Monitoring cell phones

At Instapundit, Michael J. Totten notes a horrible development: It seems you can "remotely install software onto a handset to activate the microphone even when the user is not making a call".

That's ugly news, if true (the source is the Guardian; nothing to do with their politics at all, but "technical" reporting tends to be surreally clueless even from relatively qualified journalists, much less yer liberal-artsy types). The question is, can you replace the firmware in your own phone with a modified version which won't let anybody else install anything, or which will notify you of an attempt and require your permission to let it happen? I'm guessing you can. I'm sure hoping you can. It's proverbially difficult (if not provably impossible) to make a device secure against the guy who's holding it in his hand; see DeCSS for a classic example.

I believe I'll dig around Google and see what turns up. I'm sure some Spock-eared knucklehead or another has ported Linux to any popular cellphone you can name.

What, you say we can just pass a law against it and that'll fix the problem? Yeah, you go do that.

UPDATE 8/11/2005: Note that hacking your cell phone may, now or at some time in the future, be illegal wherever you are. So this is just an intellectual exercise — which it probably would be anyway, considering how few people can usefully modify binary code.

UPDATE 8/12/2005: Then again, you could just yank the damn battery out when you want some guaranteed privacy. But that's too easy! In any case, this is weirder than traditional wire-tapping and bugging, but it's not a fundamentally New Thing.