Hacker News new | ask | show | jobs
Android-based device compromised - by design?
2 points by persilj 5145 days ago
Let's say that I suspect that my Android-based device (a tablet) is compromised by design (customized at the factory of the manufacturer) and I want to prove it somehow.

For months I've felt that somebody is able see what I see on the screen of the tablet, because "strange things happen" seemingly purposely, when there is text or photos related to certain narrow subjects - and only then. It doesn't matter if I were using a browser or some application. I decline to describe "a strange thing" as that way you can't fixate to it.

I haven't installed any application that could listen for external commands (like the ones that use "Cloud to Device Messaging Framework") nor any other application that I don't fully trust.

Who, in the Internet, could answer to a question: Could the screen of the mobile device be read remotely by eavesdropping leaked electromagnetical fields? But still, how would it be possible to (remotely) command the device to do certain things that the currently activated application isn't allowed to do (didn't ask for certain rights)? This is not a rooted device.
2 comments
mootothemax 5145 days ago
If you want to get paranoid, check out Van Eck phreaking. In reality, experiment when riding a lift in the middle of a large building, doubt many radio signals will get through there.
link
persilj 5145 days ago
Even when your suggestion is highly sophisticated, I'd rather stay non-paranoid, which itself is often just a description given by others and at that time not an actual condition or mental state. Anyway, I would certainly be interested to read about new studies related to Van Eck phreaking (or similar). Google-search revealed mostly the same old stuff that were there years ago.

I'm sure that signal processing and abilities to adjust signal-to-noise -ratio have generally developed upwards since 2006 (or something).

link
PythonDeveloper 5145 days ago
While it's unlikely as it would spell the demise of the manufacturer/brand if made public, yes.

If the manufacturer installed VNC and connected out to a remote server when you came online, yes, this could happen.

You could use WireShark on your PC/Mac attached to the same network to see if the tablet was sending VNC (or similar) data to or from a remote location fairly easily.

It's a well known fact that Apple installed "Keys-dropping" software on their devices to track what you do, but I don't believe it was a 2-way connection. I believe the data was just reported, but not received by the device.

link