Mobile Security Risks for Activists

Mobile Risks: An Intro
How To Use The Mobile Risk Overview
General Mobile Risks
What Mobile Operators Know About You
Protect Yourself
Physical and Remote Access to Your Phone
Protect Yourself II
Specific Mobile Use Risks: Voice, SMS, Web, Email, Photo/Video
Voice
SMS/Text Messaging
Web Browsing
Mobile Email
Photos, Videos, and MMS
Security for Smartphones

Physical and Remote Access to Your Phone

Mobile phones are easily lost, stolen, or taken from you.

Data on the phone and SIM card

If someone else has your phone, it is easy to link your personal identity to your device and all sensitive and compromising data on the phone through SIM registration, IMEI, and IMSI numbers. Consider the following ways that you may be storing sensitive information on your phone:

The phone’s address book can store your contacts (names, telephone number, email, etc), and anyone with access to your phone can see these contacts.

The phone stores your call history - who you called and received calls from, and the time calls were made.

The phone stores SMS text messages you have sent or received as well as draft messages. It is possible to recover messages even if you have deleted them from the phone memory.

Any applications you use, such as a calendar or to-do list, store data on the phone or on a memory card.

Photos you have taken using the phone camera are stored on the phone or memory card. Most phones store the time the photo was taken and may also include location information and the make and model of the phone.

If you use a web browser on your phone, your browsing history (sites visited) and bookmarks may be stored.

If you use an email app, your emails, like any other application data, may be stored on the phone.

All of this data that is stored is not easily destroyed or wiped permanently and can be recovered with data forensics methods. Other people might be able to recover data even if it appears deleted to you.

Unauthorized use

Unauthorized use, either because someone has taken possession of the phone, or because compromising software has been installed, is a risk for any type of phone.

For many phones, it is possible for an attacker to gain unauthorized access remotely if the attacker can install an application on the device. To do this, an attacker might trick you into downloading a file from the Internet or open an infected MMS, or take advantage of having temporary physical access to the device.

Phone theft is another way to get access to the device. If your phone is ever out of your possession for an extended period of time and is returned to you, use it with extreme caution.

While a PIN code might slow a thief down, there are many ways to get around entering the PIN to access data. It’s best not to rely on it to protect you.

Unauthorized use allows an attacker to impersonate you to contacts who identify you by your phone number or email address.

With readily available software, a full phone image (a copy of all your data and activity records) can be made for subsequent analysis.

Unauthorized use can include making expensive calls.