So far this year, the surreptitious capture of audio and visual data via smartphone cameras and microphones has negatively impacted the world’s richest person and a beloved trillion-dollar company. It’s safe to say that awareness of this issue has reached the mainstream, increasingly forcing individuals, enterprises and product makers to change how they operate. To see how the trajectory of smartphone surveillance has changed even in the last several months, I think it would be helpful to look back at my 2019 predictions as a starting point.
2019 prediction #1: Commercial mobile spyware will be used to target a high-profile figure in the United States.
For years, government and government-affiliated actors have abused commercially available mobile spyware to target perceived enemies, including members of civil society. Such actors have taken advantage of gaps in the regulation and oversight of these tools to push the boundaries of their surveillance. With the assassination of US-based journalist Jamal Khashoggi in October of last year serving as a wake-up call, it seemed to me that it was only a matter of time until a household name would be swept up by such smartphone spyware.
Indeed, a credible investigation earlier this year into a tabloid’s leak of text messages from Amazon CEO Jeff Bezos revealed that not even the world’s richest person is immune from mobile spyware. In an op-ed for The Daily Beast, security consultant Gavin de Becker laid out the case that the Saudi government remotely accessed Bezos’s phone and gained private information from it. Ironically, the Saudis were allegedly looking to harm Bezos – who owns The Washington Post – for the newspaper’s coverage of the killing.
2019 prediction #2: The maker of a popular mobile app will become embroiled in an eavesdropping scandal.
One of the byproducts of our collective techlash against the likes of Google and Facebook is that many people suspect that apps and services from these companies are listening to their conversations. Even without hard evidence supporting this theory, many are convinced that their spoken words are used to better profile them for advertisers, for example. It doesn’t help that there have been numerous cases of apps surreptitiously monitoring ambient audio via users’ microphones, as the popular Spanish app La Liga did when it listened for illegally streamed soccer games. If a widely used app like La Liga could get into trouble for listening without express user permission, surely Facebook or Google weren’t far behind.
Like clockwork, it was recently revealed by Bloomberg that Facebook had been using hundreds of outside contractors to transcribe audio clips captured from voice chats in the company’s Messenger app. Like Apple, Amazon and other companies with voice interfaces, Facebook was relying on human input to gauge the effectiveness of its system’s text-to-speech interpretations. To its credit, the industry as a whole has decided to move away from the practice of humans auditing real-world samples of voice commands.
2019 prediction #3: World leaders will face additional scrutiny over their use of personal phones.
Since the beginning of President Trump’s time in office, many journalists and security experts have focused on his use of personal smartphones to conduct business and use social media. Security expert Bruce Schneier, for example, speculated about the possibility that the microphones in the president’s smartphone are being used by foreign intelligence agencies to monitor his confidential conversations. I felt that all of this scrutiny would cascade into greater pressure on government leaders around the world to secure their personal phones against the threat of compromised cameras and microphones.
As it happens, the smartphone of Brazilian President Jair Bolsonaro was targeted this year as part of an elaborate campaign by a group of hackers. Brazilian media reported on Bolsonaro’s insistence on using an off-the-shelf phone instead of the encrypted phone given to him by intelligence services, as his personal phone allows him to use messaging and social media apps like Twitter and WhatsApp. Bolsonaro was forced to answer for his use of a personal smartphone, saying that he has nothing to hide and takes great caution in discussing strategic information.
2019 prediction #4: Smartphone anti-surveillance will become a part of a Fortune 500 company’s cybersecurity strategy.
The Department of Defense (DoD) has long been at the forefront of cybersecurity awareness that eventually trickles down to the enterprise community. Through last year’s announcement of a policy banning smartphones from secure spaces, the DoD showed that it is serious about keeping its most important information out of reach of compromised smartphone cameras and microphones. I guessed that enterprises wouldn’t be too far behind in looking for ways to mitigate this threat.
I can only speak anecdotally, but we at Privoro have engaged with Fortune 500 companies in a range of industries this year on our smartphone anti-surveillance capabilities. Our pilot enterprise customers have expressed a real need to keep cyberspies and competitors from listening to the conversations of top executives and other key personnel.
2019 prediction #5: Data in vicinity will be the next cybersecurity concept to go mainstream.
Data in vicinity is a term that we at Privoro coined to describe the data in the presence of a smartphone or other digital device, including audio available through the device’s microphones and visual data available through the device’s cameras. It seemed inevitable that as more and more attention was placed on smartphone surveillance, people would eventually figure out that their devices can potentially give threat actors and tech companies alike intimate access to their private lives.
Speaking from personal experience, whenever I would have a conversation with someone from outside the security community about Privoro in years past, their reaction was often skepticism that smartphones can be turned into live bugs by threat actors on the other side of the world. Only recently have non-techies acknowledged that this is an issue and that they want to learn how to stop it. I think that a great deal of this upswing in awareness is because millions of people were affected by the FaceTime bug revealed in January that allowed any stranger to listen through a call recipient’s microphones and look through their front-facing camera.
2019 prediction #6: More major manufacturers will build the ability to disconnect cameras and microphones into their products.
Last year, Facebook released the Facebook Portal smart speaker, which gives users the ability to completely disable the camera and microphones with the touch of a button. Along those same lines, Apple revealed that its latest MacBook models would feature a hardware disconnect that disables the microphone whenever the laptop lid is closed. Given the vast resources at their disposal for performing customer and market research, I thought it was likely that these two companies were responding to customer concerns in a way that foretold a larger trend in the industry.
Now, even Google has joined the party. The company’s Nest Hub Max smart display, released in September, features a hardware kill switch that physically disconnects both the device’s camera and microphone. This trend looks like it’s here to stay, a sign that consumers are starting to demand the ability to control access to the cameras and microphones in their most personal of devices.