The recently concluded Fake Antenna Detection Project (FADe) aimed to address repressive surveillance of private cell phone communications within at-risk communities in Latin America by detecting and measuring the presence of IMSI Catchers—devices that pose as cell phone antennas in order to monitor users. IMSI (international mobile subscriber identity) is a number that uniquely identifies every user of a cellular network, and can be used for telephone eavesdropping, intercepting mobile phone traffic, and tracking location data of mobile phone users.
The project engaged in advanced technical testing to detect the use of such devices, and conducted research and data collection to help communities understand the threat environment better. One major takeaway is that 2G/3G networks are considerably more vulnerable and susceptible to surveillance (and most of the available equipment to monitor cell phone data operates in 2G). The project advocates shutting down these networks to reduce the attack surface and exploring 4G-compatible research solutions, given the robust rollout of LTE networks. Learn more about IMSI-Catchers and the project on the FADe site.
Digital Democracy’s Mapeo is an open source toolkit designed in partnership with indigenous communities for collaborative documentation of human rights abuses, with photos linked to geographic information and cryptographic proofs. Mapeo is resilient during censorship, limited or no connectivity or internet blackout, as data can be shared offline between devices.
Mapeo has been hard at work. Mapeo implemented a new datastore for its tool. Each device in a Mapeo project writes data to a secure immutable log. Unlike the previous datastore, which has custom indexes in the logs, the new datastore generates materialized views from the logs in an SQL database, which provides an easy interface for querying the data in the app.
Mapeo is currently updating its discovery protocol (for discovering other Mapeo devices on the same network) to use DNS Service Discovery, which is a way of using standard DNS programming interfaces, servers, and packet formats to browse the network for services.
Evaluating Privacy and Security of WeChat Network Communications
ICFP Fellow Mona Wang is investigating the data privacy and security practices of the WeChat client application. Many individuals inside China as well as diaspora populations use WeChat out of necessity rather than choice. The application uses a proprietary encryption protocol called MMTLS for most of its communications. For vulnerable populations that must use the application, precise threat modeling is of utmost importance. Chinese entities can likely request arbitrary user data from WeChat and other companies. The project aims to understand exactly what information is sent over communications between the WeChat application and its servers.
The fellow identified the cryptographic functions being utilized by the MMTLS handshake, and have specifically identified the location and usage of public key material in the Android app. This is a crucial step forward for the research, and will allow the ICFP fellow to investigate the security practices of the WeChat client and what risks there are for individual users’ data privacy.
Improving VPN Censorship Resistance
This research aims to get a clearer, data-driven picture of the VPN circumvention landscape, which will benefit the censorship-circumvention research community, service providers, and end users. The fellow has deployed wireguard experiments with private credentials, which will aid in understanding overall VPN censorship resistance. This includes creating a test list with provider endpoints, which are mainly directed at detecting DNS blocks (i.e. a filtering strategy for making it difficult for users to locate specific websites/domains) for either download pages or API endpoints that some VPN applications rely on for normal functioning. The research has also extended its focus to Iran in light of the ongoing protests and reports of Chinese tech and know-how being related to the Iranian firewall.
Internet Shutdowns Project
ICFP fellow Michael Collyer continues work on developing an Internet shutdown taxonomy and interactive open-source shutdown database for research and analysis on internet shutdowns. Collyer has engaged with local researchers surrounding issues of internet governance to incorporate the idea of digital sovereignty into his methodology. To improve upon the quality of information provided in the upcoming shutdown database, Collyer and colleagues attended multiple international learning forums to explore issues of internet fragmentation. Collyer hosted a “Digital Freedoms Meet and Greet” that engaged with students and academics, encouraging them to join the research group to promote long-term sustainability of his internet shutdowns research.
Reversing Bloatware in Central America
Over the past few years there has been a significant increase in government-sponsored mass and targeted surveillance or intrusion using manufactured spyware such as Pegasus. This threat is particularly pronounced in Mexico due to the large amount of applications that are pre-installed on end devices (“bloatware”) by powerful entities and the region’s complicated history pertaining to the authorities’ influence over the flow of information. Mobile bloatware apps from service carriers and the state are a major security threat to end-users because they commonly have root access to potentially install packages, access encrypted messages, or make escalated changes to the device. This new ICFP project will analyze seven suspicious applications to determine the level of encryption, type of information collected and how clear it is for users that this data is being retrieved, and the security level of the applications’ update processes.