Friday, March 10, 2017

Phone Hacking, Remote Diagnostics, or You?

Recently there’s been an upsurge in concern about phone hacking. People are afraid the government is hacking their phones, tablets and computers. Stories are all over the media, written by journalists that mostly know very little about technology. They simply had a deadline to submit their article to an editor, I fully understand.

Avocado and MacBook 077481

Here’s the truth. People, computers and software are already in your phones and tablets. They access your location, your data, and even the records of who you communicate with every day. It’s not typically the government, though law enforcement can and does look for criminal activity in creative ways. It is mostly businesses that spy on you, every day. Data collection agencies, banks, insurers, tech firms and many others all try to keep track of what you are up to, in great detail. They buy and sell data about your every thought and action, that’s business. You willing, if unwittingly, gave them permission.

WhatsApp, Snap and Signal apps do transport content securely. This does not matter when the hacker is technically already looking over your shoulder as you type. They also look over the shoulder of the person you sent your message to.

If your phone or computer is backed up remotely, that means the data in it is accessible remotely. You give these firms permission every time you press "Agree" on those Terms and Conditions screens. Once the first computer was networked with another computer, remote access was possible and even encouraged. It is called "File Sharing." Cell phones are nothing more than small computers wirelessly attached to a network. If the network operator wants to know what one particular device on that network is doing, they can monitor the activity. It could be network troubleshooting or a court-ordered wiretap. That's why they are called "service providers." The law requires the phone company to help law enforcement, provided a court order exists.

A Direct Connection

There are special boxes, one model is called a "Cellebrite®" diagnostics machine.  Phones can be physically plugged into this machine and searched. It is true that newer models of phones are heavily encrypted but these hacking machines eventually catch up to the latest technology. There is even a UFED Pro® phone analysis device for law enforcement. Look it up. What it does might surprise you. Only the police are supposed to have some types of these machines but in reality anyone can obtain them.
Blackberry Bold iPhone.jpg

Applications allowing remote access to computers and smartphones have always existed. These same tools are used by computer or phone engineers to build and test new models. Such tools are just one way tech support might be able to fix your phone or PC, without you having to take it back to the store. I’ll wager you or someone you know has been helped remotely.

Remote Diagnosis

Remote Diagnostics tools are important in phone support for one major reason. People call  customer support using the telephone that is having a problem. They don’t have another phone to call from. The rush to cut off home landlines is nearly complete. They need help with their iPhone or Android. As they tell it, "Their entire life depends on this phone!" 

Every person has the same point of view. Nobody ever said, "Oh, I’ll just drop off my phone at the store and pick it up in a few days." Even that doesn’t help now, they no longer repair phones at the phone store. For display issues you once had to ship your phone to the manufacturer, there were no local screen repair shops. Nebraska and some other states are even passing laws to force the phone manufacturers to provide repair shops.

Even Remotely Aware

Diagnostic tools work in different ways but essentially they all allow telephone or computer support to get inside your device and fix it. All this while you are using the phone to call support for help. I roamed inside of all models of mobile phone, while they were on my employer’s network, if the caller gave me permission. Diagnostics tools rarely fixed the problem, but the customer often feels better after such a call. Sort of like having your doctor run all kinds of tests that come back negative.

Word of caution, there are unscrupulous telephone support scam artists that also offer "Remote Diagnostics" or something similar. They are phishing for your bank account and credit card details. The best advice about scams is to think about who started the call. Did you call the 800 support number on your monthly bill?  Safe. Did you call the actual manufacturer phone number on the side of the package or product label? Fine. Did they call you to offer some shady support contract? Hang Up! My mother suggests if you aren't required to press several buttons and wait quite a while listening to the same recording, before getting to a human, it is probably a scam business.

Terms & Conditions, You Must Agree?

Every support tool requires the customer to touch or click on the "AGREE" button. Without that telephone support gets no access. Some customers asked me about what they were agreeing to. Since we are evaluated by call length and number of calls, our answer was short, "If you don’t agree to this you can always take your computer or phone to the store or use a neighbor’s phone to call us." They tapped the Agree button every time.

One of my support tools had a feature to bypass the AGREE button, in case the customer was physically unable to agree, usually due to a display problem. On a few occasions I had to use that feature. This means I just entered a phone number or IP address into the system and got inside the device, with the owner doing nothing. They did verbally agree and we all know "all calls are recorded for quality and training purposes." Granted, the owner was on the phone while I was helping them, most of the time.

One time the owner called, asked me to access the phone to fix it, I did, they set the phone down and left the house. I was required to hang up without doing anything in that case. It is all about gaining customer agreement. No customer, no agreement exists.

Warning Will Robinson, Warning!

As employees we were given all kinds of training and warnings about using Remote Diagnostics. Do not look at their photos, emails or texts. Do not look at their Contacts lists. Just use the Settings features. Many of the support calls we received were requests for help with photos, email, texting or lost Contact lists. Gaining customer agreement turned out to be just a facade, for some of the tools. Almost as fast as remote diagnostics tools became common, they were taken away from support, for being too controversial.

During the years I used Remote Diagnostics tools I learned people display all manner of images on their screens. Computer browsers still had trashy web sites open (probably the reason their PC acted like it had a virus). Background and Unlock screen photos were occasionally obscene. I only went into a customer’s Photo Gallery once or twice, at their insistence. They were having problems with videos or folders.

Mostly there were pictures of the owners kids, spouse, and some woodworking project. The typical customer problem was having too many videos or photos. They had to delete some or move them to a computer or the cloud. It wasn’t called a "cloud" back then, but it was still a cloud. If it was an Android phone we often had to Hard Reset the devices, nothing else we were trained to do worked. 

I’ve fixed thousands of computers and phones, just during those years I worked in support roles. Mostly I was supporting employees of the company where I worked. They were friendly to me. During the few years I supported total strangers, most of them were also friendly to me. 

Be a Patient

At least one caller would always try to ruin your day. There’s always one, every day. They want a $500 bill credit. They demand you send a new phone for free, to replace the one they dropped in the bathroom. They blame you for the raunchy videos their teenager has on their phone. It is not their fault some 3rd party app makes their camera keep taking pictures. They blame Ma Bell for the data overage caused by that same teenager. They get no signal where they live, they would like to request a new cell tower be constructed. It is an endless stream of the same complaints repeated at least once every day.

If you get a human in tech support, be thankful and treat them nicely. Understand that you have reached a doctor that is trained to fix your sick piece of electronics. Good phone techs are rare practitioners these days, manufacturers and telcos would rather sell a new phone than pay someone to fix an older phone.  New hires are trained to use checklists, they lack the experience to diagnose issues based on symptomatology.

Your Fault, Usually

Devices with known manufacturing defects are usually recalled now. No carrier wants their phone starting a fire. If you have one of those, you'll get "a free replacement" otherwise you get a refurb...if you think your device has a factory problem in the first year.  Insurance is actually worth the cost for some teenager's devices, even with the deductible and monthly fees.

My point is this. Manufacturing defects aside, the telephone owner is usually the person responsible for their phone or computer being damaged or their accounts hacked. The owner used a very easy password, or no passwords at all. The owner filled out an email form that looked like it was from their bank. It was a Phishing email from somewhere overseas. You went to that website or downloaded that app, actually an implant, and agreed to let those strangers access your location, your photos, your thoughts, your dreams. The hacker may be working for a foreign government or it may just be Facebook going about business as usual. An implant is an implant, no matter if Interpol or Google put it there.

Privacy, what privacy?

They just want to know what you are searching for or who you are in-touch with. Online Privacy? That's been a myth for more than 10 years. Do you think the cable TV people keep track of what programs you watch? Today most screens are able to watch or listen to you. Phones, tablets, and laptops have microphones, front or rear cameras or both. The television builder Vizio was recently fined for selling customer living room conversations picked up by the TV set's microphone. Sent off over the Internet to an artificial intelligence. Samsung called that a feature for years. Now we need to be more careful about the epithets we shout at the TV set?

Look inside your phone or tablet. Look for the Privacy Settings screens. What apps have you allowed to access your microphone, your photos, your camera, your location or your Contact list? Do you know what apps do when given such access? They access it and sell whatever data they can harvest to pay the cost for developing that "free" or $1.99 app. If they don't get this data they go out of business. Most firms use the data responsibly, others, who knows? 

What constitutes responsible use of private data?

Now if you committed some heinous crime or seriously plan to do so, or know somebody planning a heist or worse, the government will use every tool, public or private to hunt you down. There are rules around how this should be done, but if John Law thinks a bomb is ticking, all bets are off. You will be hacked or tricked into allowing spies in your devices or even locked out of your own gadgets. All I can suggest at that point is to keep a spare phone around or maybe some stationary and postage stamps.

No comments: