New Haven App Uses a Smartphone to Guard Devices

Haven looks useful for more than it was designed for too, of course. Someone looking to secure a room in general could use the app to identify any unauthorized visitors.

It’s still in the early stages of development, but it’s one of the most promising attempts at defending against evil mail attacks for those with heightened threat models.

LIKE MANY OTHER journalists, activists, and software developers I know, I carry my laptop everywhere while I’m traveling. It contains sensitive information; messaging app conversations, email, password databases, encryption keys, unreleased work, web browsers  logged into various accounts, and so on. My disk is encrypted, but all it takes to bypass this protection is for an attacker — a malicious hotel housekeeper, or “evil maid,” for example — to spend a few minutes physically tampering with it without my knowledge. If I come back and continue to use my compromised computer, the attacker could gain access to everything.

Edward Snowden and his friends have a solution. The NSA whistleblower and a team of collaborators have been working on a new open source Android app called Haven that you install on a spare smartphone, turning the device into a sort of sentry to watch over your laptop. Haven uses the smartphone’s many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. The first public beta version of Haven has officially been released; it’s available in the Play Store and on F-Droid, an open source app store for Android.

[…]

You can configure Haven to send you real-time encrypted alerts of what it detects to your other phone, the one you carry with you, when an intrusion is detected. You can choose to get encrypted Signal notifications, and you can also configure Haven to run a Tor onion service website (that is, a darknet site), and use Tor Browser on another device to connect in and view all of the alerts — all without giving anyone else access to these evidence logs unless you choose to share them. Haven also supports SMS text notifications, which can be intercepted but which might be more reliable in some situations.