Your digital security, Any sufficiently paranoid person will remind you, it's only as good as your physical security. The most sensitive technology users in the world, such as dissidents, activists or journalists in repressive regimes, have to fear not only piracy and online surveillance, but also the reality that the police, intelligence agents or other intruders can break through in your home, office, or hotel room. They can manipulate their computers, steal them or physically stop them until they cough up passwords or other secrets.
To help combat that threat, one of the world's best known activists against digital surveillance has launched what it is intended to be. an economical, mobile and flexible version of a physical security system. On Friday, the Freedom of the Press Foundation and its president, the famous NSA infiltrator Edward Snowden, launched Haven, an application designed to transform any Android phone into a kind of multipurpose sensor to detect intrusions.
Designed to be installed on a cheap Android recorder, Haven uses cameras, microphones and even phone accelerometers to monitor any movement, sound or disturbance of the phone. Leave the application running in your hotel room, for example, and you can capture photos and audio of anyone entering the room while you are away, be it an innocent housekeeper or an intelligence agent trying to use your time alone with your laptop to install spyware on that. Then you can instantly send images and sound clips of the visitors to your main phone, alerting you about the disturbance. The application even uses the phone's light sensor to trigger an alert if the room goes off or an unexpected flashlight flashes.
"Imagine if you take a guard dog you can take it to any hotel room and leave it in your room when you're not there, and it's really smart, and witness everything that happens and create a record of it," he said. Snowden in an encrypted call with WIRED from Moscow, where he has lived in exile since 2013. "The real idea is to establish that you can trust the physical spaces that surround you."
Since becoming director of the Freedom of the Press Foundation in early 2016, Snowden has led a small team of programmers and technologists working on security tools. The projects so far range from software that only deciphers secrets if a group of collaborators combines their secret keys, to a hardware modification for the iPhone that is designed to detect if the malware on the device is secretly transmitting a user's data.
The problem of the "evil maid"
The notion of a smart phone-based alarm system arose when Micah Lee, a technologist on the news The Intercept and a board member of Freedom of the Press Foundation, suggested Snowden in early 2017. Lee hoped for a new approach to the perennial problem that the cybersecurity community calls the attack of the "evil maid": it is very difficult to prevent someone with physical access to your computer from piracy. .
Finally, Lee and the Snowden developer group at the Freedom of the Press Foundation partnered with the Guardian Project, a nonprofit security-focused project, to build and test a software solution to that problem. "We think, is there any way we can use a smartphone as a security device?" Says Nathan Freitas, director of the Guardian Project. "Take all surveillance technologies on smartphones and turn them to the head, to monitor everything that matters to you when you are not there"
& Imagine that if you had a watchdog you could take it with you to any room. hotel and leave it in your room when you are not there. & # 39;
In practice, Haven could protect its users from more than just computer hackers; could protect against everyone, from abusive spouses to authoritarian cops. In November, the groups partnered with the Colombian activist group Movilizatorio to carry out a trial with social justice activists, a group that has been the target of dozens of murders in the last year, in the tense negotiations between guerrilla groups and the government. from the country . The founder of Movilizatorio, Juliana Uribe Villegas, says that the application provided a key code that month, for a group of 60 testers, that government agents or criminals did not break into their homes to install surveillance equipment or, worse, to kidnap them or damage them physically.
"It is very significant for them to know that they have tools that they can use when the government is not protecting them," says Uribe Villegas. "It's great to think about cybersecurity, but in countries like ours, personal security is still our priority."
Of course, any device that takes pictures and records audio clips in your home or office and sends them over the Internet may sound more like an intolerable privacy violation than a security measure, especially for someone as sensitive to privacy as Snowden, who has not even brought a mobile phone since he became a fugitive from the US government. UU 2013.
But Haven takes some serious steps to prevent its surveillance mechanisms from turning against the owner of a telephone. It integrates the Signal encrypted messaging application, so that each alert, photo and audio clip that it sends to the user is encrypted from end to end. As another protection, users can also configure Haven to work with the Android Orbot application, which has an option to turn their phone into the so-called Tor Onion Service, essentially, a server in the dark network. That means you can remotely access the Haven phone event log from your desk or other phone, but only through Tor's almost impossible to track connection. In theory, that means no intruder can enter to access those audio snapshots and photos of their sensitive spaces.
"Now you can take this great aggregation of sensors available on any phone today: accelerometers, light sensors, cameras, microphones – and make it work for you and just you," says Snowden. He points out that despite his personal avoidance of carrying a smartphone, even he has used Haven in hotel rooms while traveling and at home, albeit with some additional precautions that he declined to detail.
In the initial WIRED testing of the Haven beta, the application successfully detected and alerted us to any attempt to approach a laptop on an office desk, reliably sending photos of possible evil maids on Signal. In any case, the application was too sensitive to saboteurs; picked up and alerted every missed office noise. The application's accelerometer detection was so fierce that even leaving the phone on top of a computer with a moving fan created hundreds of alerts. You can set thresholds for the audio, but it was difficult to choose a level that did not trigger false positives. Freitas says developers are still working to fine-tune those controls, but users may have to experiment.
Snowden recognizes that Haven can not stop an intruder bent on physically harming someone. But simply by detecting and recording their presence, you could make them think about the consequences of documenting that intrusion and giving victims a meaningful tool they had not had before. "If you're the secret police that makes people disappear, Haven changes the calculation of the risk you have to go through," says Snowden. "You have to worry that all possible cell phones are witnesses."