twoprops.net

phone security

5 min read

I went to a protest today, and I was prompted to give some thought to phone security.

what is the risk?

Our phones are rather amazing devices. Mine has an incredible amount of personal information on it, plus access to much more.

it has

  • a comprehensive list of my contacts
  • a log of all my recent sent and received calls
  • my recent emails and text messages
  • my current and historical to-do lists
  • an encrypted list of all my accounts and passwords
  • my home address
  • my children’s contact information
  • all my photos

it has access to

  • all my emails
  • many of my personal notes and
  • my former patients’ demographic information (well, it did, I deleted all that before this adventure)
  • my bank and investment accounts
  • a record of all the driving I’ve done in my EV
  • my home energy management and security system
  • my neighborhood emergency mesh radio network

On top of that, there are documented cases of law enforcement installing spyware on devices that they hold for “forensic analysis,” so any device that’s been in an adversary’s hands should be forever considered suspect.

do I have something to hide?

I can’t think of anything offhand, except that if evildoers (who, by the way, usually consider themselves The Good Guys™) are trying to connect me with something bad, well, I’m only a few degrees of separation away from whomever they might consider the enemy. Worse, they can mine my social network for ways to connect my contacts — mostly friends — with Enemies o’ the State. I’d hate to aid in that mission.

I used to have a lot of secrets; as a practicing psychiatrist, I had to keep a lot of information very private. Fortunately, that’s no longer much of an issue.

if it’s risky, maybe just skip it?

When I’ve weighed the pros and cons, I think my civic duty to protest outweighs my concerns for my personal privacy. The equation will be different for others.

if it’s worth it, how can you limit the risk?

We have so much valuable and potentially sensitive information on our devices, it’s good to think about protecting it.

lock it down

Make sure you lock your device with a longer, more random passphrase. Modern device platforms use the passphrase to generate an encryption key, and can keep your content safe at rest if your passphrase is sufficiently complex. I’ve written whole chapters on what constitutes a good passphrase, but length matters.

turn it off

Once you’ve started and unlocked your device, it has decrypted the content. That makes it vulnerable, even if you “lock” your device. It needs to be off. Also, once a phone is started but locked, most can be unlocked by biometrics (fingerprint, face scan). I don’t think current case law is settled, but in general you can be forced to do a biometric unlock. Divulging a password is considered testimonial, and you’re (probably) protected from having to do so by your constitutional rights if you’re in the US. Of course…

xkcd cartoon of someone decrypting a laptop by threatening to beat the owner with a wrench

I resisted biometrics for a long time, but I currently use fingerprint unlock because it lets me use a ridiculously long unlock passphrase. I’m also using an OS (GrapheneOS) that requires both a fingerprint and a PIN (distinct from the passphrase) to unlock.

Still, I turned my phone off before I left home, and left it off until I returned. Just having the phone turned on means that law enforcement can demand your location information from cellular phone providers even if you don’t use your device. They can use a geofence warrant and get a list of every mobile phone within range of one or more cellular towers. Yes, you can actually become a criminal suspect just by being near the wrong place at the wrong time.

use a privacy-respecting platform

If you’re using an iPhone (iOS), enable Lockdown Mode if you’re going to a protest.

I use GrapheneOS which has similar, probably superior features.

I scrupulously avoid installing apps that I don’t really need that might leak or steal information.

leave it at home

Possibly a better idea would have just been to leave the phone at home. That way there’s no suspicious hole in your location data, and no amount of sophisticated hacking can get your information unless they physically steal your phone out of your house. At that point, you probably have bigger issues to worry about.

I didn’t want to leave the phone at home because I was worried about emergencies (car trouble, accident, medical emergency…) that might require that I have a phone.

But what I should have done is…

use an emergency phone

I have several phones around here. They’re old, and I’ve replaced them, but I keep them around for testing software I’m writing and to have sandboxes for testing potentially dodgy programs (I used to be a security researcher and those habits die hard). I could easily wipe one of all my personal info and take it with with no SIM card so it isn’t connected to me. You can still make 9-1-1 calls without a SIM. And I’d have a way to take some notes or pictures and check the time. If you haven’t kept your old phones, used older phones are available for cheap.

A lot of people call this a “burner phone,” but that phrase means something different in the industry. Though I suppose there’s nothing stopping you from burning it when you’re done, except perhaps some safety and environmental concerns.

what’s it like?

It’s healthy to remind myself of how often I use the phone for distraction. It was annoying to not have a timepiece or a camera, but I found that most of the time I was reaching for the phone it was just to have something to read. Fortunately, we had a couple of copies of Scientific American in the truck. I might have wanted a camera had any untoward incidents occurred. Fortunately, none did.

—2p

← previous||random||next →

Backlinks