forked from Nothing2Hide/slides
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathen-workshop-mobile.html
209 lines (189 loc) · 7.98 KB
/
en-workshop-mobile.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
---
layout: slide
lang: EN
title: Smartphones
transition: slide
onhome: true
order: 4
categories: [Digital safety]
license: "CC BY 3.0"
permalink: /en/workshop-smartphones.html
---
<section>
<section data-markdown>
Application permissions
==================================
</section>
<section data-markdown>
There are 2 major application ecosystems today: **Android** and **Apple**.
1. iOS Apps store from APple is known for its controls and validations before public release.
2. Android Play store (Google) not so much
</section>
<section data-markdown>
Those applications which all contain malware have been downloaded more than **280 000** times on Google Play Store before they have been removed.
</section>
<section data-markdown>
Just like on a computer workstation, don't install any application on your smartphone. You must check the permissions of every application. For instance, is it ok for a flashlight application to access to your contacts?
</section>
<section data-markdown>
Depending on your Android version (6 and above), you will most often
need to look in:
> Settings \> Applications \> (sometimes Advanced Settings) \> [Apps Permissions](https://support.google.com/android/answer/9431959?hl=en)
</section>
<section data-markdown>
In order to check an application permissions on your Android, take a look at the [Exodus Privacy](https://exodus-privacy.eu.org/fr/page/what/) project.
</section>
</section>
<section>
<section data-markdown>
Spyphones
============
</section>
<section>
<h2>On standby</h2>
<ul>
<li class="fragment">You are uniquely identified on the GSM network with your SIM card's unique number (IMSI) and your phone's unique number(IMEI).</li>
<li class="fragment">Your phone regularly checks in with base stations by transmitting these two informations</li>
<li class="fragment">Your telephone operator has the technical ability to locate the network cell network cell you're in (from a few meters to several kilometres).</li>
</ul>
</section>
<section data-markdown>
Many software programs can turn your smartphone into a spy microphone. However, they must be installed installed on your phone. Most of the time, the attacker pust have a physical access to your phone.
</section>
<section data-markdown>
<aside class="notes">
For as little as $15 you can buy spyware on Alibaba. Here a chip found in the iphone of a Russian activist.
</aside>
</section>
<section data-markdown>
Off
------
The battery, plugged in, is always a source of power. With the
collaboration of the telephone operator, who can access the packets
packets sent to the SIM card (Application Protocol Data Unit), the
can theoretically be activated.
</section>
<section data-markdown>
Disassembled battery
-----------------
- Without battery, no power, no signals transmitted, no monitoring.
- Problem: few phones still have a removable battery.
</section>
</section>
<section>
<section data-markdown>
Communications
==============
</section>
<section data-markdown>
The GSM network
----------------
The GSM network's encryption algorithm has been compromised for years now. GSM calls and SMS communications are not secure.
</section>
<section>
<h2>4G / WiFI</h2>
<ul>
<li class="fragment"><a href="https://signal.org/">Signal</a> for <a href="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms">Android</a> and <a href="https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8">Iphone</a> </li>
<li class="fragment"><a href="https://wire.com/en/">Wire</a> for <a href="https://itunes.apple.com/app/wire/id930944768?mt=8">iOS</a> or <a href="https://play.google.com/store/apps/details?id=com.wire">Android</a></li>
<li class="fragment"><a href="https://briarproject.org/">Briar</a> is an encrypted peer-to-peer communication application using the Tor network. Only available on Android.</li>
<li class="fragment">Avoid <a href="https://www.whatsapp.com/">Whatsapp</a> for sensitive communications</li>
<li class="fragment"><strong class="highlight-red">Don't use Telegram</strong></li>
</ul>
</section>
</section>
<section>
<section data-markdown>
Local data
======================
</section>
<section data-markdown>
The basics
----------
- Lock your smartphone with a password
- Avoid using pattern (Android), fingerprints or facial recognition
</section>
<section data-markdown>
Android
-------
Data encryption is enabled by default since **Android 6.0** (end of 2015). Encryption is activated when the configuration wizzard asks you to choose a screen lock: pattern, PIN code or password.
*Facial recognition and fingerprint are not included in this process*.
</section>
<section data-markdown>
iPhone
------
Since **iOS 8**, data on Apple phones are encrypted by default when the phone is locked with a code or TouchID.
</section>
<section data-markdown>
### Bonus
On iOS you can configure automatic erasure after 10 unsuccessful unsuccessful unlock attempts.
</section>
<section>
<img src="/assets/i/ios-erasing.webp" alt="automatic erasure on iPhone" title="automatic erasure on iPhone" class="r-stretch" />
</section>
<section data-markdown>
Use a local safe
-------------------
Tella is application available on [Android](https://play.google.com/store/apps/details?id=org.hzontal.tella&hl) and [iOS](https://apps.apple.com/us/app/tella-document-protect/id1598152580) that lets you take photos and videos and store them encrypted, camouflage them, or even erase them in an in case of emergency.
</section>
<section>
<img src="/assets/i/tella-installation.gif" alt="Installation de Tella" title="Installation de Tella" class="r-stretch"" />
</section>
<section>
<img src="/assets/i/tella-video.gif" alt="Prise d'images, de vidéos ou de sons dans Tella" title="Prise d'images, de vidéos ou de sons dans Tella" class="r-stretch"" />
</section>
<section>
<img src="/assets/i/tella-import.gif" alt="Import de fichiers dans Tella" title="Import de fichiers dans Tella" height="600px" />
</section>
<section>
<img src="/assets/i/tella-camouflage-icon.gif" alt="Camoufler l'icône de Tella" title="Camoufler l'icône de Tella" class="r-stretch"" />
</section>
<section data-markdown>
Data everywhere
---------------
- In the internal phone memory
- On the SD card
- On the SIM card
- In the *Cloud* if you are an icloud or Google drive user
</section>
</section>
<section>
<section data-markdown>
Emergency plan
=================
In case your device got sized or stolen
</section>
<section>
<h2>Protect your accounts</h2>
<ul>
<li class="fragment">Make a a list of your sensitive accounts </li>
<li class="fragment"><strong>Change the passwords of these accounts</strong></li>
<li class="fragment">Use passphrases and enable dual authentication</li>
<li class="fragment">Don't forget to download backup codes</li>
</ul>
</section>
<section data-markdown>
## Erase your data: Android
- Go to the [devices](https://myaccount.google.com/device-activity) security section of your Google account
- Make it ring, locate it or erase remotely your data
</section>
<section data-markdown>
## Erase your data: iOS
Activate the Find app on your phone and go to [icloud.com/find](https://www.icloud.com/find)
- [Find a lost device](https://support.apple.com/fr-fr/HT210515#erasedevice)
- [Erase remotely your data](https://support.apple.com/fr-fr/HT210515#erasedevice)
</section>
</section>
<section>
<section data-markdown>
Another option
=====
</section>
<section data-background="{{site.url}}{{site.baseurl}}/assets/i/dumbphone.jpg">
<aside class="notes">Burner phone. Image from <a href="http://in30minutes.com">In 30 Minutes guides</a> licensed under CC 2.0</aside>
</section>
</section>
<section data-background="{{site.url}}{{site.baseurl}}/assets/i/questions-willsmith.gif" data-background-transition="zoom">
<h1>Questions?</h1>
</section>