https://files.gendo.ch/Books/InfoSec_for_Journalists_V1.1.pdf
by Silkie Carlo and Arjen Kamphuis
Chapter 7: Phones & Voice/Video Calls Over
Internet
Mobile security
Many of us find our smart phones to be of great importance and
value in our everyday lives and work. The benefits of being
constantly connected to our email accounts, web browsers, social
media, calendars, and also having easy access to a high quality
camera and voice recorder, do indeed make them valuable tools.
However, they are not feasibly securable tools.
The only serious solution for information security with mobile
phones is to use burner phones, with diligence and caution.
Phone risks:
Automatic logging of your current/past locations
Automatic collection of metadata, i.e. the phone number and
location of every caller; unique serial numbers of phones
involved; time and duration of call; telephone calling card
numbers
Theft and loss of data
Remotely accessing data when phone connects to public Wi-Fi
Remotely accessing all data at any point the phone is on
Phone/voicemail tapping, intercepting, or recording
Covert remote automation of microphone to record audio
Covert remote automation of camera to capture images
Dragnet phone surveillance
All phones leak an enormous amount of information about us to
intelligence agencies, and we know from the Snowden revelations
that programs collecting the full audio of every single call within a
nation are, at the very least, already in place and being trialled in
some countries. This type of surveillance is extremely dangerous for
democracy, let alone journalism, and may permit the most invasive
‘retroactive’ investigation of individuals who become of interest to
intelligence agencies at some point in the future.
Therefore, it is worth using any phone with this in mind, whether
you, your sources or colleagues may be targets of intelligence
agencies now, or years in the future. They are not secure
communication devices, so consider carefully how you want to use
them.
Targeted phone surveillance
I
nformation Security for Journalists – November 2014: Version 1.1 – page
80
Low risk
At a low risk level, the threat is mainly physical – someone gaining
access to the handset. If this happens, even a fairly unsophisticated
hacker/the police can crack your password (if you use a password
lock) so this only provides minimal protection. If you are at a low risk
level, be sure to back up your data and stream or send any video or
audio being recorded on the device to a secure storage cloud as
soon as possible.
You can also use applications to track your device, should it be
stolen. For iPhone, for instance, Apple offer a free app called ‘Find
my iPhone’ which tells you the current location of your phone.
Another free anti-theft app is ‘Prey’ which, once you report the
phone as stolen, will record not only the current location of the
phone, but any other locations of the phone registered since you
reported it stolen.
Medium risk
At a medium risk level, you may encounter an adversary trying to
gain access to your data, not just physically, but remotely. When
you connect a phone to a public Wi-Fi connection, for example, a
fairly unsophisticated hacker can intercept lots of information about
you and connected accounts such as email and social media.
Therefore, at a medium risk level, you may already be thinking
about avoiding a smart phone as a work tool, or at least guarding it
closely, closing applications after use, turning off Wi-Fi in public, and
using flight mode when you don’t need to be connected.
A note about smart phones: the vulnerabilities of smart
phones are numerous, with some existing in the hardware,
and they are not fixable. You can use open source software on
smart phones, and even applications for encrypted chat.
However, as we discovered in ‘Protecting the System’, when
hardware is vulnerable, the software cannot provide you with
real security. Therefore, we will not discuss such apps for the
purpose of this guide.
As the recent phone hacking scandal in the UK demonstrated,
unsophisticated hackers working for unethical journalists were able
to listen in on people’s voicemail. Private investigators often also
have the ability to ‘phone tap’ (i.e. eavesdrop) not only voicemail
but general phone calls made and received by a number. Therefore,
you should think before you discuss anything sensitive on your
(mobile or indeed landline) phone.
High risk
At a high risk level, a phone basically
is
your adversary. At the very
least, it locks your location and all associated metadata with the
device is in the hands of a Five Eyes intelligence agency. At worst, it
can be used to covertly collect the content of all of your phone calls,
let alone all other data on the phone, and can covertly automate
your microphone and camera to record audio and images (if it has a
camera) too. This type of phone surveillance is very easy and
basically comes at zero-cost to Five Eyes intelligence agencies, so
you may not necessarily be an important target for them to justify
this type of privacy invasion.
The only serious secure way of using phone communications is to
use burner phones.
Ideally, your burner phone and regular phone will never both be
emitting signals, since (if you are a target), your regular phone may
pick up on the signal of the burner phone, making that a target too.
Before you use a burner, make sure the phone usually associated
with you (e.g. your smart phone) is not emitting signals. Switching
the phone to flight mode, removing the battery (don’t bother trying
to do this to the iPhone), and turning it off is good but is not enough.
Do all of these things and then put it in a Faraday cage – popular
solutions are biscuit tins, some fridges, or even a stainless steel
cocktail shaker! The phone has to be completely sealed in metal
(check it is working by trying to call the phone). It is a good idea to
find and carry a small tin around with you to put your phone in, and
in an important meeting, make sure all attending have done the
same (a larger biscuit tin works well here).
A burner phone is a cheap, cash-bought, throwaway, low-tech
phone, with a prepaid SIM card not registered to you, to be used
only for specific purposes. It can be hard, in some countries, to buy
a SIM card without registering it with your personal details.
Therefore, buying second-hand, or having a contact that can obtain
such SIM cards, is ideal.
After some use of the phone, the phone may become associated
with you and attract surveillance, at which point you should destroy
it and use a new one. Changing the SIM card is not enough – each
phone handset also has an IMEI (International Mobile Equipment
Identity) number that identifies the phone. If the SIM has been
identified as being yours, the IMEI will be too – so you will need to
destroy the phone.
Due to intelligence agencies rolling out full audio recording of all
phone calls, let alone the ease with which they can record a target’s
I
nformation Security for Journalists – November 2014: Version 1.1 – page
82
phone calls, you should avoid sharing particularly sensitive
information - even on a burner phone.