Kinda surprised biometrics are recommended. I’ve always thought passcodes were more secure - particularly as the data is not easily accessible by interrogators for example.
Biometrics are recommended if the data is not classified.
Remember this is for people working on sensitive information.
This is what the NSA's original mission was, to keep people safe and strengthen the American defense posture from the single person up to the entire infrastructure that we rely on day-to-day. The mission has shifted to offense after 9/11 so there's conflicting goals here (can't patch something we're using against the bad guys)
It says on their mission statement that they do SIGINT and information assurance (i.e. IT security) and there is plenty of public evidence that they do both. Plus they've been deeply involved with designing cryptographic protocols and equipment for the US govt for a very long time which is part of SIGINT but it's not the offensive part.
The NSA was created in a reorganization of US SIGINT/COMINT services, because SIGINT/COMINT during the Korean War had been unsatisfactory. Its primary mandate has always been COMINT.
> The Brownell Committee suggested that the creation of AFSA could be seen as a "step backward," and recommended that the power of the director, AFSA, to centralize COMINT be increased.
> In October, Harry Truman authorized a reorganization and renaming of AFSA, and in November, the secretary of defense authorized the replacement of AFSA by the National Security Agency.
No it wasn't. Take a look at the movie Enemy of the State that was released in 1998, 3 years before 9/11. In the movie the NSA is monitoring all calls, has NRO satellites that tail them, and a bunch of other Tinfoil hat stuff that was confirmed by the Snowden leaks a decade later. The biggest fiction in the movie was their ability to connect the dots and do stuff in real time as depicted.
The NSA director even said they were appalled how the agents were portrayed and went on PR campaigns to defend them selves. They were always spying but not ruthless killers as depicted in the movie.
If every NSA employee has a perfect security posture, any adversary is going to have to take more extreme measures to get information. Better to let them have the occasional un-updated iPhone.
I went to a legal presentation at Defcon a couple of years back where they said that the government needs a court order / warrant in order to force you to tell them your password, but if you're using biometrics, they can just force you to touch your finger to your phone or scan your eyes without it. It's some legal loophole.... so in that respect I think passwords ARE more secure.
Smart, but there is a way to force your (faceid/touchid) iphone to require your password by holding the power button to get to the "slide to power off" screen.
A defendant was compelled to use their face to unlock their computer in a recent case (2021) [1]. The reasoning given by an analyst:
> requiring a defendant to expose his face to unlock a computer can be lawful, and is not far removed from other procedures that are now routinely approved by courts, with proper justification: standing in a lineup, submitting a handwriting or voice exemplar, or submitting a blood or DNA sample
Contrasting the logic used by a judge in a similar case in (2019) [2]:
> If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device
Ars has a summary of more cases [3]. It looks like in several instances state courts allowed the devices to be unlocked using biometrics, but the rulings were reversed at the federal level. In many cases a warrant was required.
Presumably NSA employees are not using their phones for illegal activities, so they should not be in a situation where a court will order them to unlock their phone.
Maybe by the NSA. Any defense attorney will tell you otherwise. If your fingerprint unlocks your phone then the cops will hold your finger to the phone. If you face unlocks your phone then they will do that too. A pin/password means you retain at least some control.
If this was an Archer episode, I'd point out that while dead people cannot divulge pins/passwords their fingerprints still work.
I believe they're recommending setting your phone up in a "lock immediately upon sleep; require password after five minutes" configuration.
Passwords are better than biometrics for security; but between password validations, presuming some level of convenience is needed, using biometrics to check that the same person is still there is better than "just stay unlocked for a few minutes even after being put to sleep".
It's like HTTP Basic Auth (sending credentials with every request), vs. logging in, receiving a short-lived session cookie, and then sending that session cookie with your requests for a few minutes.
It says to protect your lock screen with a password, and additionally protect minimally sensitive data on an already-unlocked device with biometrics for convenience.
It's possible to have a security exploit which can compromise a running device, but is not able to make itself permanent across restarts (e.g. changes programs in RAM but not in flash)
Concrete example: all the recent ios jailbreaks (aka sandbox escape and/or EoP exploits) are tethered, which means they're undone/reset after a reboot.
a lot of exploits deliberately avoid persistence as an extra layer of protection from detection. Since most folks rarely restart their phones these bugs can live on your phone until a restart. So by restarting your phone on a weekly basis you are potentially wiping out memory only infections.
Another explanation is the hardware root of trust. On iOS, for example, hardware root of trust in a separate physical security processor validates all code in a chain. An exploit cannot gain persistence across a reboot unless it has access to the private signing keys of Apple
There is a whole category of potentially exploitable bugs that result from programs simply running. Slow memory leaks, floating point precision loss, and integer overflows to name a few. But this is more likely about clearing caches.
It’s to get rid of exploits that have no persistence.
For example, your running kernel space may be compromised but your on-disk kernel image may be still pristine due to a secure boot chain. That’s why rebooting can help remove such exploits.
The U.S. Surgeon General's mandatory warning for alcohol states "women should not drink alcoholic beverages during pregnancy because of the risk of birth defects." It does not use the word "avoid".
Problem with this: keep your phone with you always conflicts with don’t have secure conversations within mic range of your phone. You can’t do both of these.
But otherwise this is great and I would probably add “reset and replace devices often.”
Are lockers really that secure? Similar documents advise against leaving laptops in hotel rooms or cars, even if locked, because they are easy to get into. I imagine a locker is not hard to break into. Small locks can be picked in a second or two by people with practice, which does not look different than retrieving your own phone.
The lockers are just so you have a place to put your phone. They are not secure in any way. Using a keyed locker just ensures you don't pick up someone else's phone by accident after the meeting. Remember that secure rooms live inside secure buildings, usually inside a secure facility with a fence and guy standing at the gate. And the guy has a gun.
I’ve seen most of these recommendations before, but the “mic-drowning case” to muffle room audio is new to me. Certainly makes sense, but are there any common commercial phone cases that advertise this feature?
Having recently switched to iPhone I have been very surprised at finding my wifi and Bluetooth automatically turning on. There could be a better way, but I had to create a shortcut to disable connectivity until I manually turn it back on
They're not automatically turning on if you're "turning them off" from Control Center. Those buttons just temporarily disable them (and state that clearly when you do so). The only way to actually turn off Wifi and Bluetooth is to go into Settings and turn them off there.
But that same button used to be a permananent toggle, and now there is no way to restore the (better) old behavior. Another instance of Apple thinking they know better than their users.
You are not everyone. Just because you think it's better doesn't mean it actually is. Most of the time when I want to disconnect from Wifi, it's a temporary measure because the network I'm connected to is slow or dead. I imagine it's the same for many others.
Apple is notoriously allergic to putting toggles for every little thing, and that shouldn't be a surprise to software developers. We all know every user-configurable setting increases complexity.
If you want to have a disconnect button, add as another button choice to the panel. Even make it default. But the original button shouldn't have been broken with no recourse.
Not to mention, some brief wordy nearby text display in tiny print after the fact, is the opposite of clear.
> We all know every user-configurable setting increases complexity.
They can also mean the difference between a tool and a toy or even worse, a slave collar.
One of the good practices in programming is to not hardcode things. Where that is followed, often the hardest part about configurability is the UI for it, since under the hood it's already determined by a bunch of variables anyway, and it's mostly a matter of exposing them nicely to the user.
Besides, it's way more complex to have a timed toggle than just a toggle.
"you people" -- you don't know the first thing about me. And this argument to excuse to treat adult consumers like infants, and use the people that don't mind as the measure all other adults have to reduce themselves to, is used for a lot more than just a wifi toggle.
This is one of the nice things about shortcuts. I created a shortcut that will turn off wifi and Bluetooth. You can then add an icon to your home screen to run the shortcut and boom. Both are actually turned off…not just disabled for 24 hours. I also have a shortcut to turn them back on when I need them.
As much as I prefer iOS to Android, this is my biggest pet peave. They way they are so aggressive with bluetooth and wifi is annoying. I hate that they don't even go through DHCP most of the time and just assume that last known IP is still available, all to "help it connect quicker". Just get your own IP because having to toggle wifi on multiple devices is way slower and annoying. I get that AirDrop and FindMy** and other features require these things to work but how about just giving a (one-time) warning when people turn them off. Most people will never turn them off ever so let the subset of us who want them off have it work in a sane way.
> I hate that they don't even go through DHCP most of the time and just assume that last known IP is still available, all to "help it connect quicker".
Oh, I forgot all about that.
I worked at a K-12 that deployed Apple devices awhile back, and this behavior was a nightmare for network management. Especially for travelling teachers who would take their device to several different buildings throughout the day (and, therefore, different IP subnets with the same WiFi name).
The worst part was that some of the devices would just... never emit a DHCPREQUEST. They'd either ignore the fact that there was an address collision confusing everyone else's ARP tables, or connect to the network but stick with an IP that had no route to a gateway. As I recall -- it's been awhile -- even setting the lease duration to something very low didn't seem to help. Indeed, I think that made it worse.
It was bad enough at one point that we had those devices with the worst behavior set up with reserved IPs and a hidden WiFi network that was a district-wide VLAN with a single subnet.
I know its a minor inconvenience, but this is one of my biggest pet peeves with the whole OS. I wish there was a way to change the setting to actually control things with control center...
I don't understand why it would ever be useful. Either you want it on, or not. Imagine if your mute button decided to reset every now and then. Pause button, or flashlight?
Basically nothing else works like that.
In fact figuring out how to turn off wifi with the combination of Airplane mode and wifi button just about blows my mind every time I try. So complicated.
Imagine you're not good at using computers. I've seen people accidentally turn on do not disturb and be unable to figure out why their phone isn't ringing so they think it's broken.
We are in a small minority of 'power users' - iPhones have hundreds of millions (billions?) of users across the entire world.
That's happened to me. I had to google it, turns out there's a physical switch I never used on the side of the phone that enables it and pushed accidentally.
IMHO, these are not good excuses to avoid a clear interface. If the rules are simple and clear, and presented clearly, even the dumbest of the dumb can learn them. Trying to guess and out-think the user only ends up in more confusion.
When you disable wifi/bluetooth via the control center, pop-up text appears saying exactly what that means. I'm not sure how they could make that more clear. It still may not be your (or my) desired default, but I at least understand the reasoning.
Tiny, wordy, brief text after the button press is not what I'd describe as clear. If you need to add "comments" to a (now three-state) button, it's a sign that the interface needs work.
It's extra complexity in the form of rules added to what was previously a simple to understand toggle button. That it goes against historical norms, reduces privacy, and wastes a bit of power is the icing.
This does not, in fact, work as it seems. I think the best bet is a Shortcut that turns off Wi-Fi and Bluetooth entirely, as concernedctzn suggested below.
You can use the Shortcuts app to make a custom shortcut that permanently turns off both wifi and bluetooth, and then add that shortcut to your news/leftswipe menu to reduce the number of swipes/taps to get to it
Are you sure?
This is not the case in the latest iOS. Long-pressing the icons in Control Center offers a wider view and access to hotspot and airdrop settings. Pressing either WiFi or Bluetooth from this second menu has the same effect as the icons on the first page, (you can inspect settings afterwards and see it’s still “off until tomorrow”) and further long presses on the second page icons only let you choose which WiFi network or Bluetooth device to connect to.
On my phone (iOS 14.6), the Wifi and BT say "New Wi-Fi network connections have been turned off from Control Center" after long press. But that _seems_ to be the same message as if I do the "until tomorrow" way.
And the actual Wi-Fi and Bluetooth sliders are decidedly in the ON position. I must've concluded that since it didn't do the "until tomorrow" message then it behaved as I wanted.
> Do not charge your devices by connecting them to charging stations, computers, televisions, DVRs, etc. Use only
issued chargers or those acquired with sufficient OPSEC.
I'm surprised the government/military does not issue its employees USB condoms to obviate this worry.
Same reason people treat internal email as insecure: you get used to the convenience, then one day you reply-all to an outside address. In this case, you get used to using public chargers with a condom and one day you forget the condom.
The parallels don’t quite line up, as in this case, they could be issued official cables that have a condom integrated/soldered on. Maybe in a special colour to remind you that these are “secure” cables.
It’d be like your internal corporate email client not even letting you send mail out to external addresses.
Sure, you could intentionally set up IMAP with an untrusted client and then send such messages (and likewise, you could intentionally bring some other insecure cable with you); but someone doing that would likely have a visible pattern of doing that, long before they actually get spearphished—one that could be noticed and reprimanded.
Of course, ideally, you’d make using the insecure clients / cables impossible, by giving the “other end” a proprietary shape that only the secure client/cable fits with.
(Maybe they could design a little adapter that could be semi-permanently socketed into a phone’s USB-C/Lightning port, turning it into something proprietary that only their secure cable has the male end for? I’m assuming here they still need a data connection — with a different special cable — for device maintenance; otherwise you could just make that little socketed-on adapter be the condom.)
One problem with both Android, and Ios: impossible to disable automatic previews
Send yourself a link by SMS, or some popular messenger like Whatsapp.
Your phone will automatically make you a browser page preview, and in the process run every browser exploit available.
Google added an extremely well hidden option to disable it it Messages few versions ago. Since there is no way to be sure Google does not remove it, and add some kind of another autoplay like feature in the future, I just replaced the SMS app altogether to one which does not peek into my conversations https://play.google.com/store/apps/details?id=com.simplemobi... (google straight tells they can get a copy of your SMSes as per their disclaimer if you use Google Messages for "improving service")
We need, but making a default SMS app straight sending your texts to Google.com by default, and making it very hard to disable for a technically illiterate user is beyond unethical.
Well, considering all those restrictions and how it's still not secure enough anyway how long before the recommendation will be "Don't use your smartphone. Use the landline phone in your office" ?
Even if I take your comment at face value a landline phone in an NSA office is most likely still more secure than any smartphones if I am to believe that NSO/Pegasus thing.
I worked for a company where we sent folks onsite to very secure sites.
Nothing electronic EVER arrived at the facility or left with you when you left the facility that wasn't accounted for. Nothing that ever entered that wasn't needed, NO phones allowed ever. You and your vehicle were searched on arrival and exit. We went through a lot of laptops...
With the complexity of hardware / software involved, I suspect that's the only way.
You must work at my company’s cyber security team. They’re convinced that the safest stuff is when that stuff is never allowed to exist in the first place. Which is probably true but in my opinion misses the point.
Why do people need computers, really? A smart phone is a small portable computer with a phone built in. Maps is one of the types of apps that most people use but it's not the only one. Email, social media, text messaging, note taking, audio and video recording, a camera, a compass, pedometer, access to cloud file storage, reading apps like nook or kindle are a few of the apps that I use regularly on my phone in places where a laptop or even a tablet wouldn't be inconvenient or impossible.
I've given some serious thought to going back to a dumb phone and a separate navigation device in the car, but I don't know if a stand-alone comsumer GPS with maps and turn-by-turn navigation is something you can even buy anymore, since 99% of people use their phones for that now.
I'm curious if anyone has any leads/stories on compromised 3rd party devices? Would love to learn more about detecting these things. Like say a USB charging brick that also attempts malware or a keyboard etc?
Is there much that can be done to detect them? I know they're for sale for pen testing and what not, but I've never seen much in the realm of preventing or protecting against them.
I've thought about somehow creating a raspberry pi that sits between usb devices and snitches on data transfer that is not expected? It could be really hard to do, and probably easy for a device to mask (only attempt attacks when other file operations are happening)
Annoyingly, putting your device in a shielded evidence bag without turning it off can cause its various radios to franticly seek connections and even amplify their signals until they completely empty your battery.
Useful to have if you are curious about protests or concerts and other gatherings of people with a significant criminal element who could get your IMEI stingray-ed and then palantir-ed.
I usually change my phone to airplane mode for long drives or hikes through signal-less wilderness, otherwise they'll thrash around searching frantically for signal until they drain the battery outrageously fast. It's really quite annoying.
>Use strong lock-screen pins/passwords: a 6-digit PIN is sufficient if the device wipes itself after 10 incorrect
password attempts.
im calling BS. NSO and others have demonstrated repeatedly they can (and do) bruteforce these pin based logins quickly and efficiently without triggering the wipe using sidechannel attacks on running services and software over the air and through USB. use a PASSPHRASE.
>Consider using Biometrics (e.g., fingerprint, face) authentication for convenience to protect data of minimal sensitivity
remember: the fifth amendment does not cover biometrics . if a DUI case can forcibly extract your blood, then you can and will be required to present your face to unlock a laptop. use passphrases.
>DO NOT jailbreak or root the device.
this often allows people to remove pre-installed spyware just as easily as it can be installed.
> remember: the fifth amendment does not cover biometrics . if a DUI case can forcibly extract your blood, then you can and will be required to present your face to unlock a laptop.
On the iPhone theres a neat trick: If you seem to be in a situation where you might be forced to hand over your phone (and unlock it with bio), hold down the power button for a second or two (secretly/inconspicuously in your pocket or wherever your phone is). This will disable fingerprint unlocking and you will be forced to enter PIN.
Doesn't seem to work on Android (11 at least) though.
Android doesn't have a stealthy way to do it without powering down, but you can either activate lockdown mode, reboot, or power down and the next access will require PIN, not biometrics.
I'd imagine it varies by OEM, as my BlackBerry KeyOne gives me the option to "Lock Now" when I hold the power button for 2 seconds. It does actually lock out biometrics, as I've tested it previously.
Yeah that's tricky to do in your pocket though. If you take out your phone and hastily do something like that you're gonna activate "I have something to hide" suspicions.
But as another commenter pointed out you can hold the power button for a longer time (5+ seconds) and the phone will turn off or reboot, which achieves the same thing. Just quicker and stealthier on the iPhone.
Do you have an iPhone at hand to confirm? Because I'm quite sure that just the power button for a second or two is enough. At least it was with iPhone SE (original) back in spring 2020 (I'm nowadays on Android).
127 comments
[ 3.2 ms ] story [ 204 ms ] threadRemember this is for people working on sensitive information.
This is what the NSA's original mission was, to keep people safe and strengthen the American defense posture from the single person up to the entire infrastructure that we rely on day-to-day. The mission has shifted to offense after 9/11 so there's conflicting goals here (can't patch something we're using against the bad guys)
The only shift after 9/11 was getting the three agencies to actually talk to each other.
https://www.nsa.gov/about/mission-values/
https://www.nsa.gov/about/cryptologic-heritage/historical-fi...
> The Brownell Committee suggested that the creation of AFSA could be seen as a "step backward," and recommended that the power of the director, AFSA, to centralize COMINT be increased.
> In October, Harry Truman authorized a reorganization and renaming of AFSA, and in November, the secretary of defense authorized the replacement of AFSA by the National Security Agency.
The NSA director even said they were appalled how the agents were portrayed and went on PR campaigns to defend them selves. They were always spying but not ruthless killers as depicted in the movie.
https://en.wikipedia.org/wiki/Enemy_of_the_State_(film)
> requiring a defendant to expose his face to unlock a computer can be lawful, and is not far removed from other procedures that are now routinely approved by courts, with proper justification: standing in a lineup, submitting a handwriting or voice exemplar, or submitting a blood or DNA sample
Contrasting the logic used by a judge in a similar case in (2019) [2]:
> If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device
Ars has a summary of more cases [3]. It looks like in several instances state courts allowed the devices to be unlocked using biometrics, but the rulings were reversed at the federal level. In many cases a warrant was required.
1. https://archive.is/i2Bx9
2. https://archive.is/px2Qz
3. https://arstechnica.com/tech-policy/2020/06/indiana-supreme-...
Biometrics is good for law enforcement but is it tougher for hackers?
Maybe by the NSA. Any defense attorney will tell you otherwise. If your fingerprint unlocks your phone then the cops will hold your finger to the phone. If you face unlocks your phone then they will do that too. A pin/password means you retain at least some control.
If this was an Archer episode, I'd point out that while dead people cannot divulge pins/passwords their fingerprints still work.
Passwords are better than biometrics for security; but between password validations, presuming some level of convenience is needed, using biometrics to check that the same person is still there is better than "just stay unlocked for a few minutes even after being put to sleep".
It's like HTTP Basic Auth (sending credentials with every request), vs. logging in, receiving a short-lived session cookie, and then sending that session cookie with your requests for a few minutes.
It’s not perfect, but I think it strikes the best balance.
Thoughts, HN? I can see how this might be good for performance, but how is it good for security?
That's my best guess.
As soon as you make changes have persistence you have proof and some operators are not oaky with that.
For a very recent example of this, see the NSO Pegasus scandal from the past couple of weeks.
A reboot "unloads" the malware (until the adversary sends another payload, anyway.)
For example, your running kernel space may be compromised but your on-disk kernel image may be still pristine due to a secure boot chain. That’s why rebooting can help remove such exploits.
1) even on mobiles you still get the occasional webview or other core library update and need to reboot to complete the patch.
2) modern versions of Android use per-file encryption. Periodically rebooting flushes unencrypted buffers.
Is the surgeon general's advice "Pregnant women should avoid alcohol" unclear?
Here's a long list of scholarly articles that use "Avoid Alcahol" when stating or re-stating health recommendations from various countries.
https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=wome...
But otherwise this is great and I would probably add “reset and replace devices often.”
It also prevents casual but intentional unauthorized access, just not a determined attacker.
As you note, there are other layers of security for that.
Ideally I’d like both the mic and camera cover
On android, if I turn bluetooth off from the quick access menu, it stays off--which is what I expect.
Apple is notoriously allergic to putting toggles for every little thing, and that shouldn't be a surprise to software developers. We all know every user-configurable setting increases complexity.
Not to mention, some brief wordy nearby text display in tiny print after the fact, is the opposite of clear.
They can also mean the difference between a tool and a toy or even worse, a slave collar.
One of the good practices in programming is to not hardcode things. Where that is followed, often the hardest part about configurability is the UI for it, since under the hood it's already determined by a bunch of variables anyway, and it's mostly a matter of exposing them nicely to the user.
Besides, it's way more complex to have a timed toggle than just a toggle.
for real? because you have to go into the Settings app to turn off wifi permanently? Sometimes you people are delusional.
[0] https://ibb.co/kJ59LCN
Oh, I forgot all about that.
I worked at a K-12 that deployed Apple devices awhile back, and this behavior was a nightmare for network management. Especially for travelling teachers who would take their device to several different buildings throughout the day (and, therefore, different IP subnets with the same WiFi name).
The worst part was that some of the devices would just... never emit a DHCPREQUEST. They'd either ignore the fact that there was an address collision confusing everyone else's ARP tables, or connect to the network but stick with an IP that had no route to a gateway. As I recall -- it's been awhile -- even setting the lease duration to something very low didn't seem to help. Indeed, I think that made it worse.
It was bad enough at one point that we had those devices with the worst behavior set up with reserved IPs and a hidden WiFi network that was a district-wide VLAN with a single subnet.
My guess is accidentally disabling those services via control center was a common issue.
I’d rather it be the other way, but that’s probably why it’s not.
Basically nothing else works like that.
In fact figuring out how to turn off wifi with the combination of Airplane mode and wifi button just about blows my mind every time I try. So complicated.
Imagine you're not good at using computers. I've seen people accidentally turn on do not disturb and be unable to figure out why their phone isn't ringing so they think it's broken.
We are in a small minority of 'power users' - iPhones have hundreds of millions (billions?) of users across the entire world.
IMHO, these are not good excuses to avoid a clear interface. If the rules are simple and clear, and presented clearly, even the dumbest of the dumb can learn them. Trying to guess and out-think the user only ends up in more confusion.
When you disable wifi/bluetooth via the control center, pop-up text appears saying exactly what that means. I'm not sure how they could make that more clear. It still may not be your (or my) desired default, but I at least understand the reasoning.
It's extra complexity in the form of rules added to what was previously a simple to understand toggle button. That it goes against historical norms, reduces privacy, and wastes a bit of power is the icing.
- the wifi is not connected to the internet or requires username/password
- user disables it
24 hours later, the user is racking up their mobile data plan because they forgot to enable the wifi again.
This prevents it.
Bluetooth,
- You disconnected from a speaker that was being used so someone else could connect
- The next day you go to get in your car in the morning and it didn't give you the directions through the radio. Whatever
- That afternoon it works and you don't think about it. It fixed itself.
Just different users.
The icon in the swipe up control center is for temporarily disconnecting it…which it literally tells you when you click it.
In general, try long-pressing everything: there's generally shortcuts or "power moves" afterwards.
And the actual Wi-Fi and Bluetooth sliders are decidedly in the ON position. I must've concluded that since it didn't do the "until tomorrow" message then it behaved as I wanted.
I stand corrected.
https://media.defense.gov/2020/Jul/28/2002465830/-1/-1/0/MOB...
Corresponding NSA document for OCONUS (travel outside continental US)
https://home.army.mil/stewart/index.php/download_file/view/1...
I'm surprised the government/military does not issue its employees USB condoms to obviate this worry.
It’d be like your internal corporate email client not even letting you send mail out to external addresses.
Sure, you could intentionally set up IMAP with an untrusted client and then send such messages (and likewise, you could intentionally bring some other insecure cable with you); but someone doing that would likely have a visible pattern of doing that, long before they actually get spearphished—one that could be noticed and reprimanded.
Of course, ideally, you’d make using the insecure clients / cables impossible, by giving the “other end” a proprietary shape that only the secure client/cable fits with.
(Maybe they could design a little adapter that could be semi-permanently socketed into a phone’s USB-C/Lightning port, turning it into something proprietary that only their secure cable has the male end for? I’m assuming here they still need a data connection — with a different special cable — for device maintenance; otherwise you could just make that little socketed-on adapter be the condom.)
Send yourself a link by SMS, or some popular messenger like Whatsapp.
Your phone will automatically make you a browser page preview, and in the process run every browser exploit available.
Google added an extremely well hidden option to disable it it Messages few versions ago. Since there is no way to be sure Google does not remove it, and add some kind of another autoplay like feature in the future, I just replaced the SMS app altogether to one which does not peek into my conversations https://play.google.com/store/apps/details?id=com.simplemobi... (google straight tells they can get a copy of your SMSes as per their disclaimer if you use Google Messages for "improving service")
Nothing electronic EVER arrived at the facility or left with you when you left the facility that wasn't accounted for. Nothing that ever entered that wasn't needed, NO phones allowed ever. You and your vehicle were searched on arrival and exit. We went through a lot of laptops...
With the complexity of hardware / software involved, I suspect that's the only way.
Why? I'm not seeing the connection
I think wrote my original post in a way that wasn't clear.
Thought they wouldn't let it in either. Makes sense now.
It turns out my Samsung candy bar phone with no camera, GPS and internet leads the way in security.
https://www.tomtom.com/en_us/navigation/car-gps/
Useful to have if you are curious about protests or concerts and other gatherings of people with a significant criminal element who could get your IMEI stingray-ed and then palantir-ed.
im calling BS. NSO and others have demonstrated repeatedly they can (and do) bruteforce these pin based logins quickly and efficiently without triggering the wipe using sidechannel attacks on running services and software over the air and through USB. use a PASSPHRASE.
>Consider using Biometrics (e.g., fingerprint, face) authentication for convenience to protect data of minimal sensitivity
remember: the fifth amendment does not cover biometrics . if a DUI case can forcibly extract your blood, then you can and will be required to present your face to unlock a laptop. use passphrases.
>DO NOT jailbreak or root the device.
this often allows people to remove pre-installed spyware just as easily as it can be installed.
On the iPhone theres a neat trick: If you seem to be in a situation where you might be forced to hand over your phone (and unlock it with bio), hold down the power button for a second or two (secretly/inconspicuously in your pocket or wherever your phone is). This will disable fingerprint unlocking and you will be forced to enter PIN.
Doesn't seem to work on Android (11 at least) though.
I'd hold the power button a bit longer and turn off the device altogether. Granted, not as convenient.
But as another commenter pointed out you can hold the power button for a longer time (5+ seconds) and the phone will turn off or reboot, which achieves the same thing. Just quicker and stealthier on the iPhone.