Get up to date Tech &Security related news and books to become a Hacker

Breaking

Sunday, December 24, 2017

Edward Snowden made an app to protect your laptop

 




Photo courtesy Edward Snowden

Earlier this year, NSA whistleblower Edward Snowden met with Jacqueline Moudeina, the first female lawyer in Chad and a legendary human rights advocate who has worked tirelessly to bring former dictator Hissène Habré to justice. Habré was convicted of human rights abuses — ordering the killing of 40,000 people, sexual slavery, and rape — by a Senegalese jury in 2016. 

Snowden told Moudeina that he was working on an app that could turn a mobile device into a kind of motion sensor in order to notify you when your devices are being tampered with. The app could also tell you when someone had entered a room without you knowing, if someone had moved your things, or if someone had stormed into your friend’s house in the middle of the night. Snowden recounted that pivotal conversation in an interview with the Verge. “She got very serious and told me, ‘I need this. I need this now. There’s so many people around us who need this.’”

Haven, announced today, is an app that does just that. Installed on a cheap burner Android device, Haven sends notifications to your personal, main phone in the event that your laptop has been tampered with. If you leave your laptop at home or at an office or in a hotel room, you can place your Haven phone on top of the laptop, and when Haven detects motion, light, or movement — essentially, anything that might be someone messing with your stuff — it logs what happened. It takes photos, records sound, even takes down changes in light or acceleration, and then sends notifications to your main phone. None of this logging is stored in the cloud, and the notifications you receive on your main phone are end-to-end encrypted over Signal.






Snowden hasn’t carried a mobile device since 2013, but in the last couple of years, much of his time has been taken up by prying apart smartphones and poking away at their circuit boards with the aid of fine tweezers and a microscope. In 2016, he collaborated with hardware hacker Andrew “Bunnie” Huang on Introspection Engine, a phone case that monitors iPhone outputs, alerting you to when your device is sending signals through its antenna.
Snowden is notoriously careful about the technology around him. In the documentary Citizenfour, Snowden is shown taking increasingly extravagant precautions against surveillance, going as far as to drape a pillowcase (his “Magic Mantle of Power,” he says, deadpan) over himself and his computer when he types in a password. Famously, he also asked journalists to place their phones in the hotel fridge, to prevent transmission of any surreptitious recording through their microphones or cameras. 

Snowden at least has a pretty understandable reason to be paranoid — and while he doesn’t expect the rest of the world to adopt his somewhat inconvenient lifestyle, he’s been trying to use his uniquely heightened threat model to improve other people’s lives. “I haven’t carried a phone but I can increasingly use phones,” he said. Tinkering with technology to make it acceptable to his own standards gives him insight into how to provide privacy to others.




Edward Snowden holds a smartphone microphone with tweezers next to a USB drive for scale
Photo by Edward Snowden

“Did you know most mobile phones these days have three microphones?” he asked me. Later he rattled off a list of different kinds of sensors. It wasn’t just audio, motion, and light, an iPhone can also detect acceleration and barometric pressure. He had become intimately familiar with the insides of smartphones while working with Bunnie Huang, and the experience had left him wondering if the powerful capabilities of these increasingly ubiquitous devices could be used to protect, rather than invade, people’s privacy — sousveillance, rather than surveillance. 

It was Micah Lee, a security engineer who also writes at the Intercept, who had the first spark of insight. For years, developers with access to signing keys — particularly developers who deal with incredibly sensitive work like the Tor Project — have become fairly paranoid about keeping their laptops in sight at all times. This has much to do with what security researcher Joanna Rutkowska dubbed “the evil maid attack”. Even if you encrypt your hard drive, a malicious actor with physical access to your computer (say, a hotel housekeeper of dubious morals) can compromise your machine. Afterwards, it’s nearly impossible to tell that you’ve been hacked.




 
Screenshot courtesy of the Guardian Project

Snowden and Lee, who both sit on the board of the Freedom of the Press Foundation, partnered with the Guardian Project, a collective of app developers who focus on privacy and encrypted communications, to create Haven over the last year. Snowden credited Nathan Freitas, the director of the Guardian Project, for writing the bulk of the code. 

Though “evil maid” attacks are not a widespread concern — “we’re talking about people who can’t go into the pool without their laptops,” said Snowden, “that’s like nine people in the whole world” — Haven was conceptualized to benefit as many people as possible. Micah Lee points out in his article for The Intercept that victims of domestic abuse can also use Haven to see if their abuser is tampering with their devices. Snowden told me that they had thought very deliberately about intimate partner violence early on.

“You shouldn’t have to be saving the world to benefit from Haven,” said Snowden, but acknowledged that the people most likely to be using Haven were paranoid developers and human rights activists in the global south. Andy Greenberg describes in WIRED how the Guardian Project worked with the Colombian activist group Movilizatario to run a trial of the software earlier this year. Sixty testers from Movilizatario used Haven to safeguard their devices and to provide some kind of record if they should be kidnapped in the middle of the night.




Screenshot courtesy of the Guardian Project

It was this case scenario that sprung to the mind of Jacqueline Moudeina when she spoke with Snowden earlier this year. “In many places around the world, people are disappearing in the night,” he said. For those dissidents, Haven was reassurance that if government agents break into their home and take them away, at least someone would know they were taken. In those cases, Haven can be installed on primary phones, and the app is set to send notifications to a friend. 

I asked Snowden what it was like to collaborate on a software project while in exile in Russia. It wasn’t that bad, he said. Since he became stranded in Russia in 2013, technology has progressed to the point where it’s much easier to talk to people all over the world in secure ways. The creators of Haven were scattered all over the globe. “Exile is losing its teeth,” he told me. 

More than anything, Snowden is hoping that Haven — an open source project that anyone can examine, contribute to, or adapt for their own purposes — spins out into many different directions, addressing threat models of all kinds. There are so many different kinds of sensors in mobile phones that the possibilities were boundless. He wondered, for instance, if a barometer in a smartphone could possibly detect a door opening in a room. 

Threat models don’t have to involve authoritarian governments kidnapping and torturing activists. Lex Gill posted on Twitter that her partner had been testing Haven with a spare phone for a month, and she had begun to use it to send “helpful reminders.”



And when Nathan Freitas explained his most recent project to his young children, he discovered yet another use case. “We’re going to use it to catch Santa!” they told him excitedly.

No comments:

Post a Comment