Cell Phone OPSEC for Border Crossings

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones.

Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available?

We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power.

Tags: , ,

Posted on April 1, 2025 at 7:01 AM67 Comments

Comments

Andrew Benhase April 1, 2025 7:30 AM

Bruce, I always carry a burner phone. If they ask, I hand it to them powered off. The phone is legit but nothing on it.

Make sure your real phone is in lockdown mode for Apple. Very important. As I was once reminded in Canada, when Border Police was going through my phone, “there is no 4th Amendment here…” – I never made that mistake again.

https://www.linkedin.com/pulse/consider-lockdown-mode-overseas-travel-andrew-benhase-hl6qe?utm_source=share&utm_medium=member_ios&utm_campaign=share_via

Smoutwortel April 1, 2025 7:50 AM

During border crossing or high risk situations the cloud can actually help.
Put your sensitive data on the cloud delete the relevant app and app data and set it up again after the high risk situation passes.
Also always give your phone fully powered down(and preferably after it has been in that situation for several hours) to the interrogators.
Keep as little as possible wifi networks on your phones(tip switch your home network to openwifi.org)(they can trace you by the networks your phone requests)
If traveling across borders don’t take your simcard with you and buy one on location.

Anonymous April 1, 2025 8:09 AM

Connect with Dan at GrapheneOS. He’s been working in this space for many years.

Chris xc8 April 1, 2025 8:11 AM

Are there easy ways to delete data—files, photos, etc.—on phones
so it can’t be recovered?

probably, some solution is to install Termux (on Android) – has “shred” and “srm” (secure-delete) packages , just just point the terminal to your storage area and mass delete anything with max passes – or make a script that will wipe those areas, some issue is there may be thumbnails somewhere, you need to find those files and shred as well.

Faux French Spy April 1, 2025 8:39 AM

For border crossings: there is more than one way to skin the cat.
One way is to have all your data on a tiny micro SD. Recently I got a real good fancy one for about a 100 bucks – 1TB. Make sure you have an adapter with you – micro SD to USB C for iPhones. Carry a steel mug for your drink with you. Make sure it’s the kind of tumbler that comes with the rubber/styro/foam anti-burn grip that goes around the thermos. Sneak the micro SD 1TB under the rubber grip. Scan will not detect it since the thermos is metal/steel. Carry the thermos with you if they let you? If they run it through X-Ray machine they might see the SD Card. There are a million ways to sneak a Micro SD across the customs, most likely all of them better than the one I supplied above. At your destination, restore the iPhone from micro SD, then once no longer needed, delete everything from micro SD and iPhone before going to Airport for your return home trip. This assumes you have your micro SD data backed up somewhere back home.

Paul Sagi April 1, 2025 9:21 AM

Likely there will be a market for phones that irretrievably wipe all data after a few failed password attempts.

K Campbell April 1, 2025 9:28 AM

The SIM suggestion above is a good one if you have an old phone. However, newer models operate with an eSIM.

If you think that your iphone will be confiscated, always turn it off completely so that it will require the passcode and not only facial recognition to reboot.

When going through border crossings, disable facial recognition so that you control when the phone is unlocked.

Alan April 1, 2025 9:29 AM

Many recent phones have encrypted storage and the key is wiped on factory reset. But it depends on the phone.

Smoutwortel April 1, 2025 10:03 AM

Purely locally stored keys for full disc encryption is in IOS an opt-in feature.

Smoutwortel April 1, 2025 10:09 AM

@Donald
All Sim cards are uniquely numbered, transmit this number and a bunch of other stuff to everybody who claims to be a cellphone tower, also they have full root over your device and nobody is allowed to restrict it(combi of patents, frequency and contract law).

Damien Sorresso April 1, 2025 10:13 AM

On iOS, Erase All Content and Settings will rotate the key hierarchy used for the data volume (the system volume is not encrypted) and disassociate the device from your iCloud account. Everything that was on there will be rendered unrecoverable. This will not impact cloud backups of anything, but that’s not the threat model here.

More precise information for iOS can be found in Apple’s platform security guide.

TimH April 1, 2025 10:39 AM

For iphone, do a backup and then delete all the apps like signal, clear messages, and deassociate the email. Restore at destination.

Clive Robinson April 1, 2025 11:34 AM

@ Bruce,

April 1st not a good day to ask,

“We need answers for both iPhones and Android phones.”

Whilst iPhones all more or less work the same way, that is certainly not true for Android phones where a manufacturer “customizes” not just above the OS but below the OS as well.

But “solid state memory” is a bit problematic, as a general rule of thumb you can not “erase files” on it due to “wear leveling” that still goes on even though reliability is a lot higher than it once was.

My advice in the past and still is today, that when you cross a boarder, assume the following will happen (actually rarely unless you are a PoI),

1, Your phone will get taken from your view and scanned and malware added.
2, A record of your ID/Passport will be matched to SIM and Phone serial numbers and put on record.
3, A record of your various bio-metrics like face scan finger prints etc likewise will be linked.
4, Within 24hours your data will get sucked up from data brokers to use in evaluation and interviews.
5, Any “social media will be scanned for political views.

You won’t be able to clean your phone up so just throw it away…

So my advice is,

1, Don’t take any electronics across a boarder.
2, Buy cheap non smart when you get there or have it delivered by the likes of Amazon.
3, Have either a traditional pocket diary/phone-directory with “essential numbers”.
4, Put all your other contact details and document scans up on a web mail or similar account.

When you leave factory reset the phone and computer and either chuck them in a refuse bin or just give it to someone to use. In some places just give them to a charity so they get reused.

However since Win10 getting a computer up and running without the Internet and a Microsoft spy-on-you account is not as easy as it once was.

Further you can nolonger just walk into a corner shop and pick up a Linux Magazine or book with a “Live-CD/DVD” on the cover.

Especially with laptops with CD/DVD players getting less and less common.

But there are things like “Rufus”,

https://rufus.ie/en/

To “pop an OS on your thumbdrive” or smaller (though phones are nolonger having memory card slots as standard).

Put bluntly the “Spy-On-You” Criminals, Corps, and Governments are winning the technology battles against ordinary mortals who travel across boarders and raise “curiosity”. Simply because consumer devices are cheaper to make without them…

I have the (dis)advantage that medically I’m a “no fly” these days, so don’t get to meet the sort of “Customs and Immigration” that do these sorts of things (just Law Enforcement). But I do have friends that run into them a couple of times a year…

So I’ve “de-tech’d” my life for walking around etc.

Clive Robinson April 1, 2025 12:01 PM

@ Paul Sagi, ALL

With regards,

Likely there will be a market for phones that irretrievably wipe all data after a few failed password attempts.

There was and there still is, as some people like lawyers, Medics, Religious Ministers have a “legaly recognised duty of non disclosure” and many working Professionals have a legally binding contractual duty of “Non-disclosure”.

However if you listen to just,

1, Law Enforcement
2, Politicians
3, Civil Servants
4, People with cognitive bias
5, The MSM who reflect them all

Then the only people wanting it are Serious Organised Crime or Worse.

Thus Law Enforcement quite unlawfully set up companies providing such phones which then get “cross boarder surveillance” with little or no oversight through “Mutual Legal Assistance Treaties”(MLATs).

Look up EncroChat and earlier Australian / FBI devices.

I advise against anyone using “secure apps” on Phones or Smart Devices that have any kind of Communications externally.

Because they form “part of a system” and most of that has so many “weak links in the chain” any security in the app is easily bypassed.

Worse such Apps are the equivalent of “bullseyes on your back” and just inviting trouble. Even WhatsApp is viewed with suspicion by Law Enforcement looking for an excuse to make your day worse (or week under anti-terror legislation, or just bounce you back by deporting you at your own expense).

Winter April 1, 2025 12:19 PM

Here is some advice for wiping Android “safely”. Nothing for piecewise deletes.

How to wipe Android phone safely & completely – 4 options
‘https://www.appgeeker.com/android-unlock/erase-wipe-android-phone.html

To ensure that you can 100% erase all data and wipe your Android phone totally clean, and no one can restore your data, check whether encryption is activated. Starting with Android 6.0 Marshmallow, Android has been encrypting user data on virtually all Android phones out of the box for many years now—as long as a screen lock (PIN, pattern, password, biometrics) is set up, which means that even if someone recovers your data, they won’t be able to decrypt it.

When you are considering wiping your personal phone, I suggest to not bother and take a brand new burner phone when you cross borders. Best with a new eSIM.

Having Social Media accounts with your real name and real opinions is a bad idea if you visit adversarial countries.

I saw a nice strategy explained for people who have to take digital security very seriously. They would procure a simple smartphone with some random SIM card. But they would use a virtual phone number for all communications. The SIM number is only used to get online and the number is best never recorded or memorized, and never ever used to make or receive a real call or SMS, and frequently replaced. If necessary, they could use this “burner” phone as a wifi/bluetooth/cable hotspot and have their sensitive material on a separate device without a SIM card. The separate device would only go online by way of a VPN or Tor.

Such a setup makes it “somewhat” easier to carry an unremarkable phone with plausible use history without exposing the real stuff. Whatever data is needed can be put somewhere reachable, eg, at a home disk, if necessary.

Who? April 1, 2025 12:50 PM

The real issue with both cell phones and [not so] recent computers too, is solid state storage. Wear leveling techniques can make recovering data from SSDs a nightmare in case of accidental loses but, at same time, it makes classical file removal techniques (like overwriting files before deleting them) useless, so there is no easy way to permanently remove anything from that storage media.

Peter A April 1, 2025 1:02 PM

@Faux French Spy:

If you go the micro SD card way, do not hide it in a “clever” place, this would make you a target. Hide it in an “accidental” place, in which it could have been genuinely misplaced. For example, tear a hole in your jacket’s internal pocket, squeeze the card through the hole and bury it in the lining close to some metal parts like the zip.

Of course the card shall not contain anything easily visible and actionable. Put a lot of old family photos on it. Then hide whatever is important but small (like a passphrase to an online stash of your real data) in all this clutter, using appropriate mix of cryptography, steganography, hiding in plain sight, etc. etc.

Who? April 1, 2025 1:03 PM

My advice? Use open-source operating systems as the foundation for de-Googled phones, encrypt them, destroy encryption keys before traveling, and never use your cell phone for some activity that may compromise you (at least, never travel with a phone that may have been used for something you do not want to became public).

@ Andrew Benhase

There may not be 4th amendment in U.S. borders (I would extend this concept to anything inside these borders too), but they must obey the mathematical laws.

As I said a lot of times, do not trust governments or corporations, trust only on the laws of mathematics.

@ Bruce

And it’s not just the US; the world is going to become a more dangerous place to oppose state power.

I would like to think otherwise… but I can’t.

My activities, developing a software tool that encrypts communications and is widely used since two decades ago, will make me be jailed at some point. But I will be glad if I am jailed for defending privacy and freedom of speech, or any other human right.

Who? April 1, 2025 1:07 PM

And now that I mention this software project… it is based on a country that is currently being menaced by Donald Trump; if this country becames U.S. not-so-free land in the near future, I am sure we will fight against imposed backdoors and made public any NSL received.

wiredog April 1, 2025 1:08 PM

WaPo has some advice here:
https://wapo.st/43ABkFN

They conclude with:
Don’t just take a wiped phone: If you are especially worried about your data, you may think about wiping your phone or computer entirely before a trip and restoring from a backup later. However, a nearly blank device can create its own problems.

“That itself can raise suspicion. You are not a normal person; you don’t have any extra apps or whatever,”

lurker April 1, 2025 1:19 PM

It’s a sad commentary on modern life that
a) people are so wedded to their devices that they must carry them across borders, and
b) governements have made people afraid to carry their devices across borders.

Maybe the objective is to dissuade people from crossing borders?

Peter A. April 1, 2025 1:27 PM

@lurker:
and:
c) governments have made people afraid not to carry their devices across borders, or else they may be suspected of mischief of not being a “normal” person.

And the objective may well be as you wrote, it is much easier to milk corralled cattle.

Darklighter April 1, 2025 1:33 PM

On iOS, the average user should enable Stolen Device Protection. Before any sort of security encounter, holding the lock button and either volume button together for two seconds will deactivate biometric security and require PIN unlock. The extra cautious can also set their phone to erase after 10 failed PIN unlock attempts.

Who? April 1, 2025 1:33 PM

@ wiredog

“That itself can raise suspicion. You are not a normal person; you don’t have any extra apps or whatever,”

Most people on this forum is far from being normal persons (and it is really good). 😉

I agree, an empty device is something that will raise suspicion without doubt. But the best they can do is accusing us of being very private persons.

BCS April 1, 2025 2:19 PM

I suspect the only reliable policy is to assume that everything you can get off digital media you are carrying will be available to whoever you deal with. Trying to hide something or make it inaccessible seems like an invitation to problems.

If I had reason to assume hostile intent, I’d consider showing up with nothing but a dumb phone where the only thing I’ve ever done with it is verify it works by calling someone who is already publicly known to be connected to me.

If I want to be really paranoid, if it ever leaves my sight it goes directly in the trash.

That said, that kinda falls apart if you actually need access at the other end to something that that you want to prevent the people on the way from getting access to. But that kind devolves to the same problem as security transferring between people who haven’t physically met (but with the people being the same person).

Clive Robinson April 1, 2025 4:49 PM

@ ALL,

But it’s not just border crossing you have to worry about

How about any doorway?

You step out of your home and you get seen by your or your neighbours Amazon or similar doorbells as you open the door.

Than you get seen by many more and street CCTV, traffic and even parking cameras, not to mention all the insurance companies getting all excited about surveillance in your car and of all the other cars around you. All watched by what they hope the next Generation of AI will bring them which is ways to whack you with double or triple the premiums or deny claims (just as is starting to happen in healthcare).

Then there is surveillance in the places you work, shop, eat, and even excercise.

All,

“For your health and safety…”

And triple the profits for half the costs…

But are you safe behind your front door?

Of course not… Which is why people are talking out about it,

“Privacy died last century, the only way to go is off-grid

From smartphones to surveillance cameras to security snafus, there’s no escape”

https://www.theregister.com/2025/03/31/privacy_dead_opinion/

Let’s just say talking about “Going Off Grid” to get “Privacy” was untill fairly recently seen as “paranoia talking” now not so much. Especially when even your Fridge demands to be connected to the Internet, and your TV has a microphone and camera in it to see and hear what you are doing as you watch what ever it is you watch.

Oh and don’t forget your “Smart Meters” that can tell not just what you are using but again for some of it what you are watching or listening to…

Then there is all those WiFi and Bluetooth transmitters being used as “RADAR” system emitters knowing when you “scratch your bum” etc.

The way things have become even knowing what hand you wipe your backside or pick your nose with can be “monetised”… And yes no doubt how often you belch or emit other gasses is on somebody’s list… Gross yes, but if there’s profit, it is without doubt “The American Way” to grab it…

Julia Clement April 1, 2025 6:08 PM

If you are going to travel to a country and you have ever criticised their president for life, leave your phone at home.

When immigration or customs requests your phone just say “Sure, it’s on my bedside table at home, I’d be really grateful if you could pick it up for me & bring it here.” When they ask why it’s there “I was in a rush to get to the airport for my flight and didn’t realise until I was there I’d left it behind”

Once through customs, buy a cheap burner phone & just use it for keeping in touch with loved ones.

World of Labels April 1, 2025 8:17 PM

@Clive,
you are 100% in everything you listed above. Let me add that the Electricity/Power Usage Meters can tell a lot as well, when you are awake, when you’re sleeping, and on and on… and so the only way to be somewhat “Off Grid” is to leave everything behind and move into some remote mountains but Drones are everywhere, as are Satellites picking up just about everything. And since most people are just “followers” hence the term “sheeple” – most will have/crave the latest gadgets with flashy colors and not care that they are the actual product and if you dare to go “low tech” or “off grid” you will be labeled as a “recluse” “socially awkward” “anti-social” and will stand out and become even a greater target of a wanna be government “Sherlock Holmes” or a wanna be Purple Heart recipient drooling to catch a foreign spy where there is none, whereby destroying an entire American Family – welcome to ideho.

Doug April 1, 2025 8:30 PM

Can’t speak to android, but powering off an iPhone dramatically increases the difficulty of penetration. Of course, you can’t use the global entry app then, but your card and passport will work just fine.

Criminal Leeches in the Government April 1, 2025 9:56 PM

@Pika for you and for me,
that must be a buhznyan feature in mormonistan… ya gubment leech… try private sector and see how “far” ya get…

Paranoid April 2, 2025 12:09 AM

Burner. Powered off. Passwords only, no biometrics. It should only contain the basic information you need for traveling. Everything else should be secured online (I like 1password for its travel mode) to be retrieved later only if necessary. It is useful to memorize a magic wormhole phrase or two to retrieve an encrypted bootstrap for your data remotely.

ResearcherZero April 2, 2025 12:34 AM

Don’t get your hopes up, lawful intercept will remain operational. The layoffs will only take place at the NSA and the CIA, likely with additional vulnerabilities in the system.

Legal services will be cut to the bone and controversial cases avoided like the plague.

‘https://www.washingtonpost.com/national-security/2025/03/31/elon-musk-cia-doge/

Gabriel April 2, 2025 2:01 AM

An alternative could be to use a remotely accessible virtual smartphone.

Existing products in this domain do not advertise often this use case, which is a compelling one I believe, in favor of development and testing use cases.

Such a system has plenty of nice privacy features. The implementation I made allows the user to isolate groups of apps from each other, away from the local hardware sensors, which become available only when the virtual phone is accessed. The virtual device can be consulted from any client: web browser or native app on a phone or laptop.

The limitation of this solution is network availability, which is, in practice, not a necessarily a deal breaker : it depends on the offline use cases you must support.

lurker April 2, 2025 2:13 AM

@ResearcherZero

That wapo aeticle has a photo.
You don’t need to guess who is the guy not in a suit.

ResearcherZero April 2, 2025 2:17 AM

I don’t travel with a phone. If I really need one then I will purchase a device if necessary. Drive encryption is only really secure if the device is powered off.

Avoid taking food and other bio hazards through customs, as that may also draw attention.

Wearing a cardigan and shuffling about, while using polite and old fashioned terminology is a vital skill for passively negotiating your way out of trouble or into aged care. No one can remember that you were there or used the phone, only that you were polite on account of the constant references to cows, farming and the weather. Polite people com from farms. 😉

One essentially tool is travel insurance and enough money to survive if you end up having to stay longer than intended. The United States delivers a vitally important free weather forecast service that is used by both maritime and air services to plot and adjust their courses. Given the current circumstances, avoiding injury and bad weather conditions may be a little more difficult than anticipated, as another thousand jobs are cut from America’s weather services. Planes and ships do have radar but it does have a limited reach.

Even if America’s weather agencies are not broken up and privatized, the damage already done has lead to the consolidation of local branches and a lowering in the quality of capabilities that many regional areas depend upon. Air traffic and port control will also be impacted, which may lead to more near misses, collisions and mistakes. That too goes for the FAA and borders and customs. You might well be misidentified due to poor data or mistakes and miscommunication. More AI in the system will only exacerbate mistakes and serve as a form of deniability, allowing those normally responsible to all pass the buck.

Daisy L. April 2, 2025 2:52 AM

Schneier’s border crossing opsec advice is characteristically thorough, but the recommendation to simply ‘turn off your phone’ undersells modern forensic capabilities. As a security consultant who’s testified in border device seizure cases, I’ve seen CBP’s Cellebrite tools extract data from ‘off’ iPhones up to 72 hours post-shutdown via remnant charge in memory chips (see 2024 DEFCON demo). The article’s Faraday bag suggestion works, but only if activated before entering the 100-mile border zone – we’ve documented RFID sniffers in airport limo services.

Three underdiscussed mitigations:

Burner Authenticity – Buy prepaids in the destination country; US border agents catalog IMEIs of phones sold near crossings

Biometric Triggers – Set FaceID to require attention (disables passive scanning) and register a nondominant hand’s thumb

Encrypted Ephemerals – Use Signal’s ‘disappearing messages’ set to 1hr for all travel-related chats; local backups defeat the purpose

The real vulnerability isn’t the device, but the 72-hour window post-crossing when travelers re-sync cloud data. A client’s iCloud restore triggered a secondary inspection after auto-downloading ‘sensitive’ PDFs that were never on his physical phone.

Question for security professionals: Should we be advising travelers to remove their primary SIM and disable eSIM functionality given the new CBP eSIM cloning kits spotted at SFO?

Derek van Pelt April 2, 2025 2:56 AM

In reply to Andrew Benhase:

It is true that Canada has no “fourth amendment,” but it does have something similar under the Canadian Charter of Rights and Freedoms, specifically in Section 8, which states:

“Everyone has the right to be secure against unreasonable search or seizure.”

To be fair, the Canadian courts are more generally likely to go along with government claims of reasonableness, but the legislation is there.

You are correct to understand that at the border specifically, CBSA gets a lot of leeway: searches of electronic devices like phones and laptops can be done without a warrant or reasonable suspicion.

Anonymous April 2, 2025 3:45 AM

In some jurisdictions you are legally required to unlock your phone on certain occasions like “when policeman asks you to”.

It’s one thing to resist targeted analysis at well defined and predictable checkpoint.
It’s a different thing to resist a random check by amateur.
And yet another to resist targeted analysis when we can’t predict it.

It’s nice that we have some techniques to thwart the first. The second is about as easy, but different. The last one is hard.
Each has a value to someone.

Rubberhose-resistance techniques come to my mind for preventing the second. Have 2 different unlocking pins. If you use one, you enter your regular profile. If you use the other, a fake one appears.

Winter April 2, 2025 4:05 AM

@Gabriel

The limitation of this solution is network availability, which is, in practice, not a necessarily a deal breaker : it depends on the offline use cases you must support.

AFAIK, very modern mobile phone has a hotspot function. Go online via a VPN and that hotspot so the acquired phone cannot snoop. You can buy one, borrow, one or bring a burner phone/hotspot.

Clive Robinson April 2, 2025 4:13 AM

@ ALL,

Is your phone really locked?

It’s a question you should consider and when you know the answer think why and what you can do.

The answer is basically “NO” and the reason is the conflict due to the marketing requirements for “user loyalty” etc. This puts the priority of,

1, “Experience v Security”
2, “Complexity v Security”
3, “Efficiency v Security”
4, “Availability v Security”

In turn well over to the left, away from “Security”.

With traditionally “Availability” for ‘Tangible’ ‘physical hardware’ being comprised of,

5, “Mean Time To Fail”(MTTF)
6, “Mean Time To Repair”(MTTR)

Thus,

Availability = MTTF / MTTR

So the design objective is to make MTTF be as long as possible and MTTR be as short as possible.

But what of ‘Intangible’ ‘nonphysical information’ that is the data and methods of programs / software?

Well the idea is similar from a 20,000ft view to that of hardware but how you actually go about it is different and where many resulting edge and corner cases become vulnerabilities waiting for an exploit to be developed.

Before the whole “minus ring” hidden hypervisor nonsense ‘became a thing’ the primary concern of a computer system was “staying up” in “a usable” condition. Which gave rise to the notion of a ‘Host OS’ that was perpetual and all powerful. With ‘user software’ treated like a proto-cancer to be excoriated harshly and exorcised viciously at the first signs of trouble, in order to save the Host OS.

Now consider the question of ‘edges and corner cases’ in user software caused by ‘internal errors and external exceptions’,

“What to do about them?”

Well it’s not practical or possible to write “business logic” to “correctly handle” each and every one inside every piece of user software.

So the solution is to ‘abort it up the software stack’ through various layers of abstracting handlers toward the OS. The down side being due to the ways hierarchies work each step up is generally a position of more power over the system.

From this it can be seen that you can,

“Fail-abort up to root.”

And all that gives you.

As a rule of thumb during software development and testing there is usually some kind of “abort” command built in, in a fairly fundamental way, in the software to save “human time”. Sometimes the abort is designed to “crash dump out” and sometimes “drop into a debug mode” with command mode or potentially both.

The classic example to attack is the user access control system.

Be it the login program or a screen saver it’s a,

“Short route to root from secure”

In my past I’ve had no end of success finding failings in user access control systems, I’ve even mentioned some of them on this blog in sufficient detail in the past.

But all to often just “rapidly typing” or “typing whilst rapidly mousing” would get you to a root level command line because “input overflow” was incorrectly handled, likewise other things like OS Sigs.

But not all “aborts” are designed as aborts and that is where trouble really starts.

Take a mobile phone “lock screen” what do you do when an SMS or Phone Call comes in?

How about when an “Emergency call” has to be made (regulatory requirement ’emergency calling’ should always be possible’ no exception…).

Usually you change the lock screen state and in the process pass control to another program that is not designed for access control.

If you get your timing right you can abort to the console from inside that other program.

For example now it’s been fixed in versions of Android six and later (and as such has became public knowledge)… Previously it was possible to jump out of the lock screen into the phone application via “emergency dial” and you could by doing an “input overflow” with the “*” digit break out of the phone application into the equivalent of the unlocked state…

Sounds easy, but it takes a certain degree of dexterity at speed to pull off.

Similar happens when you get the timing right on incoming calls or SMS or similar “alerts” to incoming communications.

But as the say about comedy,

“Timing is everything…”

This is a “general attack methodology” and most OS’s fall foul of it in some way which is why I like it as an attack method. Even for those very long in the tooth grey beards that remember the paragon of security as banks viewed it VMS had just such an error…

Thus the less popular an OS is, the more likely it is to have one you can find, and the more popular an OS the more likely it is to have been found by someone.

Which just leaves the question of,

“What colour is their hat?”[1]

Mine is still a nice Royal blue or drab olive green 😉

[1] Once due to “Spy -v- Spy” we used to talk of black v white then grey… which then all took on a different meaning since “fifty shades of grey” happend just after the “naughties” in 2011.

ResearcherZero April 2, 2025 4:51 AM

@Daisy L

There have been a number of eSIM attacks. It may be possible to perform SIM Swapping attacks because there are no reliable ways for providers to authenticate them ATM. Various attacks could be performed by MitM. If the attacker can gain access to the storage partition where the keys are stored then it might also be possible to clone an eSIM.

There were also DoS attacks that can jam reception requiring SIM disabling/removal and device restart to restore connectivity, so I assume a combination of attacks could also be employed. I would not be surprised if someone was selling hardware to aid such methods.

‘https://hackhunting.com/2024/12/31/esim-vulnerabilities-lead-to-sim-swapping-attacks/

@ALL

I should also note the weather service also works closely with the U.S. military.
Many implications exist if someone was silly enough to attempt to privatize it.

‘https://councilonstrategicrisks.org/2025/03/05/noaas-critical-contributions-to-us-national-security/

anonymous April 2, 2025 8:19 PM

@Who?

I want to take a second to thank you for everything you have done for the world.

Since you said it’s a 20 year old project, maybe it might be Gnupg. Everyone has benefited immensely from it.

Paul April 2, 2025 10:37 PM

If u trust the cloud, encrypt everything u need and put it there, download it when u get to destination.

If u don’t trust the cloud, new phone that you use for a while in parallel but keep anything sensitive out of it (it would raise suspicion having a phone with very little meta traces on it) and fill it with random data (preferably an older phone with sd card support)

Encrypt (from rar password to truecrypt and so on, at the end of the day Bruce is the og here so he knows better) the sensitive file/s and throw it on the phone with a lot of media, videos photos, music clips and so on
Have a program that u download full and unpack on it helps because u can “hide’ the info between the other archives.

Get u a camera, film a bunch of everything and save it on sd cards.
Be sure to have full programs installers and folders with the installer unpacked on those sd cards.
Games too, especially cracked ones so is a reason to have archives.
The very encrypted archive can be placed there.

P.s. do not have a txt file with sensitive info on sd card, encrypt it on sd card and then delete the file.
Use another media to encrypt and move just the encrypted product there.
Be sure the password is at least 25 characters and includes a bunch of special ones preferably in other languages so in case of brute force dictionary nobody knows that the body of my password contains the word bruce in tatar language that is брюс.

I assume in case someone is a “target” they will not use encase or pegasus but still they have their ways to find out.

Russel Brooks April 3, 2025 4:39 PM

Phone? No idea, leave your phone at home and take a burner with you on the trip I guess.

Laptop? Take a Chromebook with you. Powerwash it before leaving and only login via the Guest login. The powerwash is a factory reset. The good thing about Chromebooks is they don’t keep much data on them so you can just start a VPN and access your stuff online.

Chromebooks can be really cheap but watch out for old ones no longer getting updates. They can be cheap enough that you can just abandon one if necessary.

Clive Robinson April 4, 2025 8:07 AM

@ Paul, ALL,

With regards,

“… it helps because u can “hide’ the info between the other archives.”

Err no, it’s more likely to help you into further interrogation.

Files and information build up on a storage device in recognisable patterns it was likened to “geological strata” or “anthropological strata”.

I more generally explain it less accurately “like an odd game of Tetris”.

In effect those who have your devices “can dig back” and look for inconsistencies in patterns in the filesystem that give other patterns that give further “probative evidence” against you.

The filesystem data is technically “Meta-Data” but the “patterns” are “Meta-Meta-Data” which is a concept many have trouble getting their heads around, even if they are aware that it or even it’s concept exists.

There is little written about this type of Meta-Meta-Data and its analysis, but at the foundation levels it is a lot like “Traffic Analysis” (which it is a proper subset of when considered logically or mathematically).

What you have to understand is that,

1, The patterns they look for can be found by automated systems thus do not require an “expert to operate”.

2, You have no idea which patters they look for, and you are probably unaware of them as they will get treated as at a minimum “trade if not state secrets”.

3, Your ability to synthesise such patterns even if you know all of them is minimal at best[1].

4, It would be very very easy to make a mistake, with just one file content that gives a sequence that falsifies the pattern you have tried to synthesise.

Thus you would do better to do the equivalent of,

“Build a new system from backups”

Where the backup system “restore” orders files by a “file system attribute” such as “file creation time” or “last access time” with an “oldest first” ordering.

If asked you just need to say “new laptop” etc. Because the pattern it produces is a form of “optimal” layout on mechanical hard drives that were used by “tech support” for years.

Microsoft even built a variation into that venerable old tool “defrag” in Dos 6,

https://www.easydos.com/defrag.html

We used to regularly for non NTFS drives[2],

Prep a new drive even if “new and fresh out the box”,
1, Secure Wipe new drive.
2, Low level format new drive.
3, High level format new drive.

Protect user data on old drive,
4, Make secure bit-level backup.
5, Make secure File level backup.
6, Put backups in secure storage.

Then prep the user old drive
7, Remove “sensitive files”.
8, De-Tail files on old drive.
9, De-cruft the old drive.

Then secure user old drive
10, Defrag the old drive.
11, Take File only backup.
12, Remove old drive and secure.

Finally “make good”,
13, Instal secure new drive.
14, Restore File only backup.

Which as you can see is an involved process and all to easy to miss a step, thus hang yourself.

What it does not do, is clean the registry, or clean out all that meta-data in executables (think that drop down with last few files you accessed). Also it does not clean out the meta-data in actual files. Remember those old “as a favour to NSA and Law Enforcement” file data formats Microsoft created with so much data in them… Well now think of all those other proprietary file formats doing the same thing. Only some like “pictures” have it DRM style with “Constalation of EURion”,

https://en.wikipedia.org/wiki/EURion_constellation

Or much less visible “water marks” embedded into images that are encoded with ID numbers, Dates and in some cases GPS location data.

It’s all to easy to miss just one and again “hang yourself”.

[1] The Meta-Meta-Data process is a little like the statistical analysis of “ciphertext” to find clues for a cryptanalyst to either “recognize a cipher type” or “walk a cipher back”. For nearly a millennium it was known from a short work by Arab polymath and assumed Muslim Al-Kindi, in his “A Manuscript on Deciphering Cryptographic Messages” that letter frequency in a permutated ciphertext had the characteristics of the plaintext in it. Not often said is that,

“You do not need to break the ciphertext to find the language it is composed in and sometimes the region the message composer is from.”

Just from “counting the letters and patterns” which come through. The fact that the Germans used very stylised message formats and language in WWII greatly aided breaking their ciphered communications.

You have to view it as a “One Way Process” having something that indicates a pattern does not give you the original information. Because it’s a very many to one “cause and effect” issue.

But also because it is a “very many to one” issue you can not easily make a match to a set of pattern either.

[2] The reason we don’t “de-frag” drives these days is that they are mostly all “journaling file systems” and this causes all sorts of problems. NTFS was in part “journaling” hence why the “No NTFS” dictum. For modern journaling systems you can either “go back” to Fat-32 or do more fun stuff with *nix systems and things like the venerable “shell scripts” with awk and tar etc. Personally I designed a “fake file system” and coded it up in C, that was in fact a linked list based on the chosen “file attribute” scrubbed that list of “sensitives” then used that to walk out to a single file “as a file system” (or part there of) doing all the de-tail, de-cruft, file conversion, filesystem Meta-data clean up etc on each file as it passed.

Anonymous April 4, 2025 8:51 AM

Bruce,

All customer data on iPhones and related iOS-based devices including M-series Macs is physically stored in encrypted format. The keys for decryption of user content plane are only stored locally in an independently encrypted (with user secret) keybag that is physically deleted from a non-wear-leveled storage device when operation to clear user data and reset device is chosen from Settings app.

Steve April 4, 2025 12:28 PM

It’s perhaps useful to note that if you live or travel in the US within 100 miles of the border, US Border Patrol may stop and search you.

As I live in San Diego, I sometimes have to pass through border checkpoints on highways even though I have not left the country or even the state, including driving from San Diego to Los Angeles.

According to the ACLU, around two out of three people in the US live within 100 miles of the border[1].

[1] 100 Mile Border Zone

Lukas April 5, 2025 9:36 AM

  1. Have your data on your own secure NAS
  2. Access via Tailscale (or a similar mechanism – open-source/self-hosted options are available)
  3. Prefer apps that don’t store any data on the phone, e.g. an online-only note taking web app served from your NAS
  4. Remove Tailscale and all relevant apps when crossing border, delete your data
  5. Reinstall and retrieve your data after you’re safe

Kobie April 5, 2025 11:58 AM

I once powered my iPhone 16 with latest OS down to send it through the scanner. It was booting itself as it was coming out the scanner. For real.

Victor Serge April 5, 2025 1:46 PM

@Bruce, thanks again, I wish I had time to read this whole blog, but the very concern you express:

“…the world is going to become a more dangerous place to oppose state power”

is really valid at this end. In fact it has.

Consider your “rights and freedoms” subject to the thugs who dictate that

“using unspecified digital codes must not be transmitted for the purpose of obscuring the meaning of any communication.”
… law.cornell .edu/cfr/text/47/97.309

(in radio) Cell phones are a radio propagation.

As long as we submit willingly to monsters who bomb the daylights of completely innocent persons, and drug people in their sleep etc, we will have ZERO freedoms ourselves. It is a complete delusion to believe otherwise. Cell phones or otherwise.

This planet needs to be under a Repressed Centers of Power Protocol, WILLINGLY and revocably enforced by individuals who can choose their own path under God.

Clive Robinson April 5, 2025 5:19 PM

@ Steve, ALL,

Then there is another reason not to go anywhere near some borders,

As noted above,

“It’s perhaps useful to note that if you live or travel in the US within 100 miles of the border, US Border Patrol may stop and search you.”

It’s technically called “the border zone” and even as a citizen you might not have any rights (see below).

But as a foreigner trying to do things correctly you definitely have no rights…

Which even if there is “no question” you were acting within the rules when you crossed into the zone, or even yesterday, you are not today, or tomorrow etc…

We only get to hear of a fraction of what goes on in border zones around the world, for instance read not just about this individual but the hundreds of others they mention,

https://www.cbc.ca/news/canada/british-columbia/jasmine-mooney-ice-detainee-canada-mexico-border-work-visa-1.7501758

Note the advice about dealing with visa and other issues, on “your land side” of the border where you are a citizen it’s generally good advice. But it does not necessarily stop bad encounters with your own countries border force.

Remember even if told by an official of the other country you will have to go to an office on the “other side of the border” legally that is “the wrong side” untill all the paperwork is correct and all I’s dotted and T’s crossed. As you will have no idea what all the most current I’s and T’s are you risk being imprisoned endlessly with no rights what so ever…

Worse some nations are changing the border rules so fast even immigration lawyers or court officers can not keep up…

If you think such rule changing is “political mantra” you would very probably be correct.

Also remember some countries have “border zones” wider or longer than the country, so when you include airport surrounds effectively near every where is “border zone” thus even as a citizen you might not have rights if you get “picked up”…

Somebody I used to work with was an “EU citizen” and Pre-Brexit had rights in the UK. They got pulled by the UK Border force in East London on the way to work one morning. The Border Force assumed the person was from South America and detained them “indefinitely pending deportation” because they “did not have papers” to prove who they were…

The thing is the person “detained” though having spent much of their early life and formative years in Portugal was actually born in the UK…

They have left the UK now and gone back to Europe and the last time I spoke to them they felt safer there even though Fascism and Far Right Violence was very much on the rise…

Clive Robinson April 8, 2025 6:18 AM

@ Bruce, ALL,

First they came for the students
Now they come for their lawyers

I’d heard this was going on, but now there is a news article that can ve linked to.

A lawyer coming back from holiday was separated from his family and interrogated for an hour and a half or more by two alleged TTRS Agents who failed to identify themselves.

They demanded his phone and he refused and they would not say why they wanted the phone that contains information the lawyer has a legal obligation to keep confidential.

https://eu.freep.com/story/news/local/michigan/wayne/2025/04/07/lawyer-for-u-m-protester-held-at-airport-refused-to-give-feds-his-phone/82978891007/

Oh note the name of the DA who is trumping up false charges against the students. She has a reputation if you look her up and it’s not a good one, lets say I’d question her adherence to a duty of impartiality at the very least.

Peter A. April 8, 2025 11:21 AM

@Clive Robinson: there were similar things in the past, an U.S. citizen lawyer beaten at the border, falsely accused of ‘resisting’ and he had no option but an out-of-court settlement.

I feel like the whole word today is looking at Mr. V. V. P-n and taking him as a role model and his minions’ actions as examples to implement. Like being in the past an attorney of the already dead Enemy of State makes you the EoS yourself, etc.

Clive Robinson April 8, 2025 2:10 PM

@ Peter A., ALL,

There used to be a saying about the majority of working men,

“Strong of arm, Weak of brain”

It was mostly not true, because lack of education gave them little choice other than manual labour, or if lucky apprenticeship in a “trade”.

Also under the pre revolution French system there were the “covée” those selected from outside “the estates of man” to do “civic works” such as digging of ditches and cesses. Which by the 1800’s in Britain had become a profession of “navvy” (Navigator).

However there have always been the “Bierkeller thugs” who thinks with their fists first and last. In certain parts of England they were also called “bottle Covée” which became “cove” and became generalised for someone of a dark brooding disposition and short temper, with the inability to know when to quit. The sort who’s most often politest spoken words would be “Oi Your sitting in my seat”.

The thing is that such social laggards are seen as ideal tools in the eyes of some fools. Whilst not being smart enough “to be useful idiots” the laggards were very useful for oppressing organised labour and similar hence they would be used for “strike breaking” or “breaking political meetings” and to give authorities the excuse to arrest the wrong people.

The problem is those that employ them really have no control of them thus their use is not the thing someone with half a brain or more would do.

But then authoritarians can mostly not reason due to an innate self belief of being entitled above all others.

The other donald. April 15, 2025 7:29 AM

@Peter A

Of course the card shall not contain anything easily visible and actionable. Put a lot of old family photos on it. Then hide whatever is important but small (like a passphrase to an online stash of your real data) in all this clutter, using appropriate mix of cryptography, steganography, hiding in plain sight, etc. etc.

Ah, Tomb can do that.
https://dyne.org/tomb/

G August 6, 2025 5:38 PM

do NOT carry a phone.

pass the customs. buy a cheapo phone and sim.

then, get to internet to your email where you PREPARED in advance an email to every person you want to be able to be called.

put the temporary sim phone number in the email and send it.

people will be able to phone you, or message you to it.

reset that phone a few days before leaving the country. get to a post office and send that phone to your home address.

the sim card will be cut in four pieces and thrown into four different trashes in the cities on your last day of going around.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.