The Greatest Hack in History

I get this question almost daily, it goes something like this, "can people see what I am doing on my phone, or is my stuff private?" This is a fair question and I will do my best to explain why you are not secure and how it happened. I wish I could tell you that you are safe on your smartphone, but when you have a smartphone you have two camps. In the first camp, the person is oblivious to anything, and they welcome the shared experience. The second camp is aware and senses that they are being monitored and it generally bothers them. So how do I know this. Well, aside from being a smartphone repair tech and instructor, I am also a mobile forensics investigator. I have been doing mobile security research on Android and iOS for over 10 years. In those years I have seen just about everything from regular people, men and women alike, IT professionals and mobile techs, corporations, and government, It all led me to write this article, now lets get a little history first.

A little History

If this is the first time you have seen my content my name is MJ Nale I started this journey over 11 years ago when I started Android Hawaii and I have been providing data recovery services for about that long as well, I am also the founder of the first school ever to teach software support for mobile repair technicians online called "Phonlab" When smartphones first came out it was exciting, it was like a mini computer. In fact they were just like any other computer that you could buy at the store, and in large part this is still true today, for computers that is, let me explain. If you go to Walmart or Best Buy to purchase a laptop computer, or desktop computer today, you have access to the root files of that computer, the system files that is, and you should. Did know that you do not have that same freedom on a smartphone in America today? The smartphones sold by one of the four large wireless carriers in the USA, like AT&T, Verizon, T-Mobile, or Sprint are not only carrier locked but the bootloader is locked as well. They lock the bootloaders to prevent you from accessing the root files of that smartphone. In America rooting has been a thing of the past for some time now, unless you buy a specific unlocked smartphone at full price, sometimes referred to as a developer edition, but when was the last time you saw that? It kind of phased away didn't it. I don't know about you but for me, that's a problem, they cannot remove access to the root partition, Wait, iPhone users do not have access either, We will get back to that, now let's answer that question. The quick answer is "No you are not safe and your personal information has and is being exposed as long as you use a smartphone, yes even a factory unlocked one, yes even with applications claiming to keep you safe. Let's talk about that.

The largest hack in the USA

I call it "the greatest hack" because it is still affecting consumers all over the country. This hack was pretty sophisticated, it was a psychological and it was sold to us by creative marketing schemes using fear tactics, and propaganda by some names you might be familiar with. Yes we all bought the same bucket of crap from the same companies. It was sold to you in the form of marketing and advertising lies that promised that they were keeping you safe, saving you money ( fear of being broke ) or they were marketing flat out lies like the "most secure network," that Verizon would like you to believe despite the fact they were hacked, like the massive data breach of 14 million accounts at Verizon in 2017. What about T-Mobile they not only got hacked but it has happened more then once, in once instance they even had employees unlocking and removing blacklisted phones from the blocked list, it was going on for years illegally, It took a couple of employees who started a multi million dollar unlocking service to get peoples attention, I am not saying what they did was right it was not, but it sure feels like they are trying to criminalize unlocking your smartphone. They removed your ability to control what is on your phone, literally, and none of this would have happened if they did not lock your smartphone, but they made you feel like you needed their protection, when in fact somebody should’ve been protecting you from them. It's always been about one thing and that is control.

Farming your habits

So the million dollar question is why, well of course money is the quick answer, but to be specific it is about control, because your desires are worth lots of money these days. The real money is not some pay as you go overpriced plastic brick, its your habits and with new technologies in AI learning they can even predict it too! Is this legal? Well Edward Snowden talked about mass surveillance, this is kind of like that, I am not a legal expert though, but what about all those times we agreed, without ever reading the conditions in the terms of service agreement when we signed into a new smartphone. They have been farming your data and your habits since day one and they’ve been selling it to other companies, and you paid for it all. Who knows maybe an expert on those agreements can weigh in on this question. Think about it? If you had a business and you could predict even with low success the buying habits of a customer, you would be rich. That's exactly what happened. The abuse of data collection and privacy is particularly bad with MVNO's like Cricket, H20 wireless, to name just a couple. there is little or no vetting, hell anyone can own a wireless company, just purchase a bucket of data for resale with a great sales program and away you go. Now cable companies like Spectrum have taken that right out of their playbook, and its happening with internet TV and more. When you really do read the terms they are long and confusing. At the time of writing this article I had a conversation with one of my customers about what you are reading now. I mentioned most of what you are reading, he said that he was willing to give up certain luxuries to be able to use google services, and that's the problem we have become accustom to making excuses for these privacy and consumer rights violations because we wanted our smartphones above everything, We stopped caring, Then you could say "MJ your making a big deal about issues nobody cares about anymore", what do you think?

The damage

The damage from all of this has been what has kept me busy for years now. Since 2010 I starting noticing more and more data collection that was happening on your phone, it was massive, and it heated up the core, all in the name of your safety and security, The overheats were so bad from 2012-2017 that I am now seeing large scale chip displacement on the logic board because the underfill pools up and it causes the chip to separate from the board. We have seen hardware failures happen because it was a cheap part, this was just from the amount of apps running behind the scenes you cannot see, they are under system services, hidden of course from the publics view. Go to your local repair shop and ask them how many smartphones come in every month that just mysteriously stopped working, no power, nothing. Samsung has been plagued with this for years, I hold them responsible for a majority of data loss because they valued profit over anything the consumer valued like, quality, integrity, and support. The loss was the money you paid for the smartphone your memories if the data could not be recovered or you could not afford the recovery service.

Apple vs Consumer Rights?

My favorite is Apples contribution, I mean who could forget about that story that Bloomberg did back in 2016 which got almost no attention. The report says the Chinese military actually hacked iCloud with a tiny micro chip placed on the server motherboards, a hardware hack like that is the worst one, it cannot be removed, How do I know iCloud was compromised? Phonlab is the only school online that teaches unlocking, and Apple at the time had a check services website where consumers could check a serial or IMEI number which is connected to iCloud to verify if the device was reported lost or stolen, Our students used this website extensively, we had a class on it, So it was a surprise when it abruptly shut down and Apple never gave a reason why. At the time I thought ok Apple already has a problem. They were exposing every IMEI and serial number in their database to the public, I never paid much attention to the Bloomberg story until I read it 6 months ago, I almost fell out of my chair, the dates do not lie. I remember that day it was January 24, 2016. I remember the check services website went down, I called one of the other instructors Tom the owner of Phonlab and asked if he had heard anything, he said no and Apple made no statements on it either. I am probably the only person in the world outside of the Jordan Peterson report who can actually say with a fair degree of certainty that Apple was hacked, the dates match the story but that is not the worst part, It does not matter how many server boards you change, with this kind hack you have to shut down and start over, Its in every IPhone, every MAC, its not going anywhere. When I was a kid we had been taught to kind of go with the crowd as everybody used to say "if it’s a big company like T-Mobile or Apple they can be trusted" when in fact over the past several years we see more and more widespread corporate corruption against consumers. Then Apple slowed down their old iPhones, and that kicked off what I believe is the biggest consumer rights battle in history, They want to do away with the little guy, independent repair shops like yours or mine, I have testified before Hawaii's house and senate hearings for the right to repair bill which just got pushed back to 2022. Now i am like many of you, a pissed off business owner who watched corporate America liquidate a majority of the COVID-19 relief affectively killing small business.

Social and Unknown Hacks

We have a massive social media problem too and social media does not seem to care, I mean seriously if you think the congressional dog and pony show with Mark Zuckerberg and Tim Cook made you any safer then can you reply in the comments below on what solutions were implemented to date, and how it makes us safer. To makes things worse outside of social media or corporate hacks you have rogue hackers who could be anybody armed with attack files and instructions available all over the internet, The one that really disgusts me is the ex girlfriend or soon to be ex husband that brings in a smartphone for data recovery, it only takes a few key questions and I can tell you if that is their phone or the significant others or not. One topic that has surfaced the past few years is law enforcement using professional IMSI catchers without a warrant to invade anyone's privacy including violating numerous rights and some say it constitutes harassment or worse. So maybe your saying to yourself, well I know some of this but really what can we do. The solution below is the only thing I believe we can do. If we do not we will slowly watch things slip away, as they have for the past 10 years.

What is the solution

There is no easy answer here, how do we keep corporations, governments, or wireless carriers from getting as far as this one has. We are really our own worst enemies too, what is the old saying "absolute power corrupts, and corrupts absolutely" there is so much wrong with the current way of doing things. I do know this, I do not want any business, government, or corporation choosing what I should or should not have on my smartphone, I paid for the device, I get to decide what apps stay or go, To be devils advocate for some people it may even be a convenience, not choosing that is. Did we just default select our privacy to "who cares" maybe. I do know this it was Steve Jobs speech at Stanford that inspired me to go as far as I have, and I have connected the dots looking backward, I have a question and a suggestion for those looking forward? What is going to replace the smartphone, and my suggestion. Build this new device by designing the terms and conditions first, build a third ecosystem from the ground up, not iOS or Android, and give power back to the consumer, the people. We will never get a second chance. I connected the dots already, have you.