The Intercept - September 25, 2020

"Another important consideration is preventing cops from copying messages directly off your phone. To prevent this, make sure your phone is locked with a strong passcode and avoid biometrics (unlocking your phone with your face or fingerprint) — or at least disable biometrics on your phone before you go to a protest. You also might consider bringing a cheap burner phone to a protest and leaving your main phone at home."

 from the Department of Homeland Security and the Justice Department used “a sophisticated cell phone cloning attack—the details of which remain classified—to intercept protesters’ phone communications” in Portland this summer, Ken Klippenstein reported this week in The Nation. Put aside for the moment that, if the report is true, federal agents conducted sophisticated electronic surveillance against American protesters, an alarming breach of constitutional rights. Do ordinary people have any hope of defending their privacy and freedom of assembly against threats like this?

Yes, they do. Here are two simple things you can do to help mitigate this type of threat:

  • As much as possible, and especially in the context of activism, use an encrypted messaging app like Signal — and get everyone you work with to use it too — to protect your SMS text messages, texting groups, and voice and video calls.
  • Prevent other people from using your SIM card by setting a SIM PIN on your phone. There are instructions on how to do this below.

How SIM Cloning Works

Without more details, it’s hard to be entirely sure what type of surveillance was used, but The Nation’s mention of “cell phone cloning” makes me think it was a SIM cloning attack. This involves duplicating a small chip used by virtually every cellphone to link itself to its owner’s phone number and account; this small chip is the subscriber identity module, more commonly known as SIM.

Here’s how SIM cloning would work:

  • First, the feds would need physical access to their target’s phone; for example, they could arrest their target at a protest, temporarily confiscating their phone.
  • Then they would pop out the SIM card from the phone, a process designed to be easy, since end users often have reasons to replace the card (such as traveling abroad and needing a local SIM card to access the local cellular network, or when switching cellular providers).
  • The feds would then copy their target’s SIM card data onto a blank SIM card (this presents some challenges, as I explain below), and then put the original SIM card back without their target knowing.

SIM cards contain a secret encryption key that is used to encrypt data between the phone and cellphone towers. They’re designed so that this key can be used (like when you receive a text or call someone) but so the key itself can’t be extracted.

But it’s still possible to extract the key from the SIM card, by cracking it. Older SIM cards used a weaker encryption algorithm and could be cracked quickly and easily, but newer SIM cards use stronger encryption and might take days or significantly longer to crack. It’s possible that this is why the details of the type of surveillance used in Portland “remain classified.” Do federal agencies know of a way to quickly extract encryption keys from SIM cards? (On the other hand, it’s also possible that “cell phone cloning” doesn’t describe SIM cloning at all but something else instead, like extracting files from the phone itself instead of data from the SIM card.) 

Read full report at The Intercept