The first comprehensive report on the state of the security of mobile phones of civil society

Civilsphere.png

Master Thesis

Civil society members face threats not only in the physical world but in cyberspace. Their critical work leaves them in a permanent risk of surveillance and abuse. Mobile phones are vital for their activities, however these are often vastly unprotected. The lack of a standardized method to measure and analyze these risks hinders the efforts to protect them. The Civilsphere Project at the Czech Technical University in Prague created the Emergency VPN (EVPN) to help civil workers at risk. This free service helps discover data leaks or malware infections through network traffic analysis of mo- bile devices. The goal of this thesis is to create the first standardized risk measurement score for mobile phones at risk. In order to do so we processed 65 packet captures from the civil society along with the manual assessment reports done by Civilsphere analysts, creating a unique dataset suitable for further analysis. We assessed data leaked from mobile devices to identify potential risks and security threats. We developed a new method to standardize the severity rating and created a metric describing the nature of the reported data leaks. While none of the analyzed devices showed indications of malware presence, we discovered that they leak a lot of data that puts the civil workers at risk, most commonly the user’s location.

Url: https://dspace.cvut.cz/handle/10467/87847