The Air Force Research Laboratory Develops The Ultimate Spyware
A company called SignalFrame has developed the ability to hack software found on as many as 5,000,000 cellphones. It can then find the location and identity of over 500 million surrounding devices. Its real world applications could enable digital intelligence efforts that blend classified and unclassified data using machine learning and artificial intelligence to determine who could access specific pieces of information.
SignalFrame originally developed the technology to operate on a commercial level, but has turned its focus more toward military capabilities when it hired a former military officer and began to attend “pitch day[s]” sponsored by technology incubator affiliated with U.S. Special Operations. That resulted in the Air Force’s research arm rewarding them with a $50,000 grant as part of a research and development program to explore whether the data has potential military applications (Air Force has option to provide additional funds should the technology prove useful).
The Air Force Research Laboratory is testing the tech that taps mobile phones in order to access hundreds of millions of computers, routers, fitness trackers, modern automobiles and other networked devices, known collectively as the “Internet of Things” to see if it can give them advantages.
SignalFrame’s product can turn civilian smartphones into listening device, a.k.a sniffers, that detect wireless signals from any device that happens to be nearby (company claims it can differetiate a Fitbit from a Tesla or a home-security device tracking the actual location those devices too.
Using the SignalFrame technology, “one device can walk into a bar and see all other devices in that place,” said a person at one of SignalFrame's pitches.
“The capturing and tracking of unique identifiers related to mobile devices, wearables, connected cars—basically anything that has a Bluetooth radio in it—is one of the most significant emerging privacy issues,” said Alan Butler, the interim executive director and general counsel of the Electronic Privacy Information Center, a group that advocates for stronger privacy protections.
“Increasingly these radios are embedded in many, many things we wear, use and buy,” Mr. Butler said, saying that consumers remain unaware that those devices are constantly broadcasting a fixed and unique identifier to any device in range.
Military interest in peripheral device tracking is part of a broader move by the military and other government agencies to use the data collection practices of the tech and advertising industries to derive intelligence and insights about global hot spots, targets of interest or even immigration and border enforcement.
Joel Reardon, a computer science professor at the University of Calgary that does not have intimate knowledge of SignalFrame's tech says data collection of this type only works on phones running the Android operating system (more than 70% of global market share) made by Alphabet Inc.’s. (Apple doesn’t allow third parties to get similar access on its iPhone line,).
This type of intrusion is not new for law enforcement and intelligence agencies who often use devices called “stingrays” that mimic commercial cellphone towers and collect data about all the cellphones in a given area. Additionally, the military uses sniffers in war zones for detection, security and intelligence missions.
“The intelligence community has a lot of contractors that have built devices to do this very same thing,” said someone aware of the abilities of the U.S. military. “We would literally just place them all over a city in Iraq or Afghanistan or wherever. But now these phones are so sophisticated, they’re basically computers.”
“We collect Bluetooth and [Wi-Fi] signals on Android devices to better understand indoor location when GPS-signal is weak. This technology is not new—it’s something a lot of publishers use,” X-Mode said in an emailed statement.
Mr. Reardon, of Calgary University, said his research found at least two apps called Cool Niks and a health-tracking app called “Sickweather” were transmitting information about nearby computers, Wi-Fi routers and other devices to servers associated with SignalFrame.