cypurr.org

slides.com/cypurr/2025-04-mobile

Introduction to

Security

Mobile

5/10/2025

Exp 5/10/2026

Agenda

  • Intros

  • What's in a phone?

  • Tips to be more secure

  • 10 m break

  • Installing Signal

Who are we? Who are you?

We are …

    The Cypurr Collective

Beginner-friendly cybersecurity events with a holistic approach. Teaching to build community self-defense

We DO NOT tolerate language or behavior meant to demean or harm folks based on their identity

 

Security is scary, let’s be gentle.

Step up; Step Back

 

Privacy:

  • We’re in public! Keep it general.

  • Stories Stay. Lessons Leave.

  • Journalists, Researchers, etc make yourselves known!

 

Safer space workshop

How do you feel about your phone?

Introduce Yourself

  • What do I want to protect? Assets
  • Who are my allies/adversaries?
  • How can things go wrong? Capabilities
  • How likely are these threats? Risk
  • How much trouble will I go through? Effort

Security Planning (recap)

https://ssd.eff.org/module/your-security-plan

The Problem with Mobile Phones

  • More "locked down" to prevent user control
    • Preventing app/setting changes
    • Planned obsolescence with updates
    • Harder for security researchers
  • Reliance on underlying companies means less privacy and selective security.
  • Have become a necessity for daily life

More at ssd.eff.org

Building a smart phone

Images from MyShadow.org & Tactical Tech Collective Glass Room

  • Battery
  • Central Processing Unit (CPU)
    • "Mind" of the phone, running code
  • IMEI- unique ID
  • Baseband Processor (bbp)
    • Manages radio functioning
    • The bbp acts as a second mind, running its own (unreadable) code

"Smart" Components

NFC- "Near Field Communication"

Can speak to devices within 4cm. e.g. used for payments.

 

 

SIM card - "Subscriber Identity Module"

Unique card idenity, user identity when activated, contacts

 

Neural Processing Units (NPU)

"third mind" for AI functionality

Software Layers

  • Firmware provided by the manufacturer(s), e.g. Samsung
  • Operating System (Android/iOS)
  • Applications
    • What apps do you use?
    • Any apps you can't remove?
  • "The Cloud"

Your info

  • What is data "at Rest"

    • Subject to device search

  • What is data "in Motion"

    • Can be passively collected

  • What do you control?

images by myshadow.org

  • Check your settings! (ssd.eff.org)
    • Google ad/location settings!
    • secure lock screen
    • secure apple/google accounts
    • SIM-card lock
    • Maybe turn off 2G
  • Marie Kondo app management
  • PC > Browser > app
  • Review App permissions
    • Beware "when in use"
  • Delete!
    • Auto-delete
  • Compartmentalize
    • Separate devices, "work profiles"
    • "at home" v "outside" uses
    • Separate accounts
  • Turn things off! (bluetooth, nfc, etc)
  • Phone/app fasting

 

Advance tips:

- try GrapheneOS or CalyxOS

- Use a VoIP number

  • Check your settings/permissions regularly
  • Make regular backups
  • Work on ditching Meta (FB/Insta/Whatsapp) and Google
  • Update update update!
  • Educate others
  • Advocate for policy changes!

10m Stretch

Let's install Signal

  • What does it cost?
    • Nothing! it is a open source non-profit
  • Why?
    • Signal offers end to end encrypted texts, calls and video between users
    • Privacy needs herd immunity
    • Signal is audited and subpoena tested
  • What are the downsides?
    • It is tied to your phone #, so not anonymous
    • Limited "at rest" protection
    • Default settings might not be secure enough
  1. iOS/Android groups
  2. Search "Signal" on app store
  3. Install the app
  4. Setup and number verification
  5. Setup your public profile
  6. Safety numbers! (verification)

https://ssd.eff.org/module/how-to-use-signal#download-and-install-signal

Basics

Tap your profile (iOS then tap "Settings")

7. Registration Lock (under "Account")

8. Set a username (under "@username")

9. Under "Privacy"

  • Hide Phone # (under "Phone Number")
  • Disappearing Messages

10. Notifications

https://ssd.eff.org/module/how-to-use-signal#download-and-install-signal

Fancy

  • Changing phone numbers
  • Screen lock
  • Hide in app switcher
  • Disable link previews
  • Keyboard data
  • Signal Proxy
  • Hide IP when calling

https://ssd.eff.org/module/how-to-use-signal#download-and-install-signal

Very Fancy

Thanks!

 

Find us on cypurr.org

Ask about our email list

 

  • Further Resources

    • CryptoParty Harlem

    • EFF (esp ssd.eff.org)

    • Freedom of the Press Foundation (Freedom.press)

Upcoming

Brooklyn Public Library every month

(Nov 10th)

Monthly open meeting

(Nov 12th)

Movie night at Babycastles

(Nov 14th)

securiTEA online harassment chat at Bluestockings

(Nov 17th)

 

And more! check out our social media or email list

Thanks!

2025-05 Intro to Mobile Security

By cypurr

Made with Slides.com

2025-05 Intro to Mobile Security

  • 16

More from cypurr