How hacking can be used at a protest

A brief guide to how hacking can be used at protests and how you can minimise risks to your data (UK edition).

Explainer
Key points
  • Hacking refers to finding vulnerabilities in electronic systems, either to report and repair them, or to exploit them.
  • The police can use sophisticated hacking techniques to get remote access to information stored on a phone, laptop or other internet-connected device used to organise or participate in protests, even if they are secured with a password, fingerprint or face unlock.
  • Ensure that your device is running the latest available version of its operating system (Android or iOS) and that all your apps are up to date to improve your security and minimise the risk of hacking.
  • There are other steps you can take too, but none are perfect solutions…
Police officer walking into back of phone

What is hacking?

  • Hacking refers to finding vulnerabilities in electronic systems, either to report and repair them, or to exploit them.
  • Hacking can help to identify and fix security flaws in devices, networks and services that millions of people may use. But it can also be used to access our devices, collect information about us, and manipulate us and our devices in other ways.
  • Hacking comprises a range of ever-evolving techniques. It can be done remotely, but it can also include physical interference with a device or system – for instance by forcing a mobile phone to unlock.
  • It can also involve taking advantage of people to gain access to their technology. An example would be ‘phishing’, where an attacker impersonates a trusted person or organisation to send a link or attachment infected with malware.

How can hacking be used at protests?

  • The police are able to hack into communications through the use of, for example, ‘IMSI catchers’. But IMSI catchers can only intercept information that is being transmitted between a mobile device and a cell tower; IMSI catchers can’t access information that is stored on the device (See also Protest Guide about IMSI catchers).
  • So the police can use sophisticated hacking techniques to get remote access to information stored on a phone, laptop or other internet-connected device used to organise or participate in protests, even if they are secured with a password, fingerprint or face unlock.
  • The police may also collect and gain access to any devices that are dropped, lost or confiscated from protesters at a protest.

What to think about when going to a protest

  • Keeping your device up to date is a good way to prevent hacking, as hacking often exploits vulnerabilities that have been disclosed but not yet patched.
  • Ensure that your device is running the latest available version of its operating system (Android or iOS) and that all your apps are up to date to improve your security and minimize the risk of hacking.
  • While you should keep your phone or other electronic devices locked, some hacking techniques can access even locked devices. Their ability to bypass this security, does however depend on the hacking technique used and the device it targets.
  • Before going to a protest, you may want to consider backing up your phone data to another device, and then removing that data from the devices you take with you. But you should be aware that some hacking tools are able to recover deleted data. If you have saved the data onto a cloud service, some hacking tools can still access that data.
  • You should always be careful about what links you click, to avoid ‘phishing’ attacks.

You can download this guide as a jpeg by saving the image below, or by downloading the pdf version in 'Attachments'.