IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GCHQ can control your smartphone, Edward Snowden says

The US whistleblower said GCHQ can track the location, power management and conversations using 'Smurf' tools

"Privacy" written atop a circuit board

US whistleblower Edward Snowden has revealed that UK intelligence agency GCHQ has the tools to hack into and control phones without the owners being aware they are being tracked.

He explained that authorities can implement tools - called Dreamy Smurf, Nosey Smurf, Paranoid Smurf and Tracker Smurf - by sending a smartphone an encrypted text message.

"Dreamy Smurf is the power management tool which means turning your phone on and off without you knowing," Snowden said."Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on."

He explained that Tracker Smurf is a geo-location tool that could potentially allow GCHQ to follow smartphone users better than using standard cellular location towers.

Paranoid Smurf is a self-protection tool that can be used to stop you getting rid of the other tools on a device. If you spot something strange is going on with your device and take it to a phone shop to fix the problem, for example, Paranoid Smurf would hide the evidence so technicians wouldn't find anything wrong.

Snowden spoke to the BBC's Panorama programme from his base in Russia, where he ran away to after leaking other snooping allegations about the GCHQ and US's National Security Agency (NSA).

The NSA also have a similar set of tools to use in the fight against terrorism, Snowden said. The US security organisation reportedly spent $1bn on the tools to respond to terrorists' increased use of smartphones.

Although he did not specifically say the GCHQ and NSA wanted to partake in mass surveillance, they have both invested in software that would allow them to hack into devices in order to track what you're saying, what you're doing and where you are.

"They want to own your phone instead of you," he said.

The UK government commented: "All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

US gov issues fresh warning over Russian threat to critical infrastructure
cyber warfare

US gov issues fresh warning over Russian threat to critical infrastructure

12 Jan 2022
UK and US pledge to punish cyber criminals at annual meeting
cyber security

UK and US pledge to punish cyber criminals at annual meeting

19 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022