NSA whistleblower Edward Snowden has teamed up with hardware hacker Andrew “Bunnie” Huang to design an iPhone accessory that could help protect journalists working in dangerous parts of the world.
The problem is that, for all their convenience, smartphones are perfect tracking devices, and their cellular signals can be used by governments to determine the location of front-line journalists, political activists and human rights workers.
The risk is not hypothetical. In 2012, war correspondent Marie Colvin was killed by artillery fire by Syrian forces. Her family believes that she was tracked and deliberately targeted in order to silence her reporting on civillian casualties.
Although some at-risk individuals may know that risks exist, they may have been misled about the best way to protect themselves.
For instance, many journalists may assume that enabling airplane mode on their iPhone. But since iOS 8.2, GPS remains active regardless of airplane mode being enabled.
Furthermore, as Snowden and Huang explain in a newly-published blog post, you clearly cannot rely 100% on the messages your iPhone displays anyway as they could be circumvented or spoofed:
Airplane mode is a “soft switch” – the graphics on the screen have no essential correlation with the hardware state. Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface; trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.
For this reason, Snowden and Huang have designed what they call an “introspection engine” – a phone-mounted battery case that runs entirely separately from the smartphone, but can monitor the phone’s cellular, GPS, Wi-Fi and Bluetooth activity.
“The introspection engine has the capability to alert a reporter of a dangerous situation in real-time. The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on.”
The great thing about this approach from the security point of view is that it cannot be compromised by malware on the mobile device – anyone wishing to tamper with the device needs to gain physical access to it, rather than attempting to compromise it via the smartphone it is protecting.
Furthermore, any malware that infects the device to activate radios without your knowledge should result in an alert.
It’s early days for Snowden and Huang’s introspection engine, which at the moment is specific to Apple’s 4.7″ iPhone 6. It’s just a design, you can’t buy one yet if you’re a reporter planning to go to a dangerous warzone like Syria.
But the duo hope to build a real-world prototype over the next year, and no doubt if it there is enough interest we might see at-risk journalists and activists begin to use it.
Of course, it’s important to understand that having oversight on whether your smartphone is revealing your location is only half of the battle. You also need to consider whether your online activity – such as surfing, social networking and accessing your webmail – might also be providing meta data to those with an unhealthy interest in where you are in the world.