The US & some other jurisdictions are making a practice of opening or copying smartphones when people travel inbound - not for all passengers but it’s becoming increasingly common. They can’t force you to give up your password but CAN force use of a fingerprint scanner to open a phone & decrypt it. On phones that can’t be opened immediately they can copy the contents so the NSA can decrypt later if that appears warranted.
I have no reason politically to worry, but could have sensitive client HR data onboard & need to exercise best efforts under privacy laws to ensure sensitive data isn’t breached. This to minimize my legal exposure, to respect others’ data privacy rights, and because knowledge my contacts - executives of publicly-traded firms - are talking to a headhunter, could constitute info material to a firms’ stock price, meaning there’s theoretically SEC exposure. It’s all a bit theoretical & esoteric, but negligence under privacy laws is still untested & nebulous & I’d rather not ever be a test case.
I confess writing this I feel a tad paranoid. But others traveling to places like China would have greater concerns, esp. if journalists.
I gather Apple’s iPhones can be hardened with mirroring disabled so a desktop system can’t be used to reinitialize (if that’s the hack). I gather iPhones are especially secure against decryption at present. I believe Android phones are considerably less secure.
A warrant trumps any hardening measures of course: if the authorities have reasonable cause & obtain a warrant they can & should have access to the phone’s contents. We’re really just trying to limit causeless fishing trips.
Can a BraX3 phone be turned off & hardened against access & decryption while traveling through customs as well or better than a current iPhone? A Samsung Android phone?
I would disagree that iPhones are more secure from the threat you are describing than Android devices. Your best bet to guard against unwanted intrusions into your device is to use long PIN codes or alphanumeric passwords and also to turn the device off prior to entry and reentry into your destination country.
The reason turning your device off is so important is because of the way in which Forensic tools extract data from mobile phones. There are 2 kinds of device extractions, Before First Unlock (BFU) and After First Unlock (AFU). The difference between BFU and AFU extractions is the amount of data that can be extracted.
A device in BFU mode has the majority of the user data stored in an encrypted state. Forensic tools can only extract a small amount of information from a BFU device, and often the BFU extraction contains minimal or no communications like text messages.
After you power on your device and enter the PIN the first time, your device will be in AFU mode. The user data will be decrypted at this point which makes devices in AFU mode subject to a full forensic extraction, which will include user data like messages.
Your specific phone model will determine whether or not your device is supported for a full forensic extraction. In reality, because of the popularity of iPhones, those devices are more likely to be supported by forensic tools. The same is true of popular Android devices like Samsung Galaxy phones. More obscure devices like cheap, burner Androids, are often not supported by forensic tools due to the lack of development by companies like Cellebrite.
I would argue that the BraX3 phone is going to be very secure from forensic tools because of its obscurity and relative rarity among smartphones. So long as you set up a long PIN code (at least 8 digits) and keep your device off during border crossings, your BraX3 phone will most likely be safe.
I’m glad you mentioned this. This is the reason Apple recently introduced the routine of rebooting a device if it had not been used in a couple of days.
The other consideration with this is that this data (your data) will then be kept by the government or agency concerned forever once copied - so it’s always there for future access.
If encryption is average (or passwords poor, etc) it might mean in future it’s eventually easily decrypted, even if it’s not now.
And more importantly it’s sitting somewhere outside your control that bad actors could get hold of it if they gained access to the government or agency system where it’s stored… (and IMO an alternative example is that already appears to have been happening enmasse in the U.S. recently with DOGE, where data from many government systems and departments is being accessed by or shared with non-government organisations, businesses and/or individuals).
I do not disagree that 3 letter agencies probably have resources to make this happen, but known and available phone forensic technology does not do this. When a device is not supported on Cellebrite or other tools, there is NO extraction completed. This is because it cannot gain access to the data whatsoever.
In my mind, the only way that this threat is possible is if you are a specific target of of the government, CIA, deep state, or whatever shadow organization you have wronged. If you are simply crossing a boarder and get selected for a random check, in all likelihood the boarder agency has standard forensic tools like Cellebrite and if your phone is not supported for extraction, there will be NO extraction.
Also, forensic tools have a workaround for the automatic reboot. That is why it is imperative that you actually turn your device OFF during a crossing if you do not want your device to be dumped without cause.
That is a good idea for a manual review of your device. The question would be whether once you have logged into Profile B, does the data in Profile A remain encrypted, or is it encrypted? This would be important because once the device is encrypted with the PIN code, it could be hooked up to a forensic device for a full data extraction if the government agent decides they want it.
If you slow the process, border guards will likely move to the next person unless they are looking for you. Some methods to slow the process:
Walk through customs with the battery thoroughly drained. They will not usually want to wait until the battery gets going. Turn the flashlight, screen, wifi, bluetooth, and data on if you need to drain it quickly, or do some intensive processing.
Use two profiles, populate one with social media of you and lots of junk data and the other with sensitive data (perhaps called “kids”), and walk through customs with the battery thoroughly drained. By the time you show them the profile with social media, they will be tired of you when you tell them you can’t remember the kids/nephews passcode.
Another option is to entirely use e2ee cloud resources (Mega.nz, NExtcloud, Cryptpad.fr, but there are many more) that you don´t keep on your phone or laptop, so nothing is saved besides the keepassXC (keepassDX on android) file, which can be any file at all in your OS, so it will take a more thorough investigation to figure out where you are storing all your passwords even if they get the data on the device. Before going through customs, remove the last login of keepass so it isn´t obvious where the keepass file is or login with a keepass file with passwords to social media accounts.
Another option is simply not to keep sensitive data on a phone. Have a laptop with windows, populated with huge amounts of data so extraction is very slow, and use a bootable OS for the sensitive data, either on a very small USB drive or microSD card, and reconfigure the BIOS when you go through customs so it doesn’t boot to the correct OS. if they get the date from your phone and laptop they will probably stop there.
So this is the route I would pursue, on all my devices. But I am curious if anyone has experience with this, and specifically, with relation to your comment of an encrypted USB (like Tails) or MicroSD.
What would be the possible outcomes if you had those in your possession? Can they make you open them?
To protect yourself from being forced to reveal data, the best solution is plausible deniability, but few tools have this, veracrypt being the only one I know of. OS plausible deniability is more complicated, but can in theory run on a veracrypt hidden volume. Haven´t done it myself.
Good article I think the statement at the end sums it up “consider travelling with a clean device”, in many Rob videos he states that he stores minimum data on the phone itself.
Does anybody know if a factory reset completely clears the phones data ie can the old data no longer be recovered after a factory reset?
this is only tangentially related. I just saw this topic on youtube a few months ago and was surprised I didn’t know of it sooner. If I were in trouble with for instance the cops and didn’t want them to get ahold of my unlocked phone BUT needed to call someone then I’m stuck UNLESS I’ve taken 5 minutes to set up in Settings what I can access from from the Emergency lock screen. I can choose contacts to show up on the locked Emergency screen, along with personal information and even a burner email address so if someone found my locked phone they could email me or could call someone from my Emergency contacts and get my phone back to me.
Yes, a factory data reset does effectively wipe the phone. Modern devices are encrypted and when a user initiates a factory data reset, the encryption key is deleted. As a result, any residual data is left behind in an encrypted form and is not recoverable without the encryption key pair, which is associated specifically with the hardware. Only devices that are running some old software (like around Android 7) would be susceptible to having data recovered after a factory reset.
On a side note, if anyone is interested in ways to quickly factory reset your device, look into the Android app called Wasted. I have tested the app on a Pixel 3A and on a Samsung Galaxy S22 and it worked flawlessly on both of those devices. That app could get you out of a pinch at the border.
