The man who helped expose the NSA’s warrantless global mass surveillance programs is now helping users protect their hardware from physical tampering by attackers. NSA whistleblower Edward Snowden has helped create a new Android app which helps secure hardware from “Evil Maid” attacks. An Evil Maid attack is when a device is physically tampered with, without the device owner’s knowledge.
The name of the attack comes from the idea that an attacker could pose as a hotel maid, or pay off one, to gain access to a room and then quickly tamper with a victim’s computer. Evil Maid attacks where a bootloader has been installed onto the victim’s computer which defeats full disk encryption. But now thanks to Snowden’s new Android app, which is called Haven, people can help prevent Evil Maid attacks and protect their devices from physical tampering while they are not present.
The Haven app allows users to secure a private space, and can alert the user if someone tries to intrude on the privacy of the space and tamper with hardware located there. To use Haven, a user is required to have a spare Android device such as a burner phone or tablet. Haven utilizes the sensors on the Android device to detect when someone is trying to tamper with your hardware. Some of the sensors Haven uses include the camera, the microphone, the accelerometer, light sensor, as well as using the power supply to detect if the Android device has been unplugged. Once a sensor has been tripped, the app will send a notification to the user. Users can set up Haven to send notifications through a regular SMS text message, or better yet, through an end-to-end encrypted message sent over Signal.
The app can be configured to snap pictures and record audio to help identify who the attacker is, or what tripped off the sensors. Notifications and any audio or photos captured by the app can also be remotely accessed over Tor. This requires the user to install and run Orbot on the device running the Haven app. It is important for users to make sure that the Android device with the installed Haven app, has checked settings and made sure that device encryption has been enabled and that they are using a strong password. It is also important to note that an attacker could prevent Haven from sending notifications by jamming WiFi and/or cellular service. Future versions of Haven may be updated to alert users when their Haven device loses internet access, so they may be aware of any attempts to jam WiFi and cellular services.
The new Haven app for Android has released a beta version of the software. It can be downloaded from the Google Play Store, the F-Droid app store, or from Github. Haven is a free and open source software, so users can also build the apk file from the source code if they want to. To install from the F-Droid app store, users must add the Haven Nightly “Bleeding Edge” repository in the settings. Haven is maintained through The Guardian Project, which also contributes to many other privacy related apps for Android, including the mobile Tor Browser called Orfox. Snowden helped develop the Haven app through funding from a project he leads at the Freedom of the Press Foundation.
When setting up the app, the average noise level of the room is checked, in order to help prevent false positives. Unfortunately, there still may be some false positives, but it is important to remember Haven is in early development and is still just in beta testing. Future versions of the app will hopefully be less likely to produce false positive alerts. This app is essential for people who have sensitive data on their devices and want extra protection against Evil Maid attacks. It is especially useful for people who travel with devices that store sensitive information. Haven is not available for the Apple iPhone but iPhone users can still check on notifications if Tor services are enabled by checking notifications using the Onion Browser app for iPhone.