Mobile Security Risks for Activists

Mobile Risks: An Intro
How To Use The Mobile Risk Overview
General Mobile Risks
What Mobile Operators Know About You
Protect Yourself
Physical and Remote Access to Your Phone
Protect Yourself II
Specific Mobile Use Risks: Voice, SMS, Web, Email, Photo/Video
Voice
SMS/Text Messaging
Web Browsing
Mobile Email
Photos, Videos, and MMS
Security for Smartphones

What Mobile Operators Know About You

Security risks

Your mobile service is operated by your mobile network operator. As it manages your communication, it is also able to record certain types of messages you send, as well as information about your communication activities and your device. Note that none of these risks is easy to mitigate. The motto here is: The more you know, the more you can make smart choices regarding your mobile communications.

Network records

Network records are vulnerable if you suspect you are being surveilled by someone who could access them. This might be via the legal system (a subpoena, or formal legal demand), an informal government request, or through a corrupt employee of the network operator.

Any communication your phone has with the mobile network - whether placing or receiving a call, sending a message, browsing the web or just remaining connected - includes identifying information about the phone and the SIM card. There are two numbers that are important:

1. The IMEI is a number that uniquely identifies the phone - the hardware.

2. The IMSI is a number that uniquely identifies the SIM card.

If your name, your address or other identifying information were logged when you bought the phone or SIM, you can easily be linked to the IMEI and IMSI information in all your communications with the network.

When your phone is switched on, the network knows your location, triangulated from the cell towers nearby that record your phone’s signal. Your location might be accurate to as much as a few meters in a densely populated area but only to a few hundred meters in a rural area with few cell towers. If you make or receive a call or send or receive a text message, your location at that time is stored in network records. Note that this is a function of the mobile network, not any nefarious surveillance. All networks triangulate your signal. This is important to remember as this information can be used against you!

Monitoring/eavesdropping

The contents of your text messages are visible in plain text and also stored in network records.

Text messages (and emails if sent unencrypted) with certain keywords can be blocked and the sender singled out.

Calls can be monitored and recorded by network personnel, and recordings may be passed (legally or illegally) to someone outside the operator. Your calls may be listened to during or after the call.

Internet traffic can be monitored and recorded. Network operators can see what websites you access and may also see data you send and receive. Again, this information can be recorded for later use and may be passed on to someone else outside the operator.

Any unusual encrypted communication (to anything other than widely used websites such as Gmail, for example) may appear suspicious to the network operator. For example, simply sending encrypted text messages over a mobile network can arouse suspicion and single you out.

Disrupted access

Your mobile communication relies on service from the mobile network operator. It is easy for your operator to disrupt or disable your service.

Governments can request that mobile operators shut down all or parts of their network - for example, during elections or to stem protest action.

Your mobile number or the IMEI or IMSI numbers associated with your services may be selectively disabled.

Specific websites you are trying to access via your mobile phone may be blocked.