodisc/Getty Images
Basically, the cost of your medical bills after balancing lunch with driving.
Pretty scary stuff, but it gets better ...
Yes, it's the actual Dark Knight device -- one that generates a complete 3D image of the inside of any building. Disguised as a harmless camera app, PlaceRaider secretly snaps random pictures as you go about your day. The pics are then shipped off to a central server to be analyzed and compiled into a detailed model of your home, office, or terrorist stronghold.
So it's also kind of like that scene in Iron Man 3 where Tony Stark uses a bunch of images from a suicide bombing to recreate a 3D view of the crime scene, the only difference being that ...
... actually, no, that's pretty much exactly what it is.
In fact, Iron Man's fictional technology falls a little behind the curve this time, considering that PlaceRaider (developed by the U.S. military) was already developed, tested, reported, and published by the fall of 2012. The test runs were a smashing success, by the way: PlaceRaider was put in the hands of unsuspecting phone users in an office setting, and in addition to rendering a detailed view of the environment, the resulting images captured computer screenshots, account numbers on checks, and random loose documents.
The idea is that the malware could be embedded in a camera app like Instagram so that it wouldn't raise any red flags when the app asks for permission to access your camera. Then, in practically no time at all, a burglar's virtually strolling through your home -- browsing through your family photos, scanning your wall calendar with "VACATION" scrawled across it in red Sharpie, jotting down the exact locations of your valuables, even seeing close-up detail of what the keys in your pocket look like ...
Dude, you have got to do some upgrading on your house.
Wait, we may have just stumbled across the biggest weakness of PlaceRaider: Seeing as how most smartphones spend the majority of the day buried deep inside their owners' pants, the ne'er-do-well on the receiving end would likely end up sifting through piles of detailed 3D renderings of pocket lint and crotch bulges. Maybe we're panicking a bit prematurely on this one.
For more reasons to go live in a cave with bears, check out 7 Ways Your Cellphone Is Screwing With Your Body and Mind and 6 Sci-Fi Technologies You'll Soon Have on Your Phone.