Point For Help are portable cards where people can use their bodies to communicate what they need help with when they are in a place where they do not speak the language. They are designed to be intuitive, small, portable and durable. We believe they can be of help for refugees and other displaced people.
Civilsphere AI VPN: v0.1.0-beta release
The AI VPN is a free software tool that provides users with an automatic network security assessment of their network traffic. Users can request a new OpenVPN or WireGuard VPN profile via email or Telegram, connect to it for a predefined amount of time (hours to days), and receive a full report after their VPN profile expires.
Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN
In this blog post, we show how the Emergency VPN can help identify RAT infections on Android phones. The images and network traffic included in this blog post are part of the original research by Civilsphere researcher Kamila Babayeva on the Android Mischief Dataset.
Civilsphere AI VPN: v0.1-alpha pre-release
Introducing Our New Project: Civilsphere AI VPN
Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking
During a security assessment with the Emergency VPN our researchers found two issues: i) first, we found that the application MyFitnessPal for iOS was leaking the user email address in plain text over the network, and ii) second, advertisings are loaded through insecure connections leaking more data collected from the mobile device.
PhantomLance Android malware highlights the complexity of the mobile threat
The Civilsphere Emergency VPN
Technology has been very beneficial to journalists and activists around the world: it gives journalists access to a wealth of data and makes it easy for them to communicate with sources without having to meet in person, while it can help activists amplify their message. But technology is also increasingly used against the same people through government surveillance and mobile spyware.
Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click
The great majority of attacks, including targeted attacks, start with a link in an email, chat or sms. Phishing websites have been on the rise for the last decade, and their number is even bigger than websites hosting malware. Nowadays it’s easy to become a victim of such attacks, mostly when under pressure or when it’s hard to verify if the URL we clicked on is the right one. For this reason Should I Click was born. In this blog post we would like to introduce this new service, how it works, and how it can help protect our civil society from digital threats.
36c3 Chaos West: Emergency VPN, Analyzing Mobile Network Traffic to Detect Digital Threats
Use of Facebook UDP Priming Revealed in Unencrypted UDP Connection to port 33000
Early this year we observed suspicious UDP connections to port 33000 in a mobile device. This traffic contained a Facebook URL that included a Facebook Graph token, and it was sent unencrypted over the network. In this blog post we show details of this traffic, what information is leaked, and who is affected. We have reported this behavior to Facebook, who confirmed this traffic is part of Facebook’s normal behavior.