Civilsphere's Emergency VPN: Analyzing Mobile Network Traffic to Detect Digital Threats

From TCU Wiki

Workshop: Civilsphere's Emergency VPN: Analyzing Mobile Network Traffic to Detect Digital Threats

Who:Veronica Valeros, Co-founder of the MatesLab Hackerspace

Date:Tuesday, November 3

Time:10:00am EST / 3:00pm UTC+0


The access to surveillance technology by governments and other powerful actors has increased in the last decade. Nowadays malicious software is one of the tools to-go when attempting to monitor and surveil victims. In contrast, the target of these attacks, typically journalists, lawyers, and other civil society workers, have very few resources at hand to identify an ongoing infection in their laptops and mobile devices.

Join Veronica Valeros who will share her work on Emergency VPN, a solution developed as part of the Civilsphere project at the Czech Technical University, that puts power back in the hand of users - It is designed to provide a free and high quality security assessment of the network traffic of a mobile device in order for users to identify early on any mobile threats that may jeopardize their security. In this workshop, you will learn about:

  • The design of the Emergency VPN as a free software project
  • Review of the tool and its features, including how to detect infections in different users.
  • A deeper understanding of what the threat landscape looks like, and options users have should they suspect their phone is infected, including how Emergency VPN can help in those cases.

The presentation will cover the design of the Emergency VPN as a free software project, the instructions of how a user can work with it, and some success cases where we could detect different infections on users. We expect attendees will leave this session with a more clear overview of what the threat landscape looks like, what are the options for users that suspect their phone is infected, and how the Emergency VPN can help in those cases. More information about the Emergency VPN can be found at CivilSphere's website.

// We will be hosting a 25 minute post-workshop networking exercise to allow folks to meet others who share their interest, and strengthen collaborations across various lines. Make sure to schedule in 25 minutes extra on your calendar, if you are interested in joining //

>> Check out notes from other sessions here


  • CIvilsphere Project is dedicated to providing free services to people at risk to detect targeted cyber security threats.

Who they are: Stratosphere Research Laboratory + Czech Technical University + 15 researchers + From more than 8 countries + Topics: intrusion detection, civil society, adversarial ML, IoT, fake news, & others.

Governments use spyware to surveil, abuse, imprison and kill individuals.

What can we do if suspect our phone is compromised?

  • Forensic Analysis: Careful analysis of a mobile device to identify the cause of an infection (This takes time and is costly.
  • Factory Reset: Restoring the phone to its original state. Does not help for certain infections.
  • Change Phones: Simple solution. Very costly for users.
  • Traffic Analysis: Analysis of the network traffic to identify suspicious connections.

Emergency VPN is a free open VPN service for your phone, going through their university. It provides security analysis service of hte traffic on your phone. Takes around three days. Its analysis is by experts and tools.

  • Directions on how to do use it is in the powerpoint fyi.
  • Its free to use any time you feel at risk. it provides immediate analysis, access to technology expertise, as anonymous as possible, they report back to you.
  • To-date, they have analyzed 250 cases. 95% of issues are caused by normal apps.

The most common issues of mobile users:

  • Geolocation leaked. Plain text, you dont need to be infected to be found.
  • Personal Data
  • Insecure Apps: applications use insecure protocols that endanger the user by leaking their data.
  • IMEI & IMSI: unique information that can help track and locate a user.

Important Cases:

  • Trojans: Not targeted trojans designed to steal money from their victims
  • P2p with malicious files: peer to peer applications advertised as file sharing but used to spread malware.

Contact: /