Activists, rights defenders and journalists use mobile devices and communications for reporting, organizing, mobilizing and documenting. Mobile gadgets provide countless benefits -- relatively low cost, increased efficiencies, vast reach -- but they also present specific risks.
Mobile communication is inherently insecure and exposes you to risks that aren't easy to detect or overcome. SaferMobile is a project that aims to help people, including journalists and citizen reporters, assess and better protect themselves from mobile threats. The project launched with content and announced tools (currently in beta) in April, and development began in January. SaferMobile is a project of MobileActive.org.
Understand the risks
The first step toward better protection is to understand the vulnerabilities. While some risks may not apply to your work, the SaferMobile motto is: The more you know, the more you can make smart choices regarding your mobile communications.
Your mobile service is operated by your wireless network operator. But did you know that as it manages your communication, it's also able to record certain types of messages you send, as well as information about your communication activities and your device?
Monitoring or eavesdropping can also occur with text messages, calls and mobile Internet use. As a reporter, this is something to keep in mind if you need to protect anonymous sources or sensitive content. The contents of your text messages are visible in plain text and stored in network records. Text messages (and emails if sent unencrypted) with certain keywords can be blocked and the sender singled out.
In addition, mobile phones can easily be lost, stolen or taken from you. If your phone's address book stores your contacts, anyone with access to the device can see them. With many phones, an attacker can gain unauthorized access remotely if he or she installs an application on the device. To do this, an attacker might trick you into downloading a file from the Internet or opening an infected MMS, or simply take advantage of having temporary physical access to the device.
The SaferMobile project assesses many other risks you may or may not be aware of. You can read more about them here.
Better Protect Yourself
- As much as possible, avoid linking your identity to your phone number. Buy prepaid SIM cards; if at all possible avoid registering the SIM in your name. And buy a cheap, low-tech phone that you don't mind throwing out if necessary. More suggestions are in this guide.
- Take your battery out of your phone during and when traveling to and from group meetings to avoid cell phone triangulation and location tracking.
- Delete messages, photos/videos, and call records to deter an unsophisticated attacker, but remember that deleted data can sometimes be recovered from the phone. Don't use the phone contact list if you can keep numbers in a safe place without it. Don't store numbers and names together.
Check Back and Add your Comments
Check back often on the SaferMobile project. A unique SaferMobile site will be up this summer, and for now, updates and new content are posted on MobileActive.org and the SaferMobile wiki. We have more content coming down the line, including:
- online and offline educational and tactical resources (risk evaluation tools, case studies, how-to guides, security tool reviews);
- trainings and curricula;
- and specific mobile security software focused on the needs of rights defenders, activists and journalists.
SaferMobile welcomes your comments to keep us on track and stay relevant to your needs. We're particularly interested in suggestions for additional content topics and tools. SaferMobile Tweets at @safermobile. You can also contact us via email at firstname.lastname@example.org, or leave a comment below.