Main Page

From SaferMobile

View:SaferMobile Wiki in Arabic

Contents 1 Welcome 2 About SaferMobile 2.1 Contributors 3 SaferMobile.org content 3.1 Mobile Security Basics 3.2 Common Applications, Services, and Uses 3.3 Handset guides 3.4 Tactical Guides for Mobile Security 3.5 Tool Install Guides 3.6 Mobile Security Trends Important for Activists to Understand 3.7 Case Studies 4 Training Materials 5 Mobile Software 5.1 "InTheClear" 5.2 SMSTester: Mobile Network Test Utility 5.3 Existing Mobile Security Apps and Tools 6 Other Resources/References 6.1 Articles 6.2 Papers, Books, Blogs and Sites 6.3 Email Lists 6.4 Interesting Projects

Welcome

Welcome to the SaferMobile wiki. You'll find information here about work-in-progress like Apps that are not yet released for testing, and collections of resources.

Please visit our website at SaferMobile.org for our blog, mobile security guides, mobile app reviews, and training materials.

About SaferMobile

SaferMobile is a project of MobileActive.org.

SaferMobile helps activists, human rights defenders, and journalists understand the security risks of mobile technology and use mobile tech more securely for their work.

Why is this important? Activists, rights defenders, and journalists use mobile devices for reporting, organizing, mobilizing, and documenting. Mobile phones provide countless benefits — they are relatively low cost and allow for increased efficiencies and vast reach, for example — but they also present enormous risks to rights defenders and activists. Mobile communication is inherently insecure and exposes rights defenders and those working in sensitive environments to risks that are not easy to detect or overcome.

The goal of the SaferMobile Project is to assist activists, human rights defenders, and journalists assess the mobile communications risks that they face, and then use appropriate counter measure in order to organize, report, and work with mobile devices more safely.

We do this by providing:

• Online and offline educational and tactical resources (risk evaluation tools, case studies, how-to guides, security tool reviews);
  
• Trainings in a number of countries;
  
• Specific mobile security software focused on the needs of rights defenders, activists, and journalists.

Funding for SaferMobile is provided in part by the Bureau of Democracy, Rights, and Labor of the U.S. Department of State, Google Inc, and other private donors.

We welcome your comments to keep us on track. We’re particularly interested in suggestions and requests that you have for additional content topics and tools. You can contact us:

• On Twitter: @safermobile
  
• On Facebook: https://www.facebook.com/SaferMobile
  
• Via email: info@safermobile.org
  

Contributors

SaferMobile is a project of MobileActive.org. Other contributors to SaferMobile include:

• The Guardian Project, mobile development team working with SaferMobile to build InTheClear and SMSTester.
  

SaferMobile.org content

On our site, safermobile.org, you'll find security guides for:

Mobile Security Basics

Information about mobile technology and infrastructure that provide a foundation for understanding the risks of mobile communications.  These include resources like:

• Primer for Activists, Rights Defenders, and Journalists. A description of security vulnerabilities associated with mobile phone technology and specific uses of mobile devices; tactical advice on how to mitigate some of these risks.
• Mobile Security Risk Assessment. A guide to assessing mobile security needs and creating security policy in your work.

Common Applications, Services, and Uses

Guides to explain security vulnerabilities of services like Twitter, Facebook, HTTPS and Secure Mobile Browsing and with tips to helping you use them more safely. 

Handset guides

Directions and information for specific makes and models of handsets and operating systems.

Tactical Guides for Mobile Security

Guides to help you understand the risks you face in participating in specific tactics and actions and ways to stay safer as you do.  

Tool Install Guides

Step by step guides for installing and using security tools including screenshots and videos.

Mobile Security Trends Important for Activists to Understand

Blog posts about current events and topics in mobile security, some cross-posted from MobileActive.org.

• Who Cares Where I am Anyway? An Update on Mobile Location Tracking
• The Bug in your Pocket: Remote Listening Applications for Mobile Phones

Case Studies

• SMSTester - Monitoring SMS Delivery (and Keyword Filtering, possibly)
• SMSTester for Android: Project and Source Now Open
• Building Your Own GSM Network: A Demonstration of the Village Base Station Project
  

Training Materials

Training Materials available at SaferMobile.org/train.

The SaferMobile training modules include guides and resources for trainers including lesson content, hands-on exercises, and suggested outlines.  The training materials have two objectives:

1. To teach participants about the risks they face when communicating and storing sensitive data on their mobile phones.
2. To provide tools for participants to assess their risks, and to choose how to mitigate them.
   

Here are integral elements for a SaferMobile training:

1. What is Information Security?
   Understand the participants’ real and perceived risks; discuss and understand the security threats participants are most concerned about and most affected by. Introduce the idea that participants are experts in their work and their fields and already manage risks and take precautions to protect themselves. They also have a sense of what risks they would like to manage better. (2.1 What is information security for mobiles?)
2. Information sensitivity
   What sensitive information is stored on your phone or communicated via mobile? What might happen if it fell into the wrong hands? (2.2 Rating Information Sensitivity)
3. Mobile Security Risks
   Unless you take precautions, all your mobile communication is identifiable. (1.3 You on the mobile network)
   Different modes of communication have different security vulnerabilities. (2.2 Vulnerabilities)
4. Your risk depends on your operational environment. Risks can vary by country, sector, work, and tactics used. Risks can change quickly. (3.2 What’s your operational environment)
5. You can mitigate risks by changing your behaviour, switching to a more secure mode of mobile communication for sensitive information, or choosing not to communicate certain information via mobile. (4.2 Safer Mobile Basics: Tactics and Tools)
6. A risk assessment helps you to systematically evaluate your risks and choose appropriate mitigating action. To do one, you should:
   
   • Catalog the information you communicate via mobile, and rate its sensitivity. (Risk Assessment Preparation Worksheet: Rating Information Sensitivity worksheet (download: .pdf | .jpg))
   • Describe your operational environment and be aware of the specific threats it involves. (Risk Assessment Preparation Worksheet: Operational Environment)
   • Conduct a risk assessment and develop a mobile security policy for yourself, your organization, or a campaign you work on. (4.1 How to assess your risks, Exercise 8 Create a Mobile Security Policy, Risk Assessment Worksheet)
     

Mobile Software

SaferMobile is releasing simple, usable software tools that help normal users better protect themselves. We are developing these mobile software applications specifically in response to threats activists, rights defenders, and journalists in insecure environments face. Software developed by us and our partners is driven by an assessment of needs of activists in specific countries. We follow an agile software development methodology with user testing and rapid, iterative releases. All software projects developed by SaferMobile are free (gratis and libre) and open source.

"InTheClear"

InTheClear is a set of tools designed to fit the needs of anyone working in situations where there is a risk of confiscation of their phone and/or detention. Mobile devices serve as a valuable tool for organizing and communicating, but they can also be used against you by technically-savvy adversaries. Simple information on your phone such as call logs, sms logs, address books, and media can easily be extracted off your phone and used as incriminating evidence.

IntheClear allows you to automate emergency communications and erase personal information from your phone with a single click. Available for Symbian, BlackBerry and Android phones.

Learn more on the product page: InTheClear

SMSTester: Mobile Network Test Utility

SMSTester is a simple mobile application (currently for Android only) that allows a user to create a set of keywords to be sent as SMS messages. When installed on both ends of an SMS conversation, it enables the user to inspect specifics about SMS delivery on their network(s), including message latency, SMSC, lacid, etc. Our first field trial using SMSTester was completed in April 2011. Initial results, along with links to source data, are posted here. After patching a few initial usability bugs, we've publicly released the application code here. We would welcome other groups to comment and run SMSTester in a second controlled run of tests. Please contact us if you are interested.

Learn more on the project page: SMSTester

Existing Mobile Security Apps and Tools

Mobile Security Tools

Other Resources/References

Articles

• How to stay safer and more secure online http://www.google.com/security/
  Information about setting Passwords, using Security tools, and Gmail settings and protecting against Malware

• Your Apps are Watching You
  An excellent article in Wall Street Journal discussing the results of an investigation into smart phone app transmission of your private data and the lack of oversight given to users to control this. Includes a visualization of the study results.

Papers, Books, Blogs and Sites

• Roadmap for Privacy by Design in Mobile Communications: A practical tool for developers, service providers, and users, www.privacybydesign.ca, December 2010.
• Security and Usability, Lorrie Faith Cranor, Simson Garfinkel, August 2005. A compilation of 34 essays on the topic of computer systems that are secure and usable written by leading security and human-computer interaction (HCI) researchers on authentication, privacy and anonymity, secure systems, and commercialization.
• Schneier on Security A blog covering security and security technology written by Bruce Schneier, computer security expert. 
  
• Wireless Security - Cellular Networks Overview: 69 slide intensive overview by Jinyuan Sun, Professor, College of Engineering, University of Tennesse
• GSM for Dummies: Introduction to the Global System for Mobile Communictions (or Groupe Spécial Mobile) with excellent glossary and diagrams of network architecture

Email Lists

• Liberation Tech- The Program on Liberation Technology seeks to understand how information technology can be used to defend human rights, improve governance, empower the poor, promote economic development, and pursue a variety of other social goods.
• p2p Hackers - Theory and practice of decentralized computer networks
  

Interesting Projects

• App Genome https://www.mylookout.com/appgenome/. Feb 2011. Created by Lookout Mobile Security, the App Genome Project is the world’s largest mobile application dataset created to map the anatomy of mobile applications across multiple mobile platforms and app markets. To date, the project has analyzed more than 500,000 Android and iOS applications. The App Genome Project is an ongoing effort to provide insight into mobile market dynamics, gain insight into how mobile apps access personal data and sensitive capabilities on mobile devices, and identify security threats in the wild.

• http://www.avoidr.org/ Avoidr. "Keep your friends close and your enemies down the street. Avoidr uses Foursquare to check in where your not-friends are so you can avoid them."
  Wired Article about Avoidr, June 29, 2010. "White hat uses Foursquare privacy hole to capture 875k check-ins"

• Creepy a "geolocation information aggregator" that analyzes a user's tweets, Facebook posts, and Flickr stream, generating a map of where that person is, as well as the specific locations they frequent.
  http://www.huffingtonpost.com/2011/04/04/creepy-app-for-stalkers-social-networking_n_844791.html HuffPo Article about Creepy, April 4, 2011.

• http://www.opencellid.org/ OpenCellID;
  This project is an open source project, aiming to create a complete database of CellID worlwide, with their locations
  Project will provides free access to tools, data to not only create this database, but also retreive location informations.

• http://opensignalmaps.com/about.php OpenSignalMaps
  With your help, we're creating a comprehensive database of cell phone towers, cell phone signal strength readings, and Wi-Fi access points around the world. This data is collected via our Android application and uploaded to our servers, taking care to use as little processing power and battery life as possible.