Man
Professional
- Messages
- 2,965
- Reaction score
- 488
- Points
- 83
A smartphone is a personal device that is always with us. A smartphone knows about us even things that we may not know about ourselves. Letting strangers in there is a good chance of getting a long-term headache or complications with the law.
Phone inspection at the border
Protecting personal information on Android
The first and most important thing is protection from physical data extraction. The border guard has every right to demand any item from your luggage or personal belongings for inspection.
Having received an Android smartphone, border guards can simply use the service mode (EDL, 9006/9008 modes for Qualcomm, LG UP for LG smartphones, etc.) to access the information. And you know what's most interesting? In 85% of cases, this will be enough: according to the latest data, only about 15% of Android devices use encryption of the data partition.
If you thought that there would be no qualified specialist at the border to extract information from the device, I have to disappoint you a little: modern solutions allow even a cleaning lady to do everything. Animated instructions with pictures on what and in what sequence to press on the phone and where to plug in the cord appear right on the computer screen. However, your device can also be confiscated (there have been precedents), after which the data will be extracted in a calm environment. The moral? Finally, turn on Android's native encryption feature!
Android has numerous insecure unlocking methods, collectively called Smart Lock. If, for example, you use a fitness tracker or watch and have set up unlocking when there is a Bluetooth connection with this device, you can stop reading.
Also, there is no force that could prevent a border guard from taking a photo of your face (another stone in the direction of Smart Lock). In many models, the reliability of unlocking with a fingerprint sensor is also questionable. Conclusion: turn off Smart Lock and make sure that the phone can only be unlocked with a PIN code, preferably a complex one.
Unlike iOS, where almost everything gets into a backup copy, but the backup itself can be protected once and for all with a password, in Android backups are created either in the cloud or via ADB. A fairly limited amount of data gets into backup copies; it cannot be encrypted. However, authentication markers (tokens) from many popular instant messengers and social networks are perfectly included in backups, so this point should be kept in mind. The backup itself in Android is extremely simple: just unlock the phone, enable developer mode, connect the phone to the computer and issue the appropriate command. Most likely, if you are convinced to unlock the phone, this is the procedure that will be performed.
If a backup copy is taken from your phone via ADB, it may include:
Besides, Google is king and god in Android smartphones. Google collects a huge amount of data that is transmitted directly to the server. If you are asked to provide your account password and the border guard manages to log in (for example, if you still have not set up two-factor authentication), the phone itself will no longer be needed: your Google account has everything and even a little more.
What to do with it?
Delete the Google account from the phone before boarding the plane and log in to the newly created one. Fortunately, unlike the iPhone, this action will not require you to reset the phone. Oh, and don't forget to clear the application data - at least contacts, photos, Google Maps and Chrome browser data. Most likely, there will be some traces left, but if the device does not arouse suspicion, then a more detailed investigation may not be necessary.
And what to do with the photos?
If you need access to your photo and video library while traveling, but don’t want to keep them on the device itself, you again have options with the cloud (hint: you can delete the Dropbox app from your phone) or a hidden nested container on your computer. Finally, you can also store photos in Google Photos of the account you are going to delete from your phone before traveling (just keep in mind that by default, reduced and “optimized” files are saved there).
Finally, users with a custom recovery (TWRP) have the option of creating an encrypted backup copy of the data partition, which can also be saved in a nested container on your computer. Its subsequent restoration is a matter of minutes. However, crossing the border with a “naked”, unconfigured device is also a bad idea: you will look very suspicious in the eyes of the border guard.
Phone inspection: playing with backups
Oddly enough, a smartphone without activated encryption can greatly facilitate border crossing. The thing is that modern smartphones that come out of the factory with Android 6.0+ on board are required to encrypt data and often store the encryption key in the TEE (Trusted Execution Environment) hardware module. On the one hand, this is good, on the other hand, it prevents the ability to make/restore a full system backup using TWRP.
But if encryption is disabled and there is an option to make a backup, you have the opportunity to very cleverly fool the inspectors. The essence of the method: you install a custom TWRP recovery on your smartphone, reboot into it, make a nandroid backup of the system and data partitions (they contain the OS itself and your data/applications, respectively), extract the backup from the smartphone (it is stored in the TWRP directory on the memory card) and save it, for example, in Dropbox. Then you reset the smartphone to factory settings, link it to a fake account, install several applications, enter several unimportant passwords in the browser - in general, create the appearance of an actively used device. And then reboot into TWRP again, and make another backup, and save it to the cloud again.
As a result, you will get two backups: one will contain your main system, the second - the Potemkin one. All you have to do is restore the second, fake backup before the trip, cross the border, and then restore the main one. In this case, all your settings, software, and everything else, right down to the location of the icons on the desktop, will remain intact.
Protecting personal information on iOS
In general, it will be easier to protect an iPhone than an Android smartphone. But first things first.
Have you decided on a strategy? If you are going to defend your data, you have several options.
First, you can set a long (six-digit or alphanumeric) password, and then simply turn off the phone. It will be completely impossible to open it until you give it this password. But if your iPhone is equipped with a fingerprint sensor and you forgot to turn off the phone before crossing the border, the border guard will only need to order you to put your finger on the scanner to unlock the device. This method of unlocking devices does not require any special warrants or permissions from law enforcement agencies. So - turn off your phone!
A logical question: what prevents border guards from locking you up and not letting you out until you give up (remember, enter) the unlock password? On the one hand, it would seem that nothing prevents it: in a well-known case, a NASA employee, an American citizen, by the way, was detained by border guards and “pressed” (quote) until he gave up the PIN code for his smartphone. On the other hand, such cases are extremely rare, they are more the exception than the rule. Again, in US legislation today there is a wide “gray zone”, within which, on the one hand, a border guard has the broadest powers, but on the other hand, he can use them only if there are “reasonable suspicions”.
The border guard may "ask" you to unlock your phone with a password. If this is a request (in official terminology), then you have the right to politely refuse. No one will lock you in (but there may be other consequences). But if this is an order, then you will have no choice. But the border guard can only order you to enter or provide a password if there are "reasonable suspicions", in exceptional cases. At the same time, both border guards and the police can unlock your phone using a fingerprint (here again, a "gray area") promptly. In other words, you can't lie, and resistance is also useless. What else can you do?
Secondly, before your trip, you can reset your device and set it up again using a fresh Apple ID. You won't be ashamed to show such a device to the border guard. After crossing the border, simply connect to Wi-Fi, reset the phone again and restore from a cloud backup (of course, you should have such a backup in principle, and the wireless connection should be fast, stable and allow the transfer of several gigabytes of data).
Please note an important point with Apple's two-step authentication: to authorize in your own Apple ID, you will need to have a second authentication factor (for example, a SIM card with a trusted phone number to which you can receive an SMS with a one-time code). If you do not think about this in advance, you can find yourself cut off from your own account and data in iCloud.
If you take a computer with you, then the backup can be created locally, on a hidden container in TrueCrypt format or one of its "successors". The container itself can be safely presented for analysis and even provide the password - it is impossible to determine the presence of a hidden disk. However, the topic of nested cryptocontainers deserves a separate article; we will not develop it here. (Don't forget the backup password!)
If you don't want to stick to your principles or reset your phone because of the tiny (0.08%) chance of it being searched, consider other options.
If you have an iPhone with the latest version of iOS and you haven't jailbroken it, you're in luck: it's impossible to take a physical image of the device. The only analysis method available to border guards, other than manually launching apps on the phone, is to take a backup copy via iTunes or a specialized app (Elcomsoft iOS Forensic Toolkit or similar). It's also very easy to counteract this: just take care to set a password for your backups in advance. To do this, launch iTunes and activate the Encrypt iPhone backup option:
Phone search. Encrypt iPhone backup.
Next, you'll need to specify the password:
We recommend generating a long, random, complex password of 10-12 characters, including all possible variations of letters, numbers, and special characters. Generate it, print it out on a piece of paper, and install it on your phone. Hide the paper at home, don’t take it with you. If you are asked to provide a password for the backup copy, explain that you do not use offline backups, so for security purposes the password was set to be long and random, not intended to be remembered. Since this password is not needed in everyday life, such a scenario is quite likely.
Want to protect your passwords? Turn off Keychain and iCloud Keychain on your phone. Passwords will be deleted from the device and will not be pulled from the cloud until you explicitly activate iCloud Keychain. Browser history and search queries are deleted in a similar way:
Until recently, these actions would not have fully protected you, since Apple stored deleted browser history on its servers for an indefinite period of time. After Elcomsoft released an app that retrieves deleted records, Apple woke up and closed the hole.
However, browser history will still be stored in iCloud for at least two weeks after deletion. To finally “tie up the loose ends,” you will need to disable data synchronization with the cloud (you can always reconnect it after crossing the border). How to do this is in the official KB:
Backup copies of the device can also be stored in the cloud. However, mechanisms for accessing cloud data are regulated by other laws, and data from cloud backups is currently not retrieved when crossing the border. You can calm your inner voice and turn off cloud backups (and delete those already created), but there is little practical sense in this.
Finally, you can completely disable iCloud. However, we do not recommend doing this - at a minimum, by turning off iCloud, you lose protection from theft of iCloud Lock and Find My Phone.
Legal Methods of Counteraction
Today, a border guard officer has the right to ask an applicant for entry into the United States to unlock the device and hand it over for analysis. In some cases (reasonable suspicions, inclusion in the list of potentially dangerous or undesirable persons), the officer has the right to demand that the device be unlocked.
The difference between a “request” and a “demand” is difficult for an unprepared passenger, tired from a long flight and, perhaps, in a hurry for a transfer, to grasp, but nevertheless it exists.
Ignoring the order will not work, the consequences can be very unpleasant. But a request can be politely declined; if you can justify the refusal, so much the better. Yes, you may not be allowed into the country, and yes, you may be detained for an indefinite period, but from the point of view of American law, you have not yet committed a crime.
Conclusions
It is important to understand that the border guards have, if not the law, then the ability to interpret the law in their favor, brute physical force and methods of coercion, which they do not hesitate to use. The use of coercion methods is only increasing year after year.
From the point of view of your own safety, you should not object to the border guards. Also, you should not lie, cheat or dodge: all this will lead to additional complications in an already acute situation. It will be much more effective to use a set of technical protection methods that we described in this article.
Remember: you cannot extract from a smartphone something that is not physically on it, but any password from you can be obtained, if there is a desire.
Phone inspection at the border
- Content
- Protecting Personal Information on Android
- Protection with fake backups
- Protecting Personal Information on iOS
- Legal methods of counteraction
- Conclusion
Protecting personal information on Android
The first and most important thing is protection from physical data extraction. The border guard has every right to demand any item from your luggage or personal belongings for inspection.
Having received an Android smartphone, border guards can simply use the service mode (EDL, 9006/9008 modes for Qualcomm, LG UP for LG smartphones, etc.) to access the information. And you know what's most interesting? In 85% of cases, this will be enough: according to the latest data, only about 15% of Android devices use encryption of the data partition.
If you thought that there would be no qualified specialist at the border to extract information from the device, I have to disappoint you a little: modern solutions allow even a cleaning lady to do everything. Animated instructions with pictures on what and in what sequence to press on the phone and where to plug in the cord appear right on the computer screen. However, your device can also be confiscated (there have been precedents), after which the data will be extracted in a calm environment. The moral? Finally, turn on Android's native encryption feature!
Android has numerous insecure unlocking methods, collectively called Smart Lock. If, for example, you use a fitness tracker or watch and have set up unlocking when there is a Bluetooth connection with this device, you can stop reading.
Also, there is no force that could prevent a border guard from taking a photo of your face (another stone in the direction of Smart Lock). In many models, the reliability of unlocking with a fingerprint sensor is also questionable. Conclusion: turn off Smart Lock and make sure that the phone can only be unlocked with a PIN code, preferably a complex one.
Unlike iOS, where almost everything gets into a backup copy, but the backup itself can be protected once and for all with a password, in Android backups are created either in the cloud or via ADB. A fairly limited amount of data gets into backup copies; it cannot be encrypted. However, authentication markers (tokens) from many popular instant messengers and social networks are perfectly included in backups, so this point should be kept in mind. The backup itself in Android is extremely simple: just unlock the phone, enable developer mode, connect the phone to the computer and issue the appropriate command. Most likely, if you are convinced to unlock the phone, this is the procedure that will be performed.
If a backup copy is taken from your phone via ADB, it may include:
- Wi-Fi network passwords, system settings;
- photos, videos and contents of internal memory;
- installed applications (APK files);
- data from applications that support backup (including authentication tokens).
Besides, Google is king and god in Android smartphones. Google collects a huge amount of data that is transmitted directly to the server. If you are asked to provide your account password and the border guard manages to log in (for example, if you still have not set up two-factor authentication), the phone itself will no longer be needed: your Google account has everything and even a little more.
What to do with it?
Delete the Google account from the phone before boarding the plane and log in to the newly created one. Fortunately, unlike the iPhone, this action will not require you to reset the phone. Oh, and don't forget to clear the application data - at least contacts, photos, Google Maps and Chrome browser data. Most likely, there will be some traces left, but if the device does not arouse suspicion, then a more detailed investigation may not be necessary.
And what to do with the photos?
If you need access to your photo and video library while traveling, but don’t want to keep them on the device itself, you again have options with the cloud (hint: you can delete the Dropbox app from your phone) or a hidden nested container on your computer. Finally, you can also store photos in Google Photos of the account you are going to delete from your phone before traveling (just keep in mind that by default, reduced and “optimized” files are saved there).
Finally, users with a custom recovery (TWRP) have the option of creating an encrypted backup copy of the data partition, which can also be saved in a nested container on your computer. Its subsequent restoration is a matter of minutes. However, crossing the border with a “naked”, unconfigured device is also a bad idea: you will look very suspicious in the eyes of the border guard.
Phone inspection: playing with backups
Oddly enough, a smartphone without activated encryption can greatly facilitate border crossing. The thing is that modern smartphones that come out of the factory with Android 6.0+ on board are required to encrypt data and often store the encryption key in the TEE (Trusted Execution Environment) hardware module. On the one hand, this is good, on the other hand, it prevents the ability to make/restore a full system backup using TWRP.
But if encryption is disabled and there is an option to make a backup, you have the opportunity to very cleverly fool the inspectors. The essence of the method: you install a custom TWRP recovery on your smartphone, reboot into it, make a nandroid backup of the system and data partitions (they contain the OS itself and your data/applications, respectively), extract the backup from the smartphone (it is stored in the TWRP directory on the memory card) and save it, for example, in Dropbox. Then you reset the smartphone to factory settings, link it to a fake account, install several applications, enter several unimportant passwords in the browser - in general, create the appearance of an actively used device. And then reboot into TWRP again, and make another backup, and save it to the cloud again.
As a result, you will get two backups: one will contain your main system, the second - the Potemkin one. All you have to do is restore the second, fake backup before the trip, cross the border, and then restore the main one. In this case, all your settings, software, and everything else, right down to the location of the icons on the desktop, will remain intact.
Protecting personal information on iOS
In general, it will be easier to protect an iPhone than an Android smartphone. But first things first.
Have you decided on a strategy? If you are going to defend your data, you have several options.
First, you can set a long (six-digit or alphanumeric) password, and then simply turn off the phone. It will be completely impossible to open it until you give it this password. But if your iPhone is equipped with a fingerprint sensor and you forgot to turn off the phone before crossing the border, the border guard will only need to order you to put your finger on the scanner to unlock the device. This method of unlocking devices does not require any special warrants or permissions from law enforcement agencies. So - turn off your phone!
A logical question: what prevents border guards from locking you up and not letting you out until you give up (remember, enter) the unlock password? On the one hand, it would seem that nothing prevents it: in a well-known case, a NASA employee, an American citizen, by the way, was detained by border guards and “pressed” (quote) until he gave up the PIN code for his smartphone. On the other hand, such cases are extremely rare, they are more the exception than the rule. Again, in US legislation today there is a wide “gray zone”, within which, on the one hand, a border guard has the broadest powers, but on the other hand, he can use them only if there are “reasonable suspicions”.
The border guard may "ask" you to unlock your phone with a password. If this is a request (in official terminology), then you have the right to politely refuse. No one will lock you in (but there may be other consequences). But if this is an order, then you will have no choice. But the border guard can only order you to enter or provide a password if there are "reasonable suspicions", in exceptional cases. At the same time, both border guards and the police can unlock your phone using a fingerprint (here again, a "gray area") promptly. In other words, you can't lie, and resistance is also useless. What else can you do?
Secondly, before your trip, you can reset your device and set it up again using a fresh Apple ID. You won't be ashamed to show such a device to the border guard. After crossing the border, simply connect to Wi-Fi, reset the phone again and restore from a cloud backup (of course, you should have such a backup in principle, and the wireless connection should be fast, stable and allow the transfer of several gigabytes of data).
Please note an important point with Apple's two-step authentication: to authorize in your own Apple ID, you will need to have a second authentication factor (for example, a SIM card with a trusted phone number to which you can receive an SMS with a one-time code). If you do not think about this in advance, you can find yourself cut off from your own account and data in iCloud.
If you take a computer with you, then the backup can be created locally, on a hidden container in TrueCrypt format or one of its "successors". The container itself can be safely presented for analysis and even provide the password - it is impossible to determine the presence of a hidden disk. However, the topic of nested cryptocontainers deserves a separate article; we will not develop it here. (Don't forget the backup password!)
If you don't want to stick to your principles or reset your phone because of the tiny (0.08%) chance of it being searched, consider other options.
If you have an iPhone with the latest version of iOS and you haven't jailbroken it, you're in luck: it's impossible to take a physical image of the device. The only analysis method available to border guards, other than manually launching apps on the phone, is to take a backup copy via iTunes or a specialized app (Elcomsoft iOS Forensic Toolkit or similar). It's also very easy to counteract this: just take care to set a password for your backups in advance. To do this, launch iTunes and activate the Encrypt iPhone backup option:
Phone search. Encrypt iPhone backup.
Next, you'll need to specify the password:
We recommend generating a long, random, complex password of 10-12 characters, including all possible variations of letters, numbers, and special characters. Generate it, print it out on a piece of paper, and install it on your phone. Hide the paper at home, don’t take it with you. If you are asked to provide a password for the backup copy, explain that you do not use offline backups, so for security purposes the password was set to be long and random, not intended to be remembered. Since this password is not needed in everyday life, such a scenario is quite likely.
Want to protect your passwords? Turn off Keychain and iCloud Keychain on your phone. Passwords will be deleted from the device and will not be pulled from the cloud until you explicitly activate iCloud Keychain. Browser history and search queries are deleted in a similar way:
Until recently, these actions would not have fully protected you, since Apple stored deleted browser history on its servers for an indefinite period of time. After Elcomsoft released an app that retrieves deleted records, Apple woke up and closed the hole.
However, browser history will still be stored in iCloud for at least two weeks after deletion. To finally “tie up the loose ends,” you will need to disable data synchronization with the cloud (you can always reconnect it after crossing the border). How to do this is in the official KB:
Backup copies of the device can also be stored in the cloud. However, mechanisms for accessing cloud data are regulated by other laws, and data from cloud backups is currently not retrieved when crossing the border. You can calm your inner voice and turn off cloud backups (and delete those already created), but there is little practical sense in this.
Finally, you can completely disable iCloud. However, we do not recommend doing this - at a minimum, by turning off iCloud, you lose protection from theft of iCloud Lock and Find My Phone.
Legal Methods of Counteraction
Today, a border guard officer has the right to ask an applicant for entry into the United States to unlock the device and hand it over for analysis. In some cases (reasonable suspicions, inclusion in the list of potentially dangerous or undesirable persons), the officer has the right to demand that the device be unlocked.
The difference between a “request” and a “demand” is difficult for an unprepared passenger, tired from a long flight and, perhaps, in a hurry for a transfer, to grasp, but nevertheless it exists.
Ignoring the order will not work, the consequences can be very unpleasant. But a request can be politely declined; if you can justify the refusal, so much the better. Yes, you may not be allowed into the country, and yes, you may be detained for an indefinite period, but from the point of view of American law, you have not yet committed a crime.
Conclusions
It is important to understand that the border guards have, if not the law, then the ability to interpret the law in their favor, brute physical force and methods of coercion, which they do not hesitate to use. The use of coercion methods is only increasing year after year.
From the point of view of your own safety, you should not object to the border guards. Also, you should not lie, cheat or dodge: all this will lead to additional complications in an already acute situation. It will be much more effective to use a set of technical protection methods that we described in this article.
Remember: you cannot extract from a smartphone something that is not physically on it, but any password from you can be obtained, if there is a desire.
