In early 2012 , Marie Colvin, an acclaimed international journalist from New York, entered the besieged city of Homs, Syria, while reporting for London’s Sunday Times. She wrote of a difficult journey involving “a smugglers’ route, which I promised not to reveal, climbing over walls in the dark and slipping into muddy trenches.” Despite the covert approach, Syrian forces still managed to get to Colvin; under orders to “kill any journalist that set foot on Syrian soil,” they bombed the makeshift media center she was working in, killing her and one other journalist and injuring two others.

Syrian forces may have found Colvin by tracing her phone, according to a lawsuit filed by Colvin’s family this month. Syrian military intelligence used “signal interception devices to monitor satellite dish and cellphone communications and trace journalists’ locations,” the suit says.

In dangerous environments like war-torn Syria, smartphones become indispensable tools for journalists, human rights workers, and activists. But at the same time, they become especially potent tracking devices that can put users in mortal danger by leaking their location.

National Security Agency whistleblower Edward Snowden has been working with prominent hardware hacker Andrew “Bunnie” Huang to solve this problem. The pair are developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. They argue that a smartphone’s user interface can’t be relied on to tell you the truth about that state of its radios. Their initial prototyping work uses an iPhone 6.

“We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don’t,” Snowden told me in a video interview. “It’s basically to make the phone work for you, how you want it, when you want it, but only when.”

Huang made a name for himself by using a technique known as reverse engineering to hack into Microsoft’s Xbox and other hardware devices locked down using various forms of encryption, and Snowden said he’s been an invaluable research partner.

“When I worked at the NSA, I worked with some incredibly talented people,” Snowden said, “but I’ve never worked with anybody who had such an incredible outpouring of expertise than I have with Bunnie.”

Snowden and Huang presented their findings in a talk at MIT Media Lab’s Forbidden Research event today and published a detailed paper.

Location Privacy and Smartphones

Smartphones come with a variety of different types of radio transmitters and receivers: cellular modems (for phone calls, SMS messages, and mobile data), wifi, bluetooth, and others. But using any of these radios could leak your physical location to an adversary who is watching the airwaves.

Journalists and activists use their phones to communicate with sources and colleagues, post updates and livestream to social media, and accomplish countless other networked tasks. If they need to keep their location secret, for example in a war zone, they need to turn off all of the radios within their phones. Even so, phones can still be vital tools even when offline; internet access is not needed to take photographs, record video or audio, take notes, use certain maps, or manage schedules.

Snowden and Huang have been researching if it’s possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that “a phone can and will be compromised.” After all, journalists and activists are often under-resourced and face off against well-funded intelligence services. They also, necessarily, use their phones to talk to, and open documents from, a wide variety of sources, leaving them especially vulnerable to targeted phishing, or “spearphishing,” attacks, where an attacker baits a victim into opening an enticing document that actually contains an exploit.

The research is necessary in part because the most common way to try to silence a phone’s radio — turning on airplane mode — can’t be relied on to squelch your phone’s radio traffic. “Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface,” Snowden and Huang explain in their blog post. “Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”