On Basic Android Security and Anonymity Part 4-The Ghost Protocol
Welcome back. Have you begun developing those good habits we have discussed in the last article? I certainly hope so. However, in this final part of our Android Security series, we will be diving directly in the white rabbit’s hole, into a level of opsec that is probably going to feel largely overkill for the overwhelming majority of android users, and even most of you readers. However, I reply that there is no such thing as overkill. So eat that cupcake Alice, and let us dive down into Wonderland together.
Introducing the GHOST Protocol
First, we must establish a security and anonymity protocol to use systematically when confronted with our technology usage. This Protocol will be usable and applicable with any technological devices, but our first usage of it will be with our Android phone. The goal of this protocol will be to help us define a methodology to approach advanced level of threat analysis and responses. So far, while being quite proactive, the methods presented do not really address the inherent problem: hardware security and anonymity.
We were able to establish many methods to mitigate software level surveillance and security, but our real menace exists in a deeper level, which is hidden at the hardware level. It is the most inaccessible method of defense for a regular user as regaining control of our hardware is actually nearly impossible in a time where ultrasonic crossdevice tracking, gait measurement by gyroscoping readings and CPU backdoors exist and are widely inaccessible due to proprietary access means it will be exceedingly difficult to mitigate those factors.
In fact, it is impossible to completely suppress those.
So, did we do all of our things for nothing? Absolutely not. Most attackers and Surveillance will target us at the software level, and will be stopped by our previously enacted measures, as long as we keep our healthy online behavior in check. However, the more pernicious and the higher level bad actors can still access your phone. We are talking here about State sponsored bad actors, tyrannical governments spending billions in opsec research and surveillance, and hardware companies with no scruples about your private information.
This is also to speak against physical attackers, namely, someone who has physical access to our device, making it that much easier to hack, even for script kiddies and what we could normally consider a lower level threat. How can we defend against those kinds of threat and keep our data anonymous and secure? Preemptive measures and proactive defenses will be our key method here. Enters the GHOST Protocol.
GHOST stands for General Heuristic Operation of Sensitive Technology.In essence, it is a protocol to approximate the best possible solution in handling a device containing sensitive data. The long story short is we want our devices to be like a ghost. We want them to be undetectable. Meaning we want to limit as much as possible the footprint they make both online and the information they transmit to third party. We want them to be transparent, meaning that we have as close as possible to complete control over the device, meaning root access, or administrator access over it. We want them to be ectoplasmic, or untouchable, meaning we want to cut off as many venues of attack as humanly possible to it. Finally, we want these devices to be as imaginary as possible, like ghosts. This means cutting them off from detection as much as possible.
As you probably have realized, we are already working toward these goals with the previously enacted measures. However, these are still far from enough. We can never achieve a perfectly ghosted device. But by applying our methodology heuristically, we can approximate it well enough for our purpose, as long as we realize that this is a dynamic effort, meaning we must constantly enable active countermeasures and keep ourselves informed on the best ways to keep our devices both anonymous and secured. By keeping this protocol in mind, we can then systematically find the more pernicious vulnerabilities from our devices, and mitigate them as best as we can.
The Power of an Imaginary Device
What do I mean by “imaginary device” here? I am not describing a device that does not exist and would theoretically be inviolable of course, the entire point of these articles is to be practical and realistic. Rather, what I am describing is a device that in the eyes of anyone looking for it does not exists, or exist but not in the form they would expect. How do we achieve such a state of being for our devices? Well, the best way to make something disappear is to paint it bright red. We achieve this in multiple ways. By compartmentalizing our very devices.
Burner phones are a fantastic way to achieve this. Use an old flip phone for texting and phone calls when at work or in transit For one, this will make you look more serious, attentive to work and professional and two will keep you from distractions. Make sure to insert the SIM inside it only when in transit or while at work so that it cannot be tracked back home. Remove the battery when not in use.
Use an older device when you go out with friends, or must attend some social event. We want this device to be easy to pass off as a more modern so a flip phone won’t cut it. Instead, use your previous smartphone, your friends will be used to its appearance, and wont realize your actual primary device has changed. You also want to have it in everyone’s sight. Make it as obvious as possible. A belt case is an excellent way to toy with people’s perceptions for example. Make it attackers primary target. If you must connect to the net outside of home, to a wifi, use only this phone to do so. That way you only expose a fake to the outside world. I would even caution you to act a little bit paranoid around who gets to touch that phone to further sell the illusion. Make sure you have zero sensitive data on this device.
Now, I know latest devices have done away with removable batteries (this is very much so on purpose, just so we are clear here, meaning it helps them constantly track you as turning off your phone doesn’t actually shuts it down, meaning telemetry is still very much happening, and a dead battery means buying a completely new phone altogether), and so, for your main device, your actual main device, this is unfortunately not a good option for many of you. Now, if you have the stomach for it, I recommend getting yourself a Pinephone which will let you by default have complete control over the device as it runs on Linux and, as thus, lends you root privilege, has death switches for half its component hardware including Bluetooth, WiFi, microphone and camera, and still has a removable battery. You are killing convenience if you do this, but this is your best option next to not having a phone at all.
Main Phone, the next best thing
If you cannot stomach going full Linux for your main device, your next best option is to get a Pixel phone (ironically enough) that uses a Titan M2 security chip, meaning 6 onward. There were discussions to remove it at some point due to just how good said chip is, but apparently they didn’t. Once you have procured such a phone, flash GrapheneOS on it.
It is surprisingly easy to do, you simply need to follow the step by step guide on their website. GrapheneOS is a massive project and I add my voice to many security and Intelligence personnel who have voiced their endorsement of the project. By combining the hardware protection of the Titan M2 and the software protection of GrapheneOS, which is a security oriented version of the Android Software Stack, it makes your phone extremely difficult to brute force and many other methods of attacks by default.
If you absolutely do not want to go the Pixel road, your other option is to root your device. Just follow an online guide based on your specific phone model. Rooting a device gives you full Administrative power over the device and is, not going to lie, almost like a drug. Once you use your first root phone, you’ll never want an unrooted phone again. Flush all the bloatware, install monitoring apps, completely degoogle your phone etc, the possibilities are downright limitless. Our goal here is complete device transparency. We want to gain full control over the entire device as much as possible.
Support that security model by buying a USB-C to Ethernet adapter to plug your phone directly on the rooter to never have to use WiFi or only when absolutely necessary and you are golden security wise.
If for some reason you absolutely must carry your phone outside of your house, turn on the Airplane Mode and throw it in a lead box. Which leads me to my next point:
Faraday Bag
These things are a neat gadget that claims to help kill signal tracking and emission. These are also of extremely dubious efficacy and you should absolutely not rely on a gimmicky gadget to fend off potential trackers. If you buy one, extensively test it with a secondary device first and make absolutely certain via systematic experiments over a certain duration of time whether it works as intended or not.
Now, the thing with these bags is that even if they do kill certain signals, you can still be tracked in a number of ways, like with ultrasonic cross devices tracking.
Ultrasonic Cross Devices Tracking
Okay, we are entering the deep, darker side of why Anonymity is so important to maintain with this subject. This subject in itself is a massive and terrifying rabbit hole so I will give you the short story.
Cross-Devices Tracking is a technology that allows the tracking of users across multiple devices such as a smartphone, television, computer or radio. There are a handful of methods in which this is implemented, but here I am going to mention specifically ultrasonic method.
See, the average human adult cannot hear sounds that are above 18 kHz. It is thus possible to hide a signal in these higher frequencies that microphones will pick up and will thus be able to be tracked this way. It also gets even more involved with Audio Beacons placed in various commercials for example, in a radio program, in the supermarket radio, etc. These audio beacons, by transmitting these to your device, can be used to track your behavior, where you go, what you purchase, and then transmit this information to your various apps which will then be able to tailor apps for you. Or could be accessed with a warrant by Law Enforcement to track your movements. Or any number of such actions used by numberless possibilities of nefarious actors.
This may sound like complete science fiction to many of you, so lemme post a few links for you to verify these claims:
https://ieeexplore.ieee.org/document/7961950
These are but a few sources describing or reacting to this technology, I highly encourage you to delve deeper into it. I may write a more detailed article later on detailing this tech in the futur so stay tuned on this.
On purchasing new devices
Whenever you purchase a new device, you should always purchase it cash, and never use a payment plan or contract. Always buy an unlocked phone so you can buy a prepaid SIM that you can buy minutes for it. Now, this may be impossible in your country, as there are some places in the world where registering for a phone number legally requires irl Identification. If this is the case, make your flip phone your actual phone calls/text messages device and remove the battery and the SIM whenever you are not using it.
Peer to Peer and RTL-SRD Comms
If you must be able to discuss privately with your friends in a public setting, use a peer to peer app like Element and the Matrix Mesh network. This removes unnecessary connections. Failing access to these, Signal and Telegram are the next best thing, but by a far shot.
If you hold an Amateur Radio License and have interest in the RTL-SDR field, I highly recommend familiarizing yourself with Meshtastic, which lets you send SMS via some fairly cheap LoRa capable boards. Which yes, you can absolutely use with most modern phones. The Tech Prepper and S2 Underground youtube channels are two excellent resources going over the RTL-SDR tech for both computers but also for phones, I highly recommend you give them a watch. My one piece of advice is that RTL-SDR is far from being as complicated as it first appears, take your time, and do some research and tests and you’ll get the hang of it, which will let you completely bypass more classic forms of telecommunications into radio frequency. My one warning is that using such a technology WILL point a huge target on your back by some agencies and groups, but in a pinch, and if your problem is with phone providers and local, low level law enforcement agencies, this will definitely help as neither keep a close eye on these types of communications (or close enough to perceive you in the crowd anyway).
How to know if my number is burned?
SO, for some reason or another, you suspect a bad actor of some sort has managed to infiltrate your device, redirected phone calls or some other malfeasance against you, and you need to verify. How can we do this rapidly so we may begin applying immediate countermeasures to it?
Enters USSD (Unstructured Supplementary Service Data). This protocol is an extremely fun rabbit hole in itself, but the tldr of it is it lets you use SMS (ish) to verify certain things related to our device. Which is perfect for us. Again, I will not bore you with the technical details (But do let me know in the comments if you want me to write more in detail about this) so I will simply list you a serie of codes and what each code does for our purposes here.
Verify authenticity of IMEI number: *#6#
Verify if tracked or tapped: *#4636#*#* or *#*#197328640#*#* choose the menu option UMTS Cell Envirnment and then select UMTS RR info. This will give you the cell station the nearest or the one with the strongest signal as your phone will automatically connect to the later. Then, we go back to the menu, tap on the MM info menu, and then choose Serving PLMN. A string of numbers will appear under the LAC (Local Area Code), write those numbers down, we will cross verifiy them by looking them up as they will indicate which cell tower our phone is currently connected at. Compare these numbers to find out if you are being tapped or not.
Verify if calls are redirected: *#062# this will show if your messages or calls are redirected to a secondary phone line. If not, no info should appear.
Are my calls diverted: *#21# There is a difference between redirection and diversion, diversion requires an action wheras redirection is automatic. Hence why these two codes.
Stop all redirections and diversion: ##002#
Netmonitor: *#*#197328640#*#* okay, this one is sort of a rabbit hole but the tldr is that it lets you monitor all devices connected to your phone. Opening this will give you a menu. Choose UMTS Cell Environment and the UMTS RR information, this will give you unique Cell ID number. Write this down, then go back in the menu to then enter the MM information, get into Serving PLMN and take note the LAC. Then, you may go on any netmonitor website, enter your Cell ID to get access to the location of all devices connected to yours. I recommend https://opencellid.org
In doubt, Factory reset your phone. This may be drastic, but don’t hesitate to do it. This should completely flush out the overwhelming majority of malwares and surveillance. Because this is fun, here’s the USSD for a factory reset: *2767*3855#
Do not Factory Reset your phone if you have flashed it or Rooted it as it may irremediably brick it. Unless that’s what you are going for anyway, in which case, go wild.
In Conclusion-Adapt
In this article I went over a number of higher level details and given you pointers and methods both passive and active to regain control over your device, including at a hardware level. Certainly however, there are areas still not covered by this guide, like how to defend oneself against a CPU Backdoor (I am looking at you Intel you sneaky bastards. Seriously, look up Minix backdoor Intel CPU if you wanna know more about this) but for the overwhelming part, we have regained the most control over our phone and as thus, complemented by our good habits we have developed with the previous three articles, we are now in a position to better be able to react to threats against our Anonymity and phone Security.
Remember however that there is no such thing as a Secure Device. Zero Day Exploits, Social Engineering and a thousand other manners of infiltration still very much so exist. By staying aware of this fact we can react appropriately to better defend our sensitive data and, as thus, keep ourselves away from the prying eyes of corporations, tyrannical governments and blackhat hackers who only have bad intentions against us. Keep staying alert, researching and keep yourselves updated on these things.
You are back in Control. Do not give it back to them.
We Will be Watching
-The G.H05t
Post-Scriptum
If you have enjoyed this series of articles, so far, I wanna say both a thank you for reading me and my rants, but also I would like to ask for a favor. Share this website around, make this information known. Help others regain a foothold in this digital desert of the real in which we exist nowadays. And of course, stay tuned for our next article, which I will attempt to do weekly in the futur. Again, thank you.
Related
Filed under: Uncategorized - @ July 11, 2024 6:42 am
