96 lines
2.4 KiB
Markdown
96 lines
2.4 KiB
Markdown
<!-- .slide: data-background="img/this-is-your-brain-on-apps.jpg" -->
|
|
|
|
|
|
|
|
## Smartphone
|
|
|
|
--
|
|
|
|
## Less control
|
|
Compared to a computer, it's more complicated:
|
|
|
|
- to replace the operating system
|
|
- to investigate the presence of malware
|
|
- to uninstall default programs, see branded phones
|
|
- to prevent monitoring
|
|
|
|
--
|
|
|
|
## Obsolescence
|
|
|
|
Furthermore, the phone manufacturer, by declaring it obsolete, stops
|
|
providing software updates, leaving vulnerabilities out in the open
|
|
|
|
--
|
|
|
|
## Geolocation
|
|
|
|
When a phone is on, it connects to a cell of the phone network, which
|
|
cell and which phone are marked by the operator, who keeps this information for a long
|
|
time
|
|
|
|
--
|
|
|
|
## Geolocation
|
|
|
|
It is possible to triangulate a device by estimating the signal strength
|
|
received from nearby cells, it is activated by calling 118 and kind of like if you are under
|
|
surveillance.
|
|
|
|
There is no way to avoid this attack other than leaving the phone at home
|
|
:)
|
|
|
|
--
|
|
|
|
## Geolocation - IMSI
|
|
|
|
IMSI Catcher, a simulated mobile phone tower definitely
|
|
[used](https://www.ilfattoquotidiano.it/2015/06/13/con-limsi-catcher-cellulari-a-rischio-attenzione-il-cacciatore-ti-ascolta/1770363/)
|
|
[in Italy](https://duckduckgo.com/?q=capitolatotecnicoradiomobili+site%3Apoliziadistato.it).
|
|
|
|
It can answer questions like: "give me all the phone numbers
|
|
present in this area, on that day" without the need to request them from the magistrate.
|
|
|
|
It is
|
|
[widespread](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies),
|
|
if you want to have fun you can build an [IMSI Catcher
|
|
Detector](https://seaglass.cs.washington.edu/)
|
|
|
|
--
|
|
|
|
## Geolocation
|
|
|
|
- The wifi, when ON, broadcasts a unique identifier
|
|
- Same for bluetooth
|
|
- 2G, 3G and roaming decrease security
|
|
- The geolocation services also uses the list of WiFi networks near you
|
|
|
|
--
|
|
|
|
## Good practices
|
|
|
|
- Does my phone listen to my conversations?
|
|
- Even when it's off?
|
|
- Should I remove the battery?
|
|
|
|
For sensitive discussions, leave your phone in another room. If 20
|
|
people simultaneously turn off their phones in the same location,
|
|
the operator knows.
|
|
|
|
--
|
|
|
|
## Physical attacks
|
|
|
|
- Don't use fingerprints and facial recognition
|
|
- Encrypt the phone
|
|
- Most of the time, if you phone changed hands, you lost
|
|
|
|
--
|
|
|
|
## Anonymous sim cards
|
|
|
|
- Mostly snake oil, except a few providers of eSIMs
|
|
- When possible buy with cash at supermarkets
|
|
- If you have personal informations on the phone, the sim card is not
|
|
anonymous anymore
|
|
- The more you use, the less you are secure
|