Forget phone calls — a new app from The Guardian Project, the Freedom of the Press Foundation and Edward Snowden aims to turn Android smartphones into tiny, unobtrusive security systems. Haven, released today in public beta, was designed to use a phone’s built-in sensors to track sudden changes in the environment around it. Let’s say you’d like to keep tabs on a room while you’re away from it — the app can direct compatible devices to record unexpected sounds, look out for changes in ambient light, and notice if it’s being picked up or tampered with. You can even prop the phone up and set up the camera for use as a motion tracker, just for good measure.
Given the need for some journalists to protect their hard-won information, it’s no surprise that Haven may see use as a means to keep shady interlopers from PCs and laptops containing sensitive data. The Intercept’sMicah Lee helped develop the app, and described how it could be used to deal with so-called “evil maid” attacks, in which an attacker attempts to physically tamper with a machine in order to compromise it.
“Here’s how Haven might work,” he writes. “You lock your laptop in a hotel safe — not a secure move on its own — and place your Haven phone on top of it. If someone opens the safe while you’re away, the phone’s light meter might detect a change in lighting, its microphone might hear the safe open (and even the attacker speak), its accelerometer might detect motion if the attacker moves the laptop, and its camera might even capture a snapshot of the attacker’s face.”
Haven won’t necessarily protect such attacks from being carried out, but the app can be configured to send notifications and recordings via text message and Signal (for end-to-end encryption) when the phone’s sensors detect something out of the ordinary. And even in cases where the phone itself doesn’t have network access and can’t fire off those warnings — say, if the phone doesn’t have a SIM card or isn’t connected to WiFi — every event that triggers an alert is logged locally on the phone. That way, the machine’s owner will still be able to tell that an unauthorized actor may have had access to it.
Of course, Haven could — and should — see use outside of those very specific scenarios. Guardian Project founder Nate Freitas calls Haven “the most powerful, secure and private baby monitor system ever,” and it’s not hard to imagine leaving a spare room in a room with a child to relay every anguished crying jag to parents. None of the data captured by Haven is relayed to third-party servers, so parents and paranoiacs can rest easier knowing they’re in full control of this highly personal data. Meanwhile, Wired reports that Haven provided peace of mind to some 60 social activists in Colombia, a country that has seen more than 100 activists assassinated in the past year alone according to a recent UN report.
Haven uses the regular features of a standard Android smartphone to detect changes in the environment around the device. The app, which adapts the camera for use as a motion tracker, can also pair with other devices to record sounds or changes in light before sending an alert to the owner – an ideal feature for those looking to ward off unwelcome snoopers.
In a video posted online, Snowden appealed for funds to further develop the open-source project while hailing it as a means for activists to protect their data without fear of it being hacked or stolen. “We designed Haven as a tool for investigative journalists, human rights defenders and people at risk,” the whistleblower said.
“Haven makes it harder [for parties] to silence citizens through raids, searches, arrests, without getting caught in the act themselves.This creates a kind of herd immunity where before people launch a crackdown they have to think, ‘will I be witnessed in a way that I can’t stop.’”
None of the data collected by Haven is sent to outside servers, meaning people remain in full control of their data. It was developed in conjunction with the Guardian Project, a global collective of software developers and activists who create open-source mobile security technology.
Micah Lee, a journalist who helped develop the app along with Snowden, said it could be used to prevent so-called “evil maid” attacks, in which an intruder attempts to physically tamper with a machine.
Do you use Android? Then for the past 11 months your device has been sending ‘Cell ID codes’ to Google https://on.rt.com/8sss
Android phone users may turn off their location services settings or take out their SIM card, but Google still collects their location data.
Writing for The Intercept, Lee said: “Here’s how Haven might work. You lock your laptop in a hotel safe — not a secure move on its own — and place your Haven phone on top of it. If someone opens the safe while you’re away, the phone’s light meter might detect a change in lighting, its microphone might hear the safe open, its accelerometer might detect motion if the attacker moves the laptop, and its camera might capture a snapshot of the attacker’s face.”
A user can also choose to have alerts sent via Signal, a Tor onion service website, or even a simple SMS text message. It is not without its flaws, however. Critics believe that if an attacker were to block WiFi, SMS or mobile data, they could prevent an alert being logged. For Snowden, however, the device he calls a “safe room that fits in your pocket” is a major step forward for privacy.
“Imagine if you had a guard dog you could take with you to any hotel room and leave it in your room when you’re not there,” Snowden told Wired. “The real idea is to establish that the physical spaces around you can be trusted.”
Android phone users have been up in arms in recent times following revelations that Google has been collecting their location data even while they have that feature turned off. Last month, Quartz discovered that Android devices have been sending “Cell ID codes” to the search engine giant via cellular towers across the US.