undefined | Better HN

0 pointstoomuchtodo10y ago0 comments

> All bets are off if the iPhone is power-cycled. Best bet if you're pulled over by authorities or at a security checkpoint is to turn off your iPhone (and have a strong alphanumeric passcode).

Excellent advice. Even better, if you're about to pass through US customs and border patrol, backup the phone first, wipe, and restore on the other side. Of course, this depends on your level of paranoia. I am paranoid.

0 comments

jellicle10y ago

If you're paranoid, making a complete copy of all your secrets on some remote Apple or Google "cloud" where the government can get at it trivially is the exact opposite of what you want to be doing.

sb05710y ago

If you're paranoid, you don't have a cell phone.

ska10y ago

Or you have several, and send them on trips without you, etc.

sounds10y ago

Well, yeah, if you back it up with a 3rd party backup tool, you are trusting the 3rd party.

I recommend you make a backup to your laptop, which you then encrypt manually. That way the trust model is: you trust yourself. Then you can do whatever you want with the encrypted file. Apple's iCloud is perfectly fine at this point.

The real challenge is to find a way to restore that backup, because you have to be on a computer you trust. If you decrypt the backup on a "loaner" laptop, your security is broken.

If you decrypt the backup on your personal laptop but the laptop has a hidden keylogger installed by the TSA or TAO, your security is broken.

It would be necessary to backup the phone on the _phone_ _itself_. Then manually encrypt the file (easy to do). Then upload to iCloud. At this time, no such app exists for iOS.

Since you plan to restore the backup to the phone anyway, it's no problem to decrypt a file on the phone before using it for the restore.

baddox10y ago

> I recommend you make a backup to your laptop, which you then encrypt manually.

You mean your laptop that was manufactured by a 3rd party, with a network card that was manufactured by a 3rd party? And you're using encryption software that, even if it's open source, you probably aren't qualified to code review. I'm not downplaying the benefit of being careful, but unfortunately you can keep doing that pretty much forever.

grecy10y ago

All laptops and cameras entering the US are subject to search and seizure.

hutattedonmyarm10y ago

Well you can make an encrypted Backup via iTunes (that would involve firing up iTunes though shudders)

nevir10y ago

There's a reason Google decided to encrypt all communication between machines inside their datacenters.

lorenzhs10y ago

Are you sure it's not just communication between data centres?

evgen10y ago

Probably not. FB is doing the same thing. In most cases your app or service does not actually know if the remote service it is talking to is local or in another DC. Yes, you can find out if you need to, but that requires contacting another service and introduces some delay and latency. Use a service router to try to keep the calls local to a rack or a DC, but you know that if there are problems with local cells you might get routed across the country so start with the assumption that _all_ connections get encrypted even if the connection is to localhost.

katbyte10y ago

backup ==> zip/rar => encrypt with pgp or whatever => split => upload various parts to different cloud storage providers => wipe device => pass checkpoint => download => combine => decrpy => uncompress => restore.

its not trivial, but its sure easy to do in this day and age.

greggman10y ago

What data is likely on someone's phone that is not also in the cloud one way or another?

marssaxman10y ago

I wonder this too. The only personal data on my phone are my text and email messages. I'm not sure how other data would get onto the phone.

FussyZeus10y ago

Wiping the phone doesn't help you. Using the strong password renders the information inaccessible, at least as inaccessible as your phone backup is. Touch ID isn't re-enabled until the phone's passcode is used. Presumably if the authorities have access to your phone's memory they also have access to your laptops, and neither will do them any damn good.

And it's paranoia if there's a legitimate threat, that's just called due diligence. ;)

guscost10y ago

> Touch ID isn't re-enabled until the phone's passcode is used.

Do the docs confirm that there is no way around this? I'd guess generating the encryption key requires the passcode, which is discarded immediately, and Touch ID can only "unlock" a temporarily re-encrypted version which never leaves ephemeral storage?

zaroth10y ago

From the iOS Security Guide - How Touch ID unlocks an iOS device;

  If Touch ID is turned off, when a device locks, the keys for Data Protection class
  Complete, which are held in the Secure Enclave, are discarded. The files and keychain
  items in that class are inaccessible until the user unlocks the device by entering his
  or her passcode.

  With Touch ID turned on, the keys are not discarded when the device locks; instead,
  they’re wrapped with a key that is given to the Touch ID subsystem inside the Secure
  Enclave. When a user attempts to unlock the device, if Touch ID recognizes the user’s
  fingerprint, it provides the key for unwrapping the Data Protection keys, and the
  device is unlocked. This process provides additional protection by requiring the
  Data Protection and Touch ID subsystems to cooperate in order to unlock the device.
  The keys needed for Touch ID to unlock the device are lost if the device reboots
  and are discarded by the Secure Enclave after 48 hours or five failed Touch ID
  recognition attempts.

1 more reply

FussyZeus10y ago

TouchID I believe unlocks the passcode so the phone can use it to login, but TouchID itself is not enabled until you enter it once, presumably because it isn't actually stored on the device in a readable way.

guscost10y ago

OK, I guess the effect is the same (as long as the passcode isn't recoverable until after startup). Thanks.

i2shar10y ago

Could the "code equivalent" of your fingerprint be stolen by a rogue app if it's allowed to read it? I don't have a touchId phone but have wondered what would happen if your "print" is stolen -- passwords can at least be changed.

FussyZeus10y ago

Speaking as an App Developer, we cannot touch stuff like that. We're allowed to ask Touch ID to verify things and process the results, but we don't actually get to use the Touch ID system. It's similar to how the shared keychain is used: We can ask iOS to do things, but then must handle any one of many possible answers. We don't actually see your fingerprint in any way.

Now Cydia and 3rd party stuff? I have no clue.

rimantas10y ago

iOS itself does not see fingerprints, it refers to SE.

1 more reply

deegles10y ago

Can non-US citizens be coerced into giving up their passcode?

jonathankoren10y ago

Depends on if they're at a border crossing or in the interior of the country. Laws apply to citizens and non-citizens alike. If you haven't been admitted to the country, about the most they can do is turn you away at the border checkpoint and put you on the next flight back to your home country.

gonzo10y ago

and if you're a citizen of the country you're trying to enter...

ganeshkrishnan10y ago

Then the TSA drops a paper clip while you bend over and pick it up

tptacek10y ago

No, at least, not by the DOJ, and not for any use in a court of law.

schoen10y ago

We wrote about this in our border search guide and concluded that there is a risk of being refused admission to the U.S. in this case (in the border search context) because the CBP agents performing the inspection have extremely broad discretion on "admissibility" of non-citizens and non-permanent residents, and refusing to cooperate with what they see as a part of the inspection could be something that would lead them to turn someone away. (However, this is still not quite the same as forcing someone to answer in the sense that they don't obviously get to impose penal sanctions on people for saying no.)

noir_lord10y ago

One reason I'll never visit the states.

If I absolutely had to I just wouldn't take a phone/laptop with me.

ghshephard10y ago

" they don't obviously get to impose penal sanctions on people for saying no"

I wonder if there is any negative effects associated with being refused entry by a CBP? Could it be the case that if you are refused entry once, that in the future they will be more likely to refuse you entry? If so, that's a fairly significant penalty/power that the CBP person has.

1 more reply

j / k navigate · click thread line to collapse

0 comments

jellicle10y ago

If you're paranoid, making a complete copy of all your secrets on some remote Apple or Google "cloud" where the government can get at it trivially is the exact opposite of what you want to be doing.

sb05710y ago

If you're paranoid, you don't have a cell phone.

ska10y ago

Or you have several, and send them on trips without you, etc.

sounds10y ago

Well, yeah, if you back it up with a 3rd party backup tool, you are trusting the 3rd party.

The real challenge is to find a way to restore that backup, because you have to be on a computer you trust. If you decrypt the backup on a "loaner" laptop, your security is broken.

If you decrypt the backup on your personal laptop but the laptop has a hidden keylogger installed by the TSA or TAO, your security is broken.

It would be necessary to backup the phone on the _phone_ _itself_. Then manually encrypt the file (easy to do). Then upload to iCloud. At this time, no such app exists for iOS.

Since you plan to restore the backup to the phone anyway, it's no problem to decrypt a file on the phone before using it for the restore.

baddox10y ago

> I recommend you make a backup to your laptop, which you then encrypt manually.

grecy10y ago

All laptops and cameras entering the US are subject to search and seizure.

hutattedonmyarm10y ago

Well you can make an encrypted Backup via iTunes (that would involve firing up iTunes though shudders)

nevir10y ago

There's a reason Google decided to encrypt all communication between machines inside their datacenters.

lorenzhs10y ago

Are you sure it's not just communication between data centres?

evgen10y ago

katbyte10y ago

its not trivial, but its sure easy to do in this day and age.

greggman10y ago

What data is likely on someone's phone that is not also in the cloud one way or another?

marssaxman10y ago

I wonder this too. The only personal data on my phone are my text and email messages. I'm not sure how other data would get onto the phone.

FussyZeus10y ago

And it's paranoia if there's a legitimate threat, that's just called due diligence. ;)

guscost10y ago

> Touch ID isn't re-enabled until the phone's passcode is used.

zaroth10y ago

From the iOS Security Guide - How Touch ID unlocks an iOS device;

  If Touch ID is turned off, when a device locks, the keys for Data Protection class
  Complete, which are held in the Secure Enclave, are discarded. The files and keychain
  items in that class are inaccessible until the user unlocks the device by entering his
  or her passcode.

  With Touch ID turned on, the keys are not discarded when the device locks; instead,
  they’re wrapped with a key that is given to the Touch ID subsystem inside the Secure
  Enclave. When a user attempts to unlock the device, if Touch ID recognizes the user’s
  fingerprint, it provides the key for unwrapping the Data Protection keys, and the
  device is unlocked. This process provides additional protection by requiring the
  Data Protection and Touch ID subsystems to cooperate in order to unlock the device.
  The keys needed for Touch ID to unlock the device are lost if the device reboots
  and are discarded by the Secure Enclave after 48 hours or five failed Touch ID
  recognition attempts.

1 more reply

FussyZeus10y ago

guscost10y ago

OK, I guess the effect is the same (as long as the passcode isn't recoverable until after startup). Thanks.

i2shar10y ago

FussyZeus10y ago

Now Cydia and 3rd party stuff? I have no clue.

rimantas10y ago

iOS itself does not see fingerprints, it refers to SE.

1 more reply

deegles10y ago

Can non-US citizens be coerced into giving up their passcode?