How do you know if your computer has been tampered with while it was temporarily out of your sight, say when you left it in a hotel room? The Freedom of the Press Foundation has issued a press release about a new open-source privacy and security app called Haven that a team led by Edward Snowden have developed that will alert you if anyone tries to do so. Haven is currently in its beta phase and they looking for testers to improve it.
Haven is a “personal security system” that empowers individuals to use a cheap second phone running free, open-source software to monitor their possessions and physical spaces when they are away from them. Haven is a joint project between Guardian Project and Freedom of the Press Foundation (FPF).
Imagine you are a journalist working in a hostile foreign country and you are worried about security services breaking into your hotel room and rifling through your belongings and computer while you are away. Haven detects changes in the environment using the sensors in a typical smartphone—the camera, microphone, gyroscope, accelerometer, ambient light, USB power—to alert you if anyone enters your space or attempts to tamper with your devices while you aren’t there.
The Haven app can then send end-to-end encrypted alerts to your phone via Signal, and you can monitor activity remotely through a Tor Onion Service. Importantly, Haven does not rely on the cloud and does not transmit data that third parties can access unless you have SMS functionality turned on in situations where you don’t have data or wifi.
Freedom of the Press Foundation board president Edward Snowden, who has been leading the project on the FPF side, explains exactly how Haven works in this video.
Micah Lee discusses the system in The Intercept.
LIKE MANY OTHER journalists, activists, and software developers I know, I carry my laptop everywhere while I’m traveling. It contains sensitive information; messaging app conversations, email, password databases, encryption keys, unreleased work, web browsers logged into various accounts, and so on. My disk is encrypted, but all it takes to bypass this protection is for an attacker — a malicious hotel housekeeper, or “evil maid,” for example — to spend a few minutes physically tampering with it without my knowledge. If I come back and continue to use my compromised computer, the attacker could gain access to everything.
…Here’s how Haven might work: You lock your laptop in a hotel safe — not a secure move on its own — and place your Haven phone on top of it. If someone opens the safe while you’re away, the phone’s light meter might detect a change in lighting, its microphone might hear the safe open (and even the attacker speak), its accelerometer might detect motion if the attacker moves the laptop, and its camera might even capture a snapshot of the attacker’s face. The Haven app will log all of this evidence locally on the Android device.
…You can configure Haven to send you real-time encrypted alerts of what it detects to your other phone, the one you carry with you, when an intrusion is detected. You can choose to get encrypted Signal notifications, and you can also configure Haven to run a Tor onion service website (that is, a darknet site), and use Tor Browser on another device to connect in and view all of the alerts — all without giving anyone else access to these evidence logs unless you choose to share them. Haven also supports SMS text notifications, which can be intercepted but which might be more reliable in some situations.
Those of you who are experts on computer and online security (which I am manifestly not) will be able to evaluate this project much better than I. My only contribution to this project is to suggest that it seems a little unfair for the security people who work in such areas to call the danger of your computer being compromised in hotel rooms the ‘evil maid’ or ‘malicious hotel housekeeper’ problem, as Lee and Bruce Schneier do. It seems to malign a hard-working and honest group of people. I have stayed in too many hotels to count and have never had anything stolen from me and they have always been very pleasant and courteous. Since they are not likely to do this but only people impersonating them, how about the term ‘phony maid/housekeeper’ instead?
The FPF is requesting contributions to fund this and other worthy projects. I am a financial supporter of this organization.
Marcus Ranum says
I don’t think it’s going to work well enough. The idea of dividing one’s security between two devices is sound (it’s why 2 factor authentication is good) but the operating systems and software on both devices has almost certainly been subverted. I would not place much trust in the cryptosystems that are publicly available, either.
Sadly, I think computing has been so thoroughly tainted that anti-government conspirators should use other techniques and abandon computing entirely. It has become, as Admiral Ackbar says, a trap. Someone with firmware knowledge and hardware expertise could develop an auditable communications device and framework for conspiracies but then they would simply treat the mere possession of one as evidence of a crime. Some of my friends and I have designed such systems but nobody’d use them. Cold-war-style tradecraft (non tech: dead drops and one time pads) is pretty much all that’s still on the menu. Fortunately, cold war tradecraft is cheap and effective and well-documented.
Game over, man.