Smartphone Surveillance And Tracking Techniques

Understanding Threats, Indices & Protection

The following article series is a fusion of substantive summary and selective compilation of various public domain write-ups on smartphone privacy/ security. All the references are denoted at the end of the article.
“The ‘Enlightenment’, which discovered the liberties, also invented the disciplines.”

― Michel Foucault, Discipline and Punish: The Birth of the Prison

HOW CAN A SMARTPHONE BE SPIED ON?

Smartphones are playing an increasingly central role in our lives. They are ubiquitous, as we carry them nearly everywhere, and entrust them with sensitive and sometimes deeply personal information. We use them to carry out day-to-day tasks from communicating with friends and socializing on social media apps to tracking our health and taking care of our finances on banking apps.

But it is also a device with a camera and a microphone that you have next to you at all times. Unfortunately, mobile phones were not designed for privacy and security. Turning this hardware into a surveillance tool is much easier and effective than you think. Not only do they do a poor job of protecting your communications, they also expose you to new kinds of surveillance risks.

Surveillance is always an enactment of power in the sense that it is an imparting technique in practices of governance. It is an influence external to the individual, which seeks to control and discipline, entailing a risk of exploitation and privacy invasions.

Here, in this first part, we will describe all the ways that smartphones can aid surveillance and undermine their users’ privacy. So, prepare yourself for a long read, as we attempt to go over each and every aspect of smartphone privacy!

1. Mobile Signal Tracking — Cell Tower

How it works

Any mobile network operator can calculate where a particular subscriber’s phone is located whenever the phone is powered on and registered with the network. The ability to do this is called triangulation.

One way the operator can do this is to monitor the signal strength that different towers observe from a particular mobile phone, and then calculate where that phone must be located in order to account for these observations. The accuracy with which the operator can figure out a subscriber’s location varies, depending on many factors including the technology the operator uses (2G/3G/LTE) and cell tower numbers in the vicinity. Very often, it is accurate to about the level of a local area, but in urban areas where mobile traffic and density of antenna towers is sufficiently high, it may achieve a precision down to 50 meters.

Normally only the mobile operator itself can perform this kind of tracking, a government could force the operator to turn over location data about a user (in real-time or as a matter of historical record).

Another related kind of government request is called a tower dump; in this case, a government asks a mobile operator for a list of all of the mobile devices that were present in a certain area at a certain time. This could be used to investigate a crime, or to find out who was present at a particular protest. (Reportedly, the Ukrainian government used a tower dump for this purpose in 2014, to make a list of all of the people whose mobile phones were present at an anti-government protest.)

Preventative Measures

There is no way to “hide” from this kind of tracking as long as your mobile phone is powered on and transmitting signals to an operator’s network. The best way not to get detected? Don’t connect it to the network or to any other computer, a practice known as air-gapping. In a world where practically every machine connects to the internet, this is not easy.

However, for ultra-sensitive files and tasks — like storing Bitcoins or working with confidential blueprints — the inconvenience of working entirely offline can be justified, despite all the trouble. For these situations, the highly cautious rely on Faraday cages or bags. These are essentially metal-lined phone cases that block all radio frequencies. No signal can go in or out. These are easily available on Amazon for relatively cheap.

However, while the cage or bag might block your phone from revealing its location, it doesn’t really prevent it from spying audio if it is already been hacked with its “spying powers” switched on — before it got air-gapped.

2. Mobile Signal Tracking — Cell Site Simulator

How it works

A government can also collect location data directly, such as with a cell site simulator (a portable fake cell phone tower that pretends to be a real one, in order to “catch” particular users’ mobile phones and detect their physical presence and/or spy on their communications, also sometimes called an IMSI Catcher or Stingray). IMSI refers to the International Mobile Subscriber Identity number that identifies a particular subscriber’s SIM card, though an IMSI catcher may target a device using other properties of the device as well. The IMSI catcher needs to be taken to a particular location in order to find or monitor devices at that location.

Stingray — How Agencies Are Listening To Your Calls

Preventative Measures

Currently there is no reliable defence against all IMSI catchers. (Some apps, e.g. SnoopSnitch for rooted Android, claim to detect their presence, but this detection is imperfect.) On devices that permit it, it could be helpful to disable 2G support (so that the device can connect only to 3G and 4G networks) and to disable roaming if you don’t expect to be traveling outside of your home carrier’s service area. These measures can provide some protection against certain kinds of IMSI catchers.

3. Wi-Fi and Bluetooth Tracking

How it works

Modern smartphones have other radio transmitters in addition to the mobile network interface, including Wi-Fi and Bluetooth support. These signals are transmitted with less power than a mobile signal and can normally be received only within a short range (such as within the same room or the same building), although sometimes using a sophisticated antenna allows these signals to be detected from unexpectedly long distances; in a demonstration, an expert hacker in Venezuela received a Wi-Fi signal at a distance of 279 km, under rural conditions with little radio interference.

Both of these kinds of wireless signals include a unique serial number for the device, called a MAC address, which can be seen by anybody who can receive the signal. The device manufacturer chooses this address at the time the device is created, and it cannot be changed using the software that comes with current smartphones. Using this, the MAC address can be observed in wireless signals even if a device is not actively connected to a particular wireless network, or even if it is not actively transmitting data. Whenever Wi-Fi is turned on, the smartphone will transmit occasional signals that include the MAC address and thus let others nearby recognize that — that particular device is present. This has been used for commercial tracking applications, for instance, letting shopkeepers determine statistics about how often particular customers visit and how long they spend in the shop.

In comparison to cell-tower monitoring, these forms of tracking are not necessarily as useful for government surveillance. This is because they work best at short distances and require prior knowledge or observation to determine what MAC address is built into a particular person’s device. However, these forms of tracking can be a highly accurate way to tell when a person enters and leaves a building. Turning off Wi-Fi and Bluetooth on a smartphone can prevent this type of tracking, although this can be inconvenient for users who want to use these technologies frequently.

Wi-Fi network operators can also see the MAC address of every device that joins their network, which means that they can recognize particular devices over time and tell whether you are the same person who joined the network in the past (even if you don’t type your name or e-mail address anywhere or sign in to any services).

Preventative Measures

Know Your Network: Before you connect, be sure you know whose network you are connecting to so you don’t fall prey to Wi-Fi honeypots. If you are not sure what the public network at a business is called, ask an employee before connecting. And check to make sure your computer or smartphone is not set up to automatically connect to unknown Wi-Fi networks — or set it to ask you before connecting.

Keep Your Connection Secure: Make sure to connect to websites via HTTPS, which encrypts anything you send and receive from the website. To verify if you are connected via HTTPS, look at the address bar of your browser window; you should see “HTTPS” at the beginning of the web address (or, on some web browsers, a lock icon). Looking for HTTPS isn’t enough, though. Hackers have been able to acquire legitimate SSL certificates for sites with names that are slightly off from those of major financial institutions and also bear the HTTPS at the front of the URL. Site names include banskfindia.com, pay-tm.com and itunes-security.net.

It is always better to type the URL in yourself versus clicking on a link you receive in a message.

Use a VPN: If you use a VPN service, anyone trying to snoop will see only encrypted data, even if you are connecting to some non-secure sites using HTTP. There are many applications that can do this. We recommend VyperVPN and CyberGhost for both android and iOS. VPN services charge a fee for their use, with pay packages ranging from day passes to year-round protection.

MAC Address Randomisation: Certain smartphones and laptops with latest Windows 10 have a function called “Random Hardware Access” under the Wi-Fi settings. This feature randomly changes the MAC address reported by the phone, making tracking a lot harder, if not impossible. Also, on rooted android devices, it is physically possible to change the MAC address so that other people can’t recognize your Wi-Fi as easily over time. On these devices, with the right software and configuration, it would be possible to choose a new and different MAC address every day. On iOS this is not possible.

Deactivate AirDrop: AirDrop is a wireless file sharing protocol that allows iPhone users a simple way to share photos and other files. When activated, it broadcasts an iPhone’s availability to other nearby iOS devices. That makes it simple for those other iOS devices to request permission to send files. While convenient, AirDrop is a protocol that has been hacked in the past. Therefore, set the preferences for this protocol to “Receiving Off”, unless required.

For iOS 11 and later: Go to Settings > General > AirDrop.
For iOS 10 and earlier: Swipe up from the bottom of your iOS device to find a shortcut to AirDrop in your Control Center.

4. Information Leaks From Apps and Web Browsing

Location Leaks —

How it works

Modern smartphones provide ways for the phone to determine its own location, often using GPS and sometimes using other services like IP location and cell tower location. Apps can ask the phone for this location information and use it to provide services that are based on location, such as maps, cab and food delivery apps that show you your position on the map.

Some of these apps will then transmit your location over the network to a service provider, which, in turn, provides a way for other people to track you. (The app developers might not have been motivated by the desire to track users, but they might still end up with the ability to do that, and they might end up revealing location information about their users to governments or hackers.)

By measuring the recurrence of your mobile phone pings passing cell towers, advertisers can conclude if you are a daily commuter. If the pings occur contiguously, it means that you are moving at a great rate of speed, with infrequent interruptions — also known as a train. Using this data they can show you advertisements for items that daily commuters would be interested in buying, like headphones, travel bags, etc.

Search for a product on your phone and then physically walk into a store. Do that, in that order, and chances are Google or some other e-commerce app used your phone’s GPS data to connect your ad click and your in-store purchase.

Location tracking is not only about finding where someone is right now. It can also be about answering questions about people’s historical activities, their beliefs, participation in events, and personal relationships. For example, location tracking could be used to try to find out whether certain people are in a romantic relationship, to find out who attended a particular meeting or who was at a particular protest, or to try and identify a journalist’s confidential source. As smartphones have become ubiquitous and technology more accurate, an industry of snooping on people’s daily habits has spread and grown more intrusive.

Preventative Measures

The apps most popular among data companies are those that offer services keyed to people’s whereabouts — including weather, transit, travel, shopping deals and dating — because users are more likely to enable location services on them.

Scrutinize app permissions while installing apps. A good privacy practice is to restrict all the apps with a bare minimum access to the personal information. The more permissions requested, the great potential of data sent insecurely to adversaries.

Stop location tracking on iOS:

Open Settings > Privacy > Location Services > You will see a list of apps, along with the location setting for each. Tap on apps you want to adjust. Selecting “Never” blocks tracking by that app.

(The option “While Using the App” ensures that the app gets location only while in use. Choosing “Always,” allows the app to get location data even when not in use.)

Stop location tracking on Android:

Open Settings > Security & location > Location > App-level permissions > To turn off location for an app, slide the toggle to the left.

These instructions are for recent Android phones; Google provides more instructions here.

Unlike iPhones, Android phones don’t allow you to restrict an app’s access to your location to just the moments when you are using it. Any app on Android that has your permission to track your location can receive the data even when you are not using it.

Search Engine Marketing —

How it works

Every internet search contains keywords, and the keywords you just entered into Google or Safari like search engines are fought over by advertisers. Each advertiser who offers a product related to your keywords wants its ad to be seen and clicked. Then, like cartoon toys scrambling to get back in the right order before their owner throws on the light, the ads finalize their positions before your customized results page loads on your screen.

Generally, your first four search results — what you see before having to scroll down — are all paid advertisements.

If you didn’t know this, you are not alone. More than 50 percent of people between the ages of 18–34 can’t differentiate between an ad and an organic result on Google. For those over 35, that percentage grows proportionally higher. To maximize this percentage, Google is always testing to find ad visuals that blend in best with organic results. Once you click on an ad, your information passes through to search engine marketers, where it is forever stored in an AdWords account, never to be erased.

Here is a complete checklist of everything Google knows about you — thereby all the ways you are tracked — as of December 2018:

* Your age
* Your income
* Your gender
* Your parental status
* Your relationship status
* Your browsing history (long-term and short-term)
* Your device (phone, tablet, desktop, TV)
* Your physical location
* The age of your child (toddler, infant, etc.)
* How well you did in high school
* The degree you hold
* The time (of day) of your Google usage
* The language you speak
* Whether you have just had a major life event
* Your home ownership status
* Your mobile carrier
* The exact words you enter into Google search
* The context and topics of the websites you visit
* The products you buy
* The products you have almost bought
* Your Wi-Fi type
* Your proximity to a cell tower
* Your app installation history
* The amount of time you spend on certain apps
* Your operating system
* The contents of your email
* The time you spend on certain websites
* Whether you are moving (e.g., into a new home)
* Whether you are moving (e.g., walking or on a train)

For as long as you have been using Google, Google has been building a “citizen profile” on you. This profile contains:

* Your voice search history
* Every Google search you have ever made
* Every ad you have ever seen or clicked on
* Every place you have been in the last year
* Every image you have ever saved
* Every Email you have ever sent

In 2019, we will verge on understanding the ultimate marketing technology: Cross-Device attribution. Using this technology, ads will follow individuals seamlessly — not only across channels (e.g., social, organic, and email) but across devices (e.g., from mobile to tablet to laptop to TV to desktop).

Depending on your brand loyalty, for example, your TV will emit a hyper-frequency during certain commercials. Undetectable by your obsolete human ear, this signal can only be picked up by a nearby cell phone. If a Nike commercial plays on your TV, and then you pick up your phone and Google “Nike shoes,” your conversion path has been linked from TV to phone.

Developers of various applications and services, a vast majority of them free, invest a lot of time and effort into developing, running, and maintaining them.

So, how are the people who create and maintain these apps making money?

The answer is simple: in-app advertising and user-tracking data collection. To display ads inside an app, you need to know the different types of audiences who use your app and be able to distinguish between them by collecting information about them when they use your app, know the businesses who are interested in advertising their services to the different user demographics, and be able to match the right ads with the right audiences.

While this is certainly possible, it is especially difficult to manage for small-time app developers who will have to do this while also staying on top of maintaining their apps, developing new features, and various other developer-related tasks.

To make this easier, developers use third-party trackers who know other businesses interested in mobile advertising and mediate between them and the app developers who want to monetize their apps through ads. Developers embed pieces of software developed by these services inside their apps which allows them to collect information about the users and use it to display targeted advertisements.

Third-party trackers inherit the set of application permissions requested by the host app, allowing them access to a wealth of valuable user data, often beyond what they need to provide the expected service. These trackers collected personal data like Android IDs, phone numbers, device fingerprints, and MAC addresses.

The idea of data collection for in-app advertising is a controversial one. App creators need to make money. After all, we are getting free utility from their apps and services. App stores do not require developers to disclose their use of third-party advertising and tracking services, and users are in the dark about their presence in their apps. As such, apps do not tell us which of these services they use, and their privacy policy statements are often vague about use of such services. This lack of transparency is not helped by the fact that they regularly end up in the news for sharing or selling large amounts of mobile tracking data.

Governments have also become interested in analysing data about many users’ phones in order to find certain patterns automatically. These patterns could allow a government analyst to find cases in which people used their phones in an unusual way, such as taking particular privacy precautions.

A few examples of things that a government might try to figure out from data analysis: determining whether people know each other; detecting when one person uses multiple phones or switches phones; detecting when groups of people are traveling together or regularly meeting one another; detecting when groups of people use their phones in unusual or suspicious ways.

Preventative Measures

The Haystack Project, a collaboration at the International Computer Science Institute (ICSI) at the University of California, Berkeley, among multiple academic institutions, has developed an Android app, called Lumen, that captures data right at the source. (It is not yet available for iOS.)

Lumen helps users identify these third-party services in their apps by monitoring network activities of the apps that are running on your phone. It also tells you what kind of data is collected by them and organization is collecting the data. Lumen brings the much-needed transparency into the equation and having this information is half the battle, but users need to have some sort of control over this behaviour. Lumen also gives them the option to block those flows. This feature gives the users granular control over the network communications of their apps and helps them prevent unwanted tracking by third-party services.

Blokada is another such tool for Android devices that efficiently blocks ads and trackers. It is also free and an open source project.

Concerned about your Google data? You better be! Later into this article series we have provided a step by step guide to manage your Google account’s privacy and security settings.

5. Spying on Mobile Communications

How it works

Downgrade Attack: This is a form of cryptographic attack on an electronic system or communications protocol that makes it abandon a high-quality mode of encrypted connection in favour of an older, lower-quality mode of encrypted connection that is typically provided for backward compatibility with older systems. An example of such a flaw is SS7 hack.

Signalling System 7 (SS7) is a Signalling protocols technology used in telecommunication implemented across most of the world’s Public Switched Telephone Network (PSTN). An SS7 attack is an exploit that takes advantage of a weakness in the design of SS7 (Signalling System 7) to enable data theft, eavesdropping, text interception and location tracking.

The mobile operators themselves have the ability to intercept and record all of the data about visited websites, who called or sent SMS to whom, when, and what they said. DNS services are the phone books of the Internet, providing the actual Internet Protocol (IP) network address associated with websites’ and other Internet services’ host and domain names. They turn ril.com into 116.50.79.208, for example. Your Internet provider offers up DNS as part of your service, but your provider could also log your DNS traffic — in essence, recording your entire browsing history.

This information might be available to local or foreign governments through official or informal arrangements. In some cases, foreign governments have also hacked mobile operators’ systems in order to get secret access to users’ data. Also, IMSI catchers (described above) can be used by someone physically nearby you to intercept communication packets.

Encryption technologies have been added to mobile communications standards to try to prevent eavesdropping. But many of these technologies have been poorly designed or unevenly deployed, so they might be available on one carrier but not another, or in one country but not another.

Preventative Measures

Hackers perform communication-based attacks (SS7 attack) on the network company hence the user itself cannot stop the attack. But there are some points to keep in mind in order to minimize the effect of this attack.

  • Choose your network provider wisely. 4G LTE (Diameter Telephony Protocol) is, to some extent, better than 2G and 3G networks using the flawed SS7 protocol.
  • Use encrypted message services for confidential communication.
The safest practice is to assume that traditional calls and SMS text messages have not been secured against eavesdropping or recording.

Even though the technical details vary significantly from place to place and system to system, the technical protections are often weak and can be bypassed.

The situation can be different when you are using secure communications apps to communicate (whether by voice or text), because these apps can apply encryption to protect your communications. This encryption can be stronger and can provide more meaningful protections. The level of protection that you get from using secure communications apps to communicate depends significantly on which apps you use and how they work. One important question is whether a communications app uses end-to-end encryption to protect your communications and whether there is any way for the app developer to undo or bypass the encryption.

6. Infecting Phones with Spyware

How it works

Phones can get spywares, viruses and other kinds of malware (malicious software), either because the user was tricked into installing malicious software, or because someone was able to hack into the device using a security flaw (zero day) in the existing device software. As with other kinds of computing device, the malicious software can then spy on the device’s user. These sneaky apps can be used by loved ones, family members, suspicious employer or even by law enforcement agencies.

Sophisticated malware infiltration typically begins with Phishing, by sending a link sent to the target’s phone. It can be sent as a tweet, a taunting text message or an innocent looking email — any electronic message to convince the user to open the link. Once they do, the phone’s web browser connects to one of malware’s many anonymous servers across the globe.

From there, the malware automatically determines the type of device, then installs the particular exploit remotely and surreptitiously.

Unlike desktop users, mobile users cannot see the entire URL of a site they are visiting. This paves the way for digital crooks to use phishing attacks against unknowing users.

Phishers often prey on the natural fears of targets in order to get them to act quickly, and without caution. These phishing messages will urge you to hurriedly sign into your account or confirm details without checking the source — and just like that, the scammer now has what they need to steal your money.

Another trend is that a number of phishing sites are utilizing HTTPS verification to conceal their deceitful nature. Users perceive HTTPS sites to be secure, so they are less likely to suspect a ‘phish’. Realizing this, hackers use sites like letsencrypt.org to gain SSL certification for their insecure phishing sites. Messaging apps like WhatsApp and social media (Facebook, Line, Viber etc.) are also fast becoming the most popular delivery method for mobile phishing attacks.

According to Wandera’s mobile phishing report, the average iOS user has 14 different accounts on their work phone, typically including services such as Amazon, Paypal, and Airbnb. On Android, the number jumps to 20 unique apps. And both messaging and social media apps increased in popularity as an attack vector by more than 100% in 2017, with no sign of that growth slowing in 2018.

Also, the growth in the consumer spyware market is concerning because it reflects the trend towards “off-the-shelf” malware that doesn’t require any specialist knowledge to use. Of them, mSpy is one of the most recognizable one, but others you might see are FlexiSPY, WebWatcher and SpyToMobile. Often, this kind of software is used by people who want to monitor the activity of their spouses, providing an easy way to trace every movement.

Spyware is a specific type of malware designed to track the infected smartphone’s activity. Spywares can listen in on phone calls, use a device’s microphone to listen and record everything else that is happening near the smartphone. These apps can also track your GPS location, instant messages and texts, upload copies of the photos you take, spy on conversations held through other apps like WhatsApp, Snapchat, Hike, Skype, Viber, WeChat, etc., restrict incoming calls from a predefined number, send alerts for various triggers, log everything you type, and even use the camera to spy on you physically. All of the data collected by these apps is encrypted and sent to a password protected web portal where the spy can review it.

This technique has been used by governments and spy agencies (also by employing spy applications from various private surveillance companies) to spy on people through their own phones and has created anxiety about having sensitive conversations when mobile phones are present in the room.


SIGNS THAT YOUR DEVICE COULD BE INFECTED WITH A MALWARE

1. Mysterious outgoing phone calls or SMS

Have you noticed any calls or SMSs made or sent from your phone that you know were not made by you? Odds are your phone is infected with a spyware / malware. Most spywares are designed to make calls and send SMSs from the infected device.

2. Higher than usual rate of data usage

Spyware on your mobile act based on the commands they receive from its CnC (Command and Control Centre), the attacker in a remote location. To do this, they require an active Internet connection, so if you have spyware hiding on your device, odds are that your mobile data usage will increase for a reason that is not known to you. If this happens, there is a good chance that your mobile device is infected.

3. Battery depletes much faster

If you have noticed your device’s battery depleting faster than usual, especially with normal usage, there is a good chance there is a spyware hiding somewhere within the phone. Spywares run in the background of your phone without giving away their presence, and this causes your battery to die faster.

4. Poor performance

Poor mobile performance cannot always be blamed on a virus or malware. Over time the performance of mobile phones begins to deteriorate and get cluttered with apps over time. However, if you are in the habit of getting rid of unwanted apps, avoiding live wallpapers, and taking all necessary steps to optimize performance and still experiences lags and slowdowns, then the cause is likely due to a malware infection.

5. Unfamiliar apps installed on your phone

Mobile malware tend to install other malicious apps on your phone so that they can work together to push the infection of your phone further. If you notice apps which have not been installed by yourself or is not a stock app, then is a high chance your phone is infected with a virus.

6. Overheating

It is normal, and sometimes even expected, that your phone overheats while playing games, constant Internet browsing, charging or non-stop calling. However, if you are not on your phone, or your device remains hot most of the time for no reason, there is a good chance that your phone is harbouring a malware infection.


Preventative Measures

It is hard for any security measures to guard against phishing, basically because it is often just a phone call you receive, or a dodgy website you visit. The only real barrier against phishing is constant vigilance. Considering that, here are some steps you can take against phishing attacks.

Some people respond to this spyware menace by moving mobile phones into another room when having a sensitive conversation, or by powering them off.

A further concern is that malicious software could make a phone pretend to power off, while secretly remaining turned on (and showing a black screen, so that the user wrongly believes that the phone is turned off). This concern has led to some people physically removing the batteries from their devices when having very sensitive conversations.

The best defence against spyware, as with most malware, starts with your behaviour.

Follow these basics of good cyber self-defence:

  • It is simple to install a spying app on Android once you get past the lock screen, so make sure your lock screen is turned on with a complex PIN or password.
  • On Android, block third-party apps from getting installed. Go to Settings > Security and uncheck the Unknown Sources option.
  • As some spyware apps use AppleID to log into the iCloud to snoop on an iPhone, keep your AppleID a closely guarded secret.
  • Don’t open emails from unknown senders.
  • Don’t download files unless they come from a trusted source.
  • Be cautious while clicking on URLs and make sure you are being sent to the right webpage.

But as people have gotten smarter about cyber self-defence, hackers have turned to more sophisticated spyware delivery methods, so installing a reputable anti-virus program is necessary to counter advanced spyware.

7. Forensic Analysis of Seized Phones

How it works

There is a well-developed specialty of forensic analysis of mobile devices. An expert analyst will connect a seized device to a special forensics machine, i.e. Cellebrite UFED, MSAB XRY etc., which reads out data stored inside the device, including records of previous activity, phone calls, and text messages. The forensic analysis may be able to recover records that the user couldn’t normally see or access, such as deleted text messages, which can be undeleted. Forensic analysis can bypass screen locking, especially on older phones.

JTAG: JTAG (Joint Test Action Group) forensics is a data acquisition method which involves connecting to Test Access Ports (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. When supported, JTAG is an extremely effective technique to extract a full physical image from devices that cannot be acquired with normal tools.

Chip-Off Forensics: Chip-off forensics is an advanced digital data extraction and analysis technique which involves physically removing flash memory chip(s) from a subject device and then acquiring the raw data using specialized equipment. Chip-off forensics is a powerful capability that allows collecting a complete physical image of nearly any device — even those which have suffered catastrophic damage. Typically, when all other forensic extraction options — including JTAG — have been exhausted then this forensic method is preferred to extract the data.

Preventative Measures

  • Encrypt your entire data. The best way to encrypt data at rest — rather than messages in motion — is en masse, by encrypting compartments of your storage, or simply encrypting your entire memory.
  • Set a strong, hard-to-guess passcode at least six digits long.
  • For added security, don’t use biometrics like fingerprint or facial recognition systems, which can be more easily defeated than strong passcodes.
  • And on Android, don’t use a pattern unlock, which can be easily spotted by someone glancing at your phone or even cracked by analysing your screen smudges.
However, intentional destruction of evidence or obstruction of an investigation can be charged as a separate crime, often with very serious consequences.

Ready to learn about advanced tricks and settings for better smartphone privacy and security? Check out Smartphone Security For The Privacy Paranoid. 👇


References:

1. Featured Image: Photo by Simon Prades via NewScientists
2. The Problem with Mobile Phones | Surveillance Self-Defense: https://ssd.eff.org/en/module/problem-mobile-phones
3. Image 1: Photo from Getty Images via Wired.com: https://www.wired.com/2017/02/verizons-unlimited-data-plan-back-heres-compares-carriers/
4. Extreme Security Measures For The Extra Paranoid | WIRED: https://www.wired.com/story/extreme-security-measures/
5. How to Keep Your Bitcoin Safe and Secure | WIRED: https://www.wired.com/story/how-to-keep-bitcoin-safe-and-secure/
6. How to Protect Your Privacy on Public Wi-Fi Networks | Techlicious: https://www.techlicious.com/tip/how-to-protect-your-privacy-on-public-wifi-networks/
7. Image 2: Photo from Leong Thian FU/Getty Images via Wired.com: https://www.wired.com/story/google-location-tracking-turn-off/
8. How Google Tracks Your Personal Information – Patrick Berlinquette | Medium: https://medium.com/s/story/the-complete-unauthorized-checklist-of-how-google-tracks-you-3c3abc10781d
9. Image 3: Photo from Gary Waters/Getty Images/Ikon Images via NPR.org: https://www.npr.org/2018/06/29/624336039/california-passes-strict-internet-privacy-law-with-implications-for-the-country
10. How to Stop Apps From Tracking Your Location | The New York Times: https://www.nytimes.com/2018/12/10/technology/prevent-location-data-sharing.html
11. The ICSI Haystack Project Blog - Abbas Razaghpanah: https://haystack.mobi/wordpress/
12. Image 4: Photo from PLAINPICTURE via bloomberg.com: https://www.bloomberg.com/news/articles/2016-03-10/what-happens-when-the-surveillance-state-becomes-an-affordable-gadget
13. SS7 hack explained: what can you do about it? | The Guardian: https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls
14. SS7 HACKING: How hackers interrupt your call and data | Daily Junkies: https://dailyjunkies.com/ss7-hacking-how-hackers-interrupt-your-call-and-data/
15. Image 5: Photo from HOTLITTLEPOTATO via Wired.com: https://www.wired.com/story/router-hacking-slingshot-spy-operation-compromised-more-than-100-targets/
16. How Israeli spyware tried to hack an Amnesty activist's phone | FastCompany: https://www.fastcompany.com/90212318/how-israeli-spyware-tried-to-hack-an-amnesty-activists-phone
17. Image 6: Photo from Kaspersky Blog: https://www.kaspersky.com/blog/phishing-spam-hooks/24888/
18. Mobile Security 101 | Norton: https://za.norton.com/internetsecurity-mobile-mobile-security-101.html
19. How to Protect Yourself From Cellphone Phishing Attacks | Digital Trends: https://www.digitaltrends.com/mobile/how-to-protect-yourself-from-cellphone-phishing-attacks/
20. Mobile phishing attacks are moving to messaging and social media apps at an alarming rate | Wandera: https://www.wandera.com/mobile-security/phishing/mobile-phishing-attacks/
21. Phone surveillance in 2017: Are you being watched? | Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/phone-surveillance-in-2017-are-you-being-watched/article/486599
22. 5 smartphone spy apps that could be listening and watching you right now | Komando: https://www.komando.com/tips/362160/5-smartphone-spy-apps-that-could-be-listening-and-watching-you-right-now
23. How to protect against phishing scams | Norton: https://in.norton.com/internetsecurity-online-scams-how-to-protect-against-phishing-scams.html
24. Spyware - What Is It & How To Remove It | Malwarebytes: https://www.malwarebytes.com/spyware/
25. Image 7: Photo from Getty Images via Wired.com: https://www.wired.com/story/ccleaner-malware-supply-chain-software-security/
26. Signs That Your Android Could be Infected With a Virus | Cybersponse: https://cybersponse.com/6-signs-that-your-android-could-be-infected-with-a-virus/
27. Image 8: Photo from SEÑOR SALME via Wired.com: https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/
28. JTAG Forensics | Binary Intelligence: http://www.binaryintel.com/services/jtag-chip-off-forensics/jtag-forensics/
29. Chip-Off Forensics | Binary Intelligence: http://www.binaryintel.com/services/jtag-chip-off-forensics/chip-off_forensics/
30. How to Encrypt Your Texts - Calls - Emails and Data | WIRED: https://www.wired.com/story/encrypt-all-of-the-things/
31. Foucault M. Technologies of the self: A seminar with Michel Foucault. Amherst: University of Massachusetts Press; 1988.
32. How to Lock Down Your iPhone - David Koff | Medium: https://medium.com/@TheTechTutor/how-to-lock-down-your-iphone-f81c7bb4f8af