Federal agents from the Department of Homeland Security and the Justice Department used “a sophisticated cell phone cloning attack—the details of which remain classified—to intercept protesters’ phone communications” in Portland this summer, Ken Klippenstein reported this week in The Nation. Put aside for the moment that, if the report is true, federal agents conducted sophisticated electronic surveillance against American protesters, an alarming breach of constitutional rights. Do ordinary people have any hope of defending their privacy and freedom of assembly against threats like this?
Yes, they do. Here are two simple things you can do to help mitigate this type of threat:
- As much as possible, and especially in the context of activism, use an encrypted messaging app like Signal — and get everyone you work with to use it too — to protect your SMS text messages, texting groups, and voice and video calls.
- Prevent other people from using your SIM card by setting a SIM PIN on your phone. There are instructions on how to do this below.
How SIM Cloning Works
Without more details, it’s hard to be entirely sure what type of surveillance was used, but The Nation’s mention of “cell phone cloning” makes me think it was a SIM cloning attack. This involves duplicating a small chip used by virtually every cellphone to link itself to its owner’s phone number and account; this small chip is the subscriber identity module, more commonly known as SIM.
Here’s how SIM cloning would work:
- First, the feds would need physical access to their target’s phone; for example, they could arrest their target at a protest, temporarily confiscating their phone.
- Then they would pop out the SIM card from the phone, a process designed to be easy, since end users often have reasons to replace the card (such as traveling abroad and needing a local SIM card to access the local cellular network, or when switching cellular providers).
- The feds would then copy their target’s SIM card data onto a blank SIM card (this presents some challenges, as I explain below), and then put the original SIM card back without their target knowing.
SIM cards contain a secret encryption key that is used to encrypt data between the phone and cellphone towers. They’re designed so that this key can be used (like when you receive a text or call someone) but so the key itself can’t be extracted.
But it’s still possible to extract the key from the SIM card, by cracking it. Older SIM cards used a weaker encryption algorithm and could be cracked quickly and easily, but newer SIM cards use stronger encryption and might take days or significantly longer to crack. It’s possible that this is why the details of the type of surveillance used in Portland “remain classified.” Do federal agencies know of a way to quickly extract encryption keys from SIM cards? (On the other hand, it’s also possible that “cell phone cloning” doesn’t describe SIM cloning at all but something else instead, like extracting files from the phone itself instead of data from the SIM card.)
Assuming the feds were able to extract the encryption key from their target’s SIM card, they could give the phone back to their target and then spy on all their target’s SMS text messages and voice calls going forward. To do this, they would have to be physically close to their target, monitoring the radio waves for traffic between their target’s phone and a cell tower. When they see it, they can decrypt this traffic using the key they stole from the SIM card. This would also fit with what the anonymous former intelligence officials told The Nation; they said the surveillance was part of a “Low Level Voice Intercept” operation, a military term describing audio surveillance by monitoring radio waves.
If you were arrested in Portland and you’re worried that federal agents may have cloned your SIM card while you were in custody, it would be prudent to get a new SIM card.
Temporarily Taking Over a Phone Number
Even if law enforcement agencies don’t clone a target’s SIM card, they could gather quite a bit of information after temporarily confiscating the target’s phone.
They could power off the phone, pop out the SIM card, put it in a separate phone, and then power that phone on. If someone sends the target an SMS message (or texts a group that the target is in), the feds’ phone would receive that message instead of the target’s phone. And if someone called the target’s phone number, the feds’ phone would ring instead. They could also hack their target’s online accounts, so long as those accounts support resetting the password using a phone number.
But, in order to remain stealthy, they would need to power off their phone, put the SIM card back in their target’s phone, and power that phone on again before before returning it, which would restore the original phone’s access to the target’s phone number, and the feds would lose access.
Abandon SMS and Switch to Encrypted Messaging Apps
The simplest and best way to protect against SIM cloning attacks, as well as eavesdropping by stingrays, controversial phone surveillance devices that law enforcement has a history of using against protesters, is to stop using SMS and normal phone calls as much as possible. These are not and have never been secure.
Instead, you can avoid most communication surveillance by using an end-to-end encrypted messaging app. The Signal app is a great choice. It’s easy to use and designed to hold as little information about its users as possible. It also lets Android users securely talk with their iPhone compatriots. You can use it for secure text messages, texting groups, and voice and video calls. Here’s a detailed guide to securing Signal.
Signal requires sharing your phone number with others to use it. If you’d rather use usernames instead of phone numbers, Wire and Keybase are both good options.
If you use an iPhone and want to securely talk to other iPhone users, the built-in Messages and FaceTime apps are also encrypted. WhatsApp texts and calls are encrypted too. Though keep in mind that if you use Messages or WhatsApp, your phone may be configured to save unencrypted backups of your text messages to the cloud where law enforcement could access them.
You can’t use an encrypted messaging app all by yourself, so it’s important to get all of your friends and fellow activists to use the same app. The more people you can get to use an encrypted messaging app instead of insecure SMS and voice calls, the better privacy everyone has. (For example, I use Signal to text with my parents, and you should too.)
None of these encrypted messaging apps send data over insecure SMS messages or voice calls, so SIM cloning and stingrays can’t spy on them. Instead they send end-to-end encrypted data over the internet. This also means that the companies that run these services can’t hand over your message history to the cops even if they want to; police would instead need to extract those messages directly from a phone that sent or received them.
Another important consideration is preventing cops from copying messages directly off your phone. To prevent this, make sure your phone is locked with a strong passcode and avoid biometrics (unlocking your phone with your face or fingerprint) — or at least disable biometrics on your phone before you go to a protest. You also might consider bringing a cheap burner phone to a protest and leaving your main phone at home.
Lock Your SIM Card With a PIN
Another way to protect against certain forms of mobile phone spying is to lock your SIM card by setting a four- to eight-digit passcode known as a SIM PIN. Each time your phone reboots, you’ll need to enter this PIN if you want SMS, voice calls, and mobile data to work.
If you type the wrong PIN three times, your SIM card will get blocked, and you’ll need to call your phone carrier to receive a Personal Unblocking Key (PUK) to unblock it. If you enter the wrong PUK eight times, the SIM card will permanently disable itself.
With a locked SIM, you’ll still be able to use apps and Wi-Fi but not mobile data or cellphone service. So make sure that you securely record your SIM PIN somewhere safe, such as a password manager like Bitwarden, 1Password, or LastPass, and never try to guess it if you can’t remember it. (You can always click “Cancel” to get into your phone without unlocking your SIM card. From there, open a password manager app to look up your PIN, and then reboot your phone again to enter it correctly. I’ve done this numerous times myself just to be sure.)
If you want to lock your SIM card, first you’ll need to know the default SIM PIN for your cellphone company. For AT&T, Verizon, and Google Fi, it’s 1111; for T-Mobile, Sprint, and Metro, it’s 1234. If you use a different phone carrier, you should be able to search the internet to find it. (I would avoid guessing — if you type the wrong default PIN three times, your SIM card will get blocked.)
Once you know your default PIN, here’s how to you set a new one:
- If you have an iPhone, go to Settings, then Cellular, then SIM PIN, and from there you can set your PIN. See here for more information.
- If you have an Android phone, go to Settings, then Security, then “SIM card lock,” and from there you can set your PIN. If your Android phone doesn’t have these exact settings, you should be able to search the internet for your phone model and “SIM PIN” to find instructions for your phone.
Now if law enforcement gets physical access to your phone, they shouldn’t be able to use your locked SIM card without your PIN. If they guess your PIN incorrectly three times, the SIM card will block itself, and they’d need to convince your cellphone company to hand over the PUK for your SIM card in order to use it. If they guess the wrong PUK too many times, the SIM will permanently disable itself.