This is an interesting page for how to make secure internet connections from an Android phone. I’ve not gone through all of it yet, but it looks like it’s on the right track.
The basic process is to “root” your Android phone (that is, get “Administrator” or “SuperUser” rights), then set it up so that all of the internet traffic from it is routed through an SSH connection (Secure SHell) to a remote server. One that can be purchased / rented at an ISP, or your home device / computer.
This is particularly useful, IMHO, if you “mix it up” with a couple of options.
First off, it gives a great way to leverage a Raspberry Pi. It would be a great, minimal, SSH server. So one of them can be the “home server” that then does the connection out to the internet. Further, it can be set up to use Onion Routing if desired. So on one level, you have a secure connect from your phone to a trusted connect and it helps lock down folks snooping at your phone on open networks. Your traffic is still ‘trackable’ in that it is now shown as coming from your home box, so is tagged as ‘you’. But run that traffic through Onion Routing from your home box, and that too disappears. Now you have a largely untrackable internet connection with very hard to identify origin and exit. (I’m not saying “impossible” simply because it does depend on Onion Routing and that is an exterior service outside your control / proof – but it looks fairly secure and private.)
Second, nothing prevents having a couple of SSH server options. So “day to day” you could use the “home server” and “from time to time” you could swap to a secondary server (commercial or “group shared” or foreign open server) when desiring to “mix it up” a little. Now, for example, someone wanting to get a ‘warrant’ to look at the traffic on that server would need to deal with a foreign government that might not be so impressed with an FBI warrant.
Finally, IMHO, nothing but desire to do the work and the performance loss of multi-hop prevents layering on servers. Bounce off one to route through another. (This isn’t as big a feature as you might think. Each ‘bounce’ added is one more attack point. It obscures the trail, but adds exposure points.) While I’d likely not go that far, not seeing much reason to do so, it is an interesting option. So, for example, say you had a friend in Belize, they could set up a private encrypted tunnel to your computer at your home. Now each of you can connect to either computer and exit at the other location. Each of you is now “originating” your traffic in a country other than where your phone is located. (Be sure you are both comfortable with getting warrants served to demand looking at ‘your server’… This is where having that RPi with volatile memory, no logs, and a ‘disposable system’ image comes in handy. Just pull power and hand them the now useless $35 to $50 of parts… Those ‘very worried’ can just house the RPi inside a box where opening the lid chops power. Can’t take it without a power cut.)
OK, the link:
This isn’t an entirely secure solution. There are still exposures.
The software on the phone, Android, is large and complex and can be hacked. If, at any time you connect to the internet, even through secure tunnels, it is possible that someone can do an attack on the phone operating system. From Phishing attacks to inserting ‘tools’ via a ‘click me’ or app. Once the phone is hacked, it can send information to a target receiver through whatever kind of secure tunnel you have set up. In an ideal situation, you would run your own secured OS on the phone instead, but for most folks, that’s way too much trouble. As a secondary level, since the phone is ‘rooted’, you could simply restore the OS (Android) from a known clean copy each time you wished to assure the phone had not been compromised. (So, for example, if the last week you were just on vacation in Spain and didn’t really care about folks knowing you were telling your Sister about the beaches, why reload each day? Once home, clean the phone of any ‘warez’ by a reload. Then start doing business again.)
Your phone, being connected to a phone service provider, is still a beacon of your location and traffic. You can be tagged and bagged at any time by any ‘agency’ that wants you. You are broadcasting that you have your traffic routed through your server as all your traffic will have that IP number showing it’s not going to the usual internet places. A smart agent will finger that IP and scour it prior to moving on you and your phone. Then they can also see the ‘outbound’ from that IP. (Thus the benefit of having it Onion Route or secure tunnel to another jurisdiction. All they get is “talking to Belize”…)
It is, of course, possible to have a primary phone used for all ‘day to day’ things, and a less ‘visible’ phone used for secure things. So if someone is ‘tagging’ you, the ‘burner’ phone gets used and ‘recycled’ while you continue to have cover traffic on “your phone”. There are two aspects to this. One is that if YOU get a ‘disposable phone service’, that will show up in records, but you are adding a time element. Now a second tap (and potentially second approval) is needed. Don’t know if that is a 10 day timer, or a 10 hour timer, but there is a ‘first use’ window of opportunity to do some untrackable activity. The second option is to simply have friends willing to do the ‘straw man’ purchase of the phone service. So your secure traffic shows up on phone from “Susy in N.Y.C” not you, nor your friend in Belize. (That will ‘have issues’ if doing anything criminal since it becomes ‘conspiracy to FOO’ and its own crime. It also ‘has issues’ if you are being ‘contact traced’ as ‘friends’ will also come under observation. So ‘use sparingly’… and don’t do criminal things.)
There may well be some other modes of exposure that I’ve not thought up, just realize that while this method complicates things for the attacker, it is not 100% secure against all modes of monitoring and attack. It does provide a much better level of security compared to the ordinary internet connection and, with some indirections and private servers, can reduce the effectiveness of ‘official’ monitoring.
For “private group” communications, where a private email server (for example) is shared between a group of private routing servers, it can be a great security enhancement. In that case, you open a SSH connection from your phone to the SSH server, then your email goes to the private group server (never being on a public or ISP based server) and only shared out to the recipients and then only over their SSH tunnels. Now if the email is not saved, it can not be recovered by ‘agencies’. Further, the email server itself can be made ‘volatile’ saving no information and subject to the same ‘jurisdictional’ relocations and power cut ‘features’. So even email ‘in transit’ can be made hard to access even if you know there is a private mail server, and where it is located.
Such mail servers can be made very secure from hacking – simply placed behind a firewall that ONLY allows mail protocol traffic and nothing else, and being stripped of any facilities (software) other than mail serving and security. Now if the mail “spool” file where mail in transit ‘lives’ is in a RAM disk, any power cut and the mail is gone. With no logging, no record of prior mails, all mail through secure encrypted tunnels. It’s darned hard to get any message information. Essentially, you have to hack the phone and pick it up once decrypted there. Hard to do that if the phone never connects to the public internet… (all traffic through the SSH tunnel and not going on to the internet for browsing or other things.) Still possible if there is a ‘hack’ into the phone directly from the ISP that avoids the tunneling. (i.e. if Android has a back door for ‘agencies’ or the ISP takes over the phone and downloads an ‘update’ to the OS… why just ‘rooting’ the phone isn’t quite enough. You also need to be able to really fully secure the OS against change…)
OK, not perfect, but a very nice option for many kinds of use.
Will I be doing this?
Most likely not. Unfortunately, my life is way too uninteresting to have any use for this ‘feature’. Frankly, all I use my phone for is phone calls. (Some folks send me text messages, but I rarely originate any more interesting than “pick up milk” and “I’m running late”.) I don’t even use the ‘web features’ on it. The screen being all of about 2 inches wide, it’s pretty useless for anything. Even text messages require a certain amount of finding the glasses and squinting… Not something I like doing.
Oh, and my phone is about a decade old and does not have Android on it… details details ;-)
So why the interest?
Because I’m a Computer Geek who spent years securing sites against attack. It’s just “what I do” to be interested in such things. You might as well ask a professional dancer not to dance just because they had no audience.
Also, we’ve reached an unfortunate point. It is now the case that the erosion of personal privacy and personal rights has become so extreme that I find myself increasingly alienated from the goals of our world governments, and increasingly aligned with the folks that advocate for personal liberties. In short, the largest risk is a mix of things, but with a lot of “Government Sponsored” activity. (Both Chinese Hacker groups with probable government sponsors, and our own USA / UK / EU western governments abusing citizens for ‘protection’ against ‘terrorists’.) So to the extent I see solutions to that problem, well, I’m going to note them. We all need to start being more skilled at such security protections.
Some notes from the page:
When you connect to a public Wi-Fi network, your Android phone is susceptible to the same sorts of attacks as a laptop—as demonstrated by the Android data vulnerability exposed a few days ago. The solution to securing your communication is simple: You have to encrypt it. Here’s how to set up an SSH tunnel as a cheap, easy method to encrypt all your Android phone’s data.
Normally, you don’t need to worry about encryption on your phone because you’re already using your carrier’s mobile data connection, which in and of itself is pretty secure already, if only because you’re the only person using it. The problem arises when you connect to public Wi-Fi. On public Wi-Fi, anybody can listen in on everyone else’s web traffic with the right tools, and in doing so, potentially gain access to things like your social networks, your email, or worse.
SSH Tunneling allows your phone to create a secure, encrypted connection to a server located far away from the public Wi-Fi, and run all your data through that connection (like a tunnel). The Wi-Fi connection you’re using may not be secure, but when you’re using an SSH tunnel, your data will be. See our previous guide to encrypt your web browsing session using this method on a computer for the desktop version of this guide.
There are interesting links in the article as well.
FWIW, I’ve set up company networks where we had bought some other companies, so had ‘diverse’ sites and needed rapid integration. One of the things we would do is set up an encrypted tunnel (VPN Virtual Private Network) between sites and then ‘join’ the internal networks with adjustments of the routing tables. The idea of a ‘private network’ connected with encrypted tunnels over a public internet is common practice and can be made very secure. That level of the security and privacy process is pretty well vetted and locked down.
IMHO, the biggest risk is at the level of the ‘desktop’ (increasingly a laptop of palmtop) where the typical Microsoft OS is quite porous and easily hacked. With everyone and their brother visiting all sorts of web sites, and with even such fundamental layers of software as Java being subject to hacking and with large holes in them, the largest risk is just that the ‘desktop’ gets hacked and then opens its own tunnel out to the hacker who is then ‘inside your house’. So all the above is “nice to have”, but if the desktop or palmtop is not secured, and you visit the wrong places, you will be hacked. That’s why I’m looking at (and sporadically using) “boot new each time” servers like CD-ROM based ‘Live Linux’ releases and RPi on a chip that can be reloaded from time to time. As it is no longer possible to secure the desktop against being hacked (thanks MicroSoft and Oracle / Java…) it is necessary to have a ‘fresh start’ checkpoint reset before doing things that need security (like, oh, logging into a stock trading account or paying bills on line…)
Given that, to use this method most effectively, you really ought to have a clean Android release that can be secured, and reloaded into the phone from time to time. This means some hacking skills of your own. And a secure server for the release of software (best choice is to write all ‘clean’ copies of software to CD or DVD in my opinion. And not rewritable ones… A locked SD card is almost as good.) In that way, you could periodically flush and hacks out of the phone and reload a clean base system. Yes, it’s a timer until the next time you ‘click a link’ to something that’s a honey pot and cracks into the phone. But it’s better than just being hacked and doing nothing. Maybe someday folks, like Oracle and Microsoft, will care more about security. Maybe.
So that’s the story for today. This may slightly shift my focus on the RPi from a ‘desktop’ to a ‘server’ for a little while. It ought to be fairly quick to set up as an SSH server (or at least quick to explore) and will not need an HDMI interface (still saving my nickles for that $400 TV ;-) Having my own VPN at home would be nice anyway. Then when the laptop and I are at Starbucks, I could VPN into home and be encrypted ‘end to end’. I’ve run my own Linux mail server (many times) and there would also be a benefit in having that running again. Then even email would be ‘inside the tent’. I have my own DNS “caching server” on the same box, though it has been turned off for a couple of years. That is a security and performance feature. It helps protect against DNS based attacks and it allows you to ‘blackhole’ some address ranges. It also gives very fast (near instant) DNS resolutions on frequently used addresses and when folks are doing a Denial Of Service attack on DNS, you still get fast resolves of what you use regularly.
All in all, I can see a significant benefit from a RPi server with email, caching DNS, and VPN / SSH tunnels as a basic “server appliance”. Then with laptop VPN or with an Android SSH, any of my “public site” traffic is encrypted and tunneled and reflected off my own server. For other “close friends”, we could then set up private email exchanges over our own VPN / SSH tunnels and with private network numbers (i.e. non-routable to the internet) and with multiple ‘exits’ to the internet, one from each site, traffic to the internet could be routed out in various places as needed (so, say your country blocks some sites, you could exit in another country). At this point, I think the fastest path to the most benefit is likely that RPi server appliance, and a laptop with a Live CD or VirtualBox “desktop” to provide the interface. With a RPi desktop to come later.
Who knows, maybe someday I’ll even get an Android phone and add it to the mix ;-)
Now if only I was doing something important and had some reason to care about all this, I’d be all set!
(It’s still fun to do it, but it was more fun when, for 7 years at Apple, we were under constant attack and kept them out. It’s kind of a ‘rush’ to have that bit of victory each day. On one occasion what looked like a Russian attack could not get in, so was routing through our boundary router to a U.S. Military site. They got hacked, but not us. Yes, we called the site – after we hacked in and got their phone number – and told them they were under attack. Also called the FBI. But that’s another story… Somehow the energy level isn’t quite as high, when what you are protecting is pictures of a Pile Of Bricks BBQ. Oh Well. It’s still fun.)