Depending on your situation you are advised to shut off your speakers and microphone at all times as newer methods of ad tracking can link multiple devices via ultrasound covert channels. This works by playing a unique sound inaudible to human ears which is picked up by the microphones of untrusted devices - deanonymizing you completely. Watermarked audible sounds are equally dangerous. So hardware incapable of ultrasound is ineffective protection. To decrease risks its recommended to play video/audio from untrusted sources with headphones connected and adjusted at a low volume. [7][8][9]
(Text amended by me for watermarked audible sounds.)
More comes to my mind…
Every camera’s sensor has a unique noise signature because of subtle hardware differences.
[speculation] Every microphone has a unique noise signature because of subtle hardware differences. - Plausible?
This is a variation of an older attack perfected during the Cold War where recording typewritter sounds gives enough information to accurately reconstruct what was typed. This still applies today and you should avoid typing in places where open mics are used.[4][5]
So we should also advice to move all phones, tablets etc. out of the room to avoid them issuing watermarked sounds as well as listening to keystroke sounds and watermarked sounds?
You will probably want to avoid phones altogether and use tablets but
for most situations they are a reasonable choice. Buy a new Android
phone with cash if possible. Avoid other choices because proprietary
operating system is a non starter. You MUST flash a freedom and privacy
respecting ROM before using your camera. Beware that the corporate
malware infestation that comes with the phone out of the box siphons
your data to the cloud aka spy heaven.
I agree in theory, however I am not aware of any alternative firmware that can be downloaded over https, let alone provides gpg verification, not to speak of deterministic builds. Even alternative firmware often contains google components. So it does not look like anyone can effectively adhere that advice in practice.
The most promising android like project I am aware of is replicant, but hardware support is lacking. Not a single supported replicant phone supports wifi.
Apart from replicant, I am not any security focused / privacy respecting mobile devices / mobile operating systems.
I’d say absolutely. Especially considering things like Google Now, Cortana and Siri being capable enabled to record even without the user activley using them.
If it’s just https you’re after than almost every AOSP Rom would be a potential candidate. They are by design being delivered without GApps and usually can be downloaded fairly safely via androidfilehost.com. Since everything else necessary to use Android safely (guardianproject) may be downloaded and installed on any Android-Rom, that should definetly be a good base. If you have a Mediathek based phone (and it is legal in your country) you could even mess with the IMEI. Changing the Mac-Address is, as far as I know, easily possible and legal on almost all chipsets, if it should be necessary.
Also, maybe mentioning Sailfish might be a good idea.
There is CopperheadOS, as a more modern example.
However, like I’ve said, it is possible to secure almost any Android-Phone by starting out with an AOSP, additionally flashing a hardened Kernel (which exist for pretty much every major phone in one way or another), encrypting the device with AES, being careful and precise when dishing out permissions, as well as Root access and tunneling all traffic through Tor via Orbot.
So we should also advice to move all phones, tablets etc. out of the room to avoid them issuing watermarked sounds as well as listening to keystroke sounds and watermarked sounds?
Yes definitely and this is good advice for many other reasons. One’s security is as good as the lowest link and having a room bug in close proximity of a trusted device is bad on many levels.
I agree in theory, however I am not aware of any alternative firmware that can be downloaded over https, let alone provides gpg verification, not to speak of deterministic builds. Even alternative firmware often contains google components. So it does not look like anyone can effectively adhere that advice in practice.
For phone firmware without Google spyware there is a wide choice because alt-ROMS are based on AOSP and are legally prevented from bundling Google proprietary code. For GPG signed images only CopperheadOS provides these AFAIK. On the side of software freedom the phone landscape is pretty shitty. They all contain blobs on some level to have basic hardware functionality. No mainline kernel can be built for them and probably not anytime soon.
additionally flashing a hardened Kernel
Interesting. Can you link to some? AFAIK no Grsec kernels for Android exist except from Copperhead and its taking them a massive porting and patching maintenance effort so they stick to a few models.
Edit by @Patrick:
Removed full textual quote of that site. Unclear if that is legally allowed. And not useful. Link is sufficient. And if don’t want the content to be lost, use a link archiver such as http://www.webcitation.org/ and check web archive etc.
One being silent and recording some sound. Let’s say something trivial such as nature sounds. Uploading it somewhere non-anonymously. Then at a much later time when having forgotten about this and not knowing about the possibility of microphone unique noise signature, another event is recorded. Then anonymously uploaded. Now it could be possible to link these recordings to each other.
Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components
In this paper we thoroughly analyze a technique for fingerprinting the
hardware of smartphones. The observation is that even if
the software on mobile devices is strengthened [35,62,70], hardware-
level idiosyncrasies in microphones and speakers can be used to
fingerprint physical devices. During manufacturing, imperfections
are introduced in the analog circuitry of these components, and as
such, two microphones and speakers are never alike. Through an
observational study, we find that these imperfections are substantial
enough, and prevalent enough, that we can reliably distinguish be-
tween devices by passively recording audio streams, and conduct-
ing simple spectral analyses on the recorded audio streams. Our
approach can substantially simplify the ability for an adversary to
track and identify people in public locations which can threaten
the privacy of mobile device users. Our approach requires small
amounts of data — for example, we show that with our technique,
an adversary could even use the short ringtones produces by mo-
bile device speakers to reliably track users in public environments.
Alternatively, a stealthy app (e.g., an online game) can access the
microphone to uniquely distinguish all users running the app.
This can be extrapolated to any data recorded by any sensor type.
Mobile Device Identification via Sensor Fingerprinting
The best way to defend is simply deny access to the hardware in question and avoid sharing of data recorded by a sensor in unencrypted form. Also not sharing with incompetent or malicious parties.