Edward Snowden has helped to develop (or at least endorsed) an app meant to surveil a room:
Like many other journalists, activists, and software developers I know, I carry my laptop everywhere while I'm traveling. It contains sensitive information; messaging app conversations, email, password databases, encryption keys, unreleased work, web browsers logged into various accounts, and so on. My disk is encrypted, but all it takes to bypass this protection is for an attacker — a malicious hotel housekeeper, or "evil maid," for example — to spend a few minutes physically tampering with it without my knowledge. If I come back and continue to use my compromised computer, the attacker could gain access to everything.
Edward Snowden and his friends have a solution. The NSA whistleblower and a team of collaborators have been working on a new open source Android app called Haven that you install on a spare smartphone, turning the device into a sort of sentry to watch over your laptop. Haven uses the smartphone's many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. The first public beta version of Haven has officially been released; it's available in the Play Store and on F-Droid, an open source app store for Android.
Snowden is helping to develop the software through a project he leads at the Freedom of the Press Foundation, which receives funding from The Intercept's parent company. I sit on the FPF board with Snowden, am an FPF founder, and lent some help developing the app, including through nine months of testing. With that noted, I'll be forthright about the product's flaws below, and have solicited input for this article from people not involved in the project.
Also collaborating on Haven is the Guardian Project, a global collective of mobile security app developers.
(Score: 2, Funny) by Anonymous Coward on Saturday December 23, @07:18AM (1 child)
Such a brilliant plan. Convince the paranoid to spy on themselves ostensibly for their own protection.
The evil plan is revealed. Snowden was working for Homeland all along. What an asshole.
(Score: 0) by Anonymous Coward on Saturday December 23, @05:51PM
i remember when i was little i would play doctor, pilot spy and laser-gun wielding super hero.
with this app we can now play 3 letter agencies that have our own best interest at heart : )
(Score: 2, Informative) by Runaway1956 on Saturday December 23, @10:55AM (5 children)
Reading the summary, it seems that he leaves his laptop unattended in his motel room, running, and logged in? The motel maid can just sit down at the damned computer, and perform any malicious stunts she may have in mind? Hmmmm . . . gotta read the fine article . . .
If you have been targeted by some agency like the NSA, yeah, they may be able to install malware in just a few minutes. If they're lucky and/or you are dumb. Seems far more likely that they'll be probing you remotely, looking for some exploit that they can use without gaining physical access. Unless, of course, they already know that you leave your computer running in unsecured locations when you are away from it.
People who need to take security seriously start by purchasing the most secure machine on the market. Going to Walmart to buy an off-the-shelf consumer grade computer defeats the purpose. Using a preinstalled version of Windows also defeats the purpose. We could argue that using Windows defeats the purpose, even if you do a custom installation.
He mentions one thing that is nice - encryption. What about hidden volumes? An attacker manages to turn your machine on - he's greeted by a default login screen. He somehow figures out how to login. So - is he logged into your working account, or a bogus account? He/she SHOULD be logged into a sacrificial account, that contains a bunch of personal stuff, but no work. All the work should be hidden with some scheme similar to this - https://www.ivpn.net/privacy-guides/creating-a-vm-within-a-hidden-truecrypt-partition [ivpn.net]
Given unlimited resources, an agency can probably break through all of your security, and uncover your hidden volumes, and even your hidden virtual machines. But, at the very least, we've done away with that evil maid breaking into your work in just a few minutes.
It all depends on your level of paranoia. People who are paranoid, especially people who are paranoid for good reason, are going to go to all of the trouble to secure their machine. And, they are NOT going to leave their machine running for the random curious maid to check out your Facebook page.
(Score: 2) by takyon on Saturday December 23, @11:33AM
Best headline so far:
Edward Snowden's Haven app turns your phone into a surveillance device [androidcentral.com]
Maybe it is better than we thought and we are focusing too much on "evil maids". But I still struggle to see the use case. Thieves? The camera has to be pointed at them to be useful. It could get taken if it is seen. I don't think it will text you the video over Signal. Government thugs? They would probably have to be low tier to snoop inside your place, and might just put a bullet in you instead. Spy on someone you live with?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by bart9h on Saturday December 23, @12:13PM (3 children)
Of course not. The physical tampering he refers to must be the installation of a physical keylogger, or something like that.
Reply to This
(Score: 2) by Runaway1956 on Saturday December 23, @01:33PM (2 children)
OK, that's pretty easy on a desktop. Laptop? I'm not so sure about that. I suppose that if a guy practiced at being fast, he might dismantle a laptop, install a keylogger, and have it put back together in less than half an hour. The guy would have to be pretty decent at the job to start with, then spend considerable time practicing for speed. Fifteen minutes? I suppose that qualifies as "a few minutes".
(Score: 0) by Anonymous Coward on Saturday December 23, @03:42PM (1 child)
They could just replace the laptop keyboard with a custom keyboard, and can be done in less than 5 minutes for some laptops.
(Score: 0) by Anonymous Coward on Saturday December 23, @05:24PM
There are hardware keyloggers that do not require the keyboard to be replaced. They've been around since forever.
(Score: 3, Interesting) by looorg on Saturday December 23, @11:54AM
Usage aside, "evil maids" fantasy or whatnot. You are actively using the camera, mic and all the sensors running all the time to create your Haven? So it will run out of battery power how fast? A couple of hours at best? So it has be to connected to a wall socket for constant charging? So much for hidden a device.
I'm not sure but is Snowden running out of money to have to endorse these kinda projects? Life not turning out great in Mother Russia?
