Phones need to have two passwords; one that when you unlock it just has the built-in apps and a small selection of your emails/images that you don't mind other people seeing.
Second password would actually unlock the entire phone and all files.
Truecrypt used to have this feature (when it was around). Only the second password would actually open the full encrypted storage - first password - which you could give under duress would only 'see' fake stuff that you put there; always thought that was a clever feature - never had a need to use it myself.
I seem to recall that wiping your device is the current advice in some contexts. Restore from a backup after you arrive at your destination. Rinse and repeat on the way home.
If this is the new status quo, then I am done traveling internationally.
Unfortunately, I have to believe that such an action would pose a pretty big risk of exposing their operation. Not impossible and definitely a real risk for high value targets, but it is probably not a very probable threat for the average citizen.
Apple details how the boot chain works in the platform security document. The early boot governed by an erase install is stripped all the way back to that.
There is no “firmware” at that point, it’s literally a boot rom, and the only thing that can be installed from that point is an apple signed binary.
If you don’t trust that assertion then there is no system you can trust, because at that point your threat model is people injecting malware at the fab.
The best I can say is no one has found a place where they've lied, and I'm sure that at this point some jailbreaker would have published something. They certainly had no problem doing so with the iphone4 (I think?) era bootrom bug.
On devices with a secure boot chain (Android verified boot on the better android devices), chromebook's secure boot (which a brief googling would imply is distinct from android's), or fuchsia's VX there is similarly an absence of independent audit.
So the question is, do you think Google, Apple, etc are lying about how their secure systems work? If you do, then the same applies to any other piece of hardware with a secure boot chain as well.
If you don't think they're lying, lets look at how a device reset works on apple hardware, to see how hard it would be to break device reset.
To understand how device reset works, we need to understand how apple devices work (at least the modern ones: Axx, Mx, intel devices with a T2 coprocessor). On these systems all storage is encrypted by keys held in the secure component of the SoC/T2. This encryption is done in hardware, in the interface between the system and the nand. It is impossible for anything at any privilege level, or in any other part of the SoC to ever see the raw bits in the nand.
"Erasing" the storage means resetting the storage keys. That's it. Because those keys are now gone it isn't possible for any malware (or anything at all) to have data persist across a reset. The only way it would be possible for anything to survive would be if a reset did not actually reset the encryption keys.
Even if the bootrom did fail to reset the storage keys, it doesn't read anything from the nand (why would it?), so nothing in the nand can stop the next step: the bit where it loads the install image being pushed over the physical connection to your computer (this is the bit that the limera1n exploit hit). The bootrom verifies the signature of the install image (using keys also burned into the rom), and starts that. The first thing that does is create a new filesystem[s?], so even if the bootrom had a catastrophic bug that meant it hadn't reset the storage key, the OS installer has blown away the content of the storage.
Basically, on an apple device, getting something to persist across a reset would almost certainly get you a golden pwnie :D
If the device you're concerned about lacks a secure boot system, then yeah, I would not be surprised if someone did manage to make malware they could persist a full reset/format/reinstall. I'd be really impressed, but not surprised.
It's like they are trying to destroy their tourism industry:
Warren advised people flying into Australia not to have anything on their device that they don’t want authorities accessing, and to ensure their device is encrypted with a strong passcode.
“Once they take your device out of your sight, you should assume it’s completely compromised and they have a copy of everything that was on it, and act accordingly,” he said.
James said the incident made him rethink what he would do next time he travels out of Australia.
“I think what I’ll just do next time is as we fly into Sydney, I’ll just press the factory reset button on the phone and when they pull me up again, I’ll be handing them a fresh clean factory reset.”
"Consider the device compromised" means more than just "they have your data"
Compromised means that they will have anything you put on that device after that point. Meaning it should go straight into the shredder and go buy a new one.
Doesn't matter if its factory reset or not, it needs to go in the trash
This made me wonder about cloud services or servers: would a border guard be smart enough (or care enough) to understand the difference between a device password and the password for an online account. If you just brought something that was a thin client, do you risk punishment for not providing additional login info? What worries me most about this kind of thing is being in a situation where some thug is asking you to do something that's either not possible, or clearly outside of the intent of the law, but you're at their mercy.
Re Australia, this is just the latest in a long list of many reasons I'll never go there. As someone else said, it will be interesting to see if tourism resumes or if most people will not risk trying to go their anymore given their recent behavior
I used to think it would be awesome to move to America for some startup job and live the good life... till I learned about healthcare and realised I didn't have it so bad in Australia not having to worry about bankruptcy for a broken leg. Now with the slow agonising slide of Australia into technocratic tyranny... and I'm not exaggerating some otherwise sensible policies to do with COVID or anything...
I'm talking about things like the Assistance and Access bill, data retention laws, the lack of usefully constitutionally protected rights, border policies like this, state governments banning basically harmless gel blasters while paintball remains legal, the bizarre online privacy law changes around the "eSafety Commission", efforts to ban cash transactions of $10000 or more, the currently underway efforts to "reform" the surveillance legislation giving them powers to modify data and take over accounts of anyone as they see fit (since theres no oversight mechanism beyond "trust we do our jobs")... the entire damn country has gone beyond "nanny state" and is getting worse every time I look at it...
But I'm still not seriously considering moving... Pre-Brexit I would have been seriously looking at moving to the UK by now since I'd probably have just spent most of my time in the rest of the EU and could avoid the worst of the UK's eccentricities... But Brexit... The USA remains a non-starter due to the insanity that is healthcare in the USA.
I'm Canadian so judge my opinion accordingly. If you're employed / well off, the US has a world class healthcare system. Canada's public healthcare is not very good, and we have no real private options. People who can afford to routinely go the the US for tests and treatment. We (canadians) like to gloat about our great system, and maybe it's ok for some things, but bottom line, no matter your personal priorities or ability to pay, you're in the same line for government run services as everyone else. Some people may agree with that, but probably less so when they can't get the help they need.
I know there are lots of insurance shenanigans I'm probably glossing over, but I still wouldn't rule out the US on the grounds of healthcare if you have a good job / career
Moving to a country where my healthcare is tied to my employment feels a lot like dystopia to me. Also while healthcare struggles on barely functioning in the USA at the moment, there’s no real guarantee that it won’t be the first thing to collapse in the next financial disaster due to world shatteringly impressive mismanagement by decades of private companies squeezing the very blood and sweat out of American workers by way of ever increasing healthcare costs. It’s like a slow burn undermining the entire US economy.
And I didn’t talk to much about Canadian healthcare because I know it’s more fair but I know it varies from province to province so it’s not really consistent.
China. Lots of blatant plundering of water and natural resources, lots of political manipulation and Chinese money used to inch Australia toward authoritarian compatibility with Chinese global aspirations.
Australia doesn't have enough people, wealth, or apparently the political will to oppose China.
More and more we see Australia trying to out China in authoritarianism. However, at least China (and Russia for that matter) doesn't hide that it is authoritarian. People from Eastern states are very much aware of this and act accordingly. On the other hand, I wonder how Australians perceive this situation, and how much Goethe's old adage, “the best slave is the one who thinks he is free,” applies.
30 comments
[ 3.2 ms ] story [ 81.9 ms ] threadWhy does this matter, if Australia will just force you to tell them what it is?
Second password would actually unlock the entire phone and all files.
Truecrypt used to have this feature (when it was around). Only the second password would actually open the full encrypted storage - first password - which you could give under duress would only 'see' fake stuff that you put there; always thought that was a clever feature - never had a need to use it myself.
Presumably if you are sufficiently concerned your only option would be to erase your devices prior to crossing the border?
Unfortunately, I have to believe that such an action would pose a pretty big risk of exposing their operation. Not impossible and definitely a real risk for high value targets, but it is probably not a very probable threat for the average citizen.
There is no “firmware” at that point, it’s literally a boot rom, and the only thing that can be installed from that point is an apple signed binary.
If you don’t trust that assertion then there is no system you can trust, because at that point your threat model is people injecting malware at the fab.
On devices with a secure boot chain (Android verified boot on the better android devices), chromebook's secure boot (which a brief googling would imply is distinct from android's), or fuchsia's VX there is similarly an absence of independent audit.
So the question is, do you think Google, Apple, etc are lying about how their secure systems work? If you do, then the same applies to any other piece of hardware with a secure boot chain as well.
If you don't think they're lying, lets look at how a device reset works on apple hardware, to see how hard it would be to break device reset.
To understand how device reset works, we need to understand how apple devices work (at least the modern ones: Axx, Mx, intel devices with a T2 coprocessor). On these systems all storage is encrypted by keys held in the secure component of the SoC/T2. This encryption is done in hardware, in the interface between the system and the nand. It is impossible for anything at any privilege level, or in any other part of the SoC to ever see the raw bits in the nand.
"Erasing" the storage means resetting the storage keys. That's it. Because those keys are now gone it isn't possible for any malware (or anything at all) to have data persist across a reset. The only way it would be possible for anything to survive would be if a reset did not actually reset the encryption keys.
Even if the bootrom did fail to reset the storage keys, it doesn't read anything from the nand (why would it?), so nothing in the nand can stop the next step: the bit where it loads the install image being pushed over the physical connection to your computer (this is the bit that the limera1n exploit hit). The bootrom verifies the signature of the install image (using keys also burned into the rom), and starts that. The first thing that does is create a new filesystem[s?], so even if the bootrom had a catastrophic bug that meant it hadn't reset the storage key, the OS installer has blown away the content of the storage.
Basically, on an apple device, getting something to persist across a reset would almost certainly get you a golden pwnie :D
If the device you're concerned about lacks a secure boot system, then yeah, I would not be surprised if someone did manage to make malware they could persist a full reset/format/reinstall. I'd be really impressed, but not surprised.
Warren advised people flying into Australia not to have anything on their device that they don’t want authorities accessing, and to ensure their device is encrypted with a strong passcode.
“Once they take your device out of your sight, you should assume it’s completely compromised and they have a copy of everything that was on it, and act accordingly,” he said.
James said the incident made him rethink what he would do next time he travels out of Australia.
“I think what I’ll just do next time is as we fly into Sydney, I’ll just press the factory reset button on the phone and when they pull me up again, I’ll be handing them a fresh clean factory reset.”
Compromised means that they will have anything you put on that device after that point. Meaning it should go straight into the shredder and go buy a new one.
Doesn't matter if its factory reset or not, it needs to go in the trash
Re Australia, this is just the latest in a long list of many reasons I'll never go there. As someone else said, it will be interesting to see if tourism resumes or if most people will not risk trying to go their anymore given their recent behavior
I'm talking about things like the Assistance and Access bill, data retention laws, the lack of usefully constitutionally protected rights, border policies like this, state governments banning basically harmless gel blasters while paintball remains legal, the bizarre online privacy law changes around the "eSafety Commission", efforts to ban cash transactions of $10000 or more, the currently underway efforts to "reform" the surveillance legislation giving them powers to modify data and take over accounts of anyone as they see fit (since theres no oversight mechanism beyond "trust we do our jobs")... the entire damn country has gone beyond "nanny state" and is getting worse every time I look at it...
But I'm still not seriously considering moving... Pre-Brexit I would have been seriously looking at moving to the UK by now since I'd probably have just spent most of my time in the rest of the EU and could avoid the worst of the UK's eccentricities... But Brexit... The USA remains a non-starter due to the insanity that is healthcare in the USA.
I know there are lots of insurance shenanigans I'm probably glossing over, but I still wouldn't rule out the US on the grounds of healthcare if you have a good job / career
And I didn’t talk to much about Canadian healthcare because I know it’s more fair but I know it varies from province to province so it’s not really consistent.
The US is on their way to the same sort of tyranny don't get me wrong, but AU seems a few steps ahead
Australia doesn't have enough people, wealth, or apparently the political will to oppose China.