Alissa Azar1d ago

Seeing a lot of “how to prepare” type posts for ICE at airports, which is great… but almost every post I’m seeing has said to turn off biometrics (great) and turn your phone off completely while going through security.

As someone who has been given an insanely difficult time at airports the past 3 years, please don’t rely on turning your phone off alone. It might work for some people, but I’m not allowed past security without showing all of my electronics turn on, and they have to remain on until I get through.

I have quite a few posts detailing my experiences. If it’s helpful I can try to dig them up and reshare. I know it won’t be the same for everyone, but what I go through is pretty intense and maybe getting an idea of some of the things they do will help.

Show threadDavid Fleetwood - RG Admin1d ago
@alissaazar Do they force you to unlock the phone? If not then it's still encrypted even when you turn it on.
Show threadLukefromDC15h ago
@reflex @alissaazar "Force" by what means? Waterboarding? It is no harder to defy a demand from a cop to unlock a phone (ALWAYS an illegal demand) than it is to defy a grand jury subpeona.
Show threadDavid Fleetwood - RG Admin15h ago

@LukefromDC @alissaazar I don't really understand what you are getting at here. I'm just referring to the difficulty of dumping info from the device. The reason people say to turn off a phone is that the file system remains encrypted until the user signs in (ideally via PIN). Having to turn on your device does not make it easier to hack if you don't sign in.

Yes of course if they choose torture that's something very different than the technical point I'm making.

Show threadLukefromDC15h ago

@reflex @alissaazar The point to turning the device OFF is to remove the disk decryption key from RAM, and let the contents of RAM decay to unrecoverability (cold not warm reboot) over a few minutes.

When the phone is turned back on, it's at "before first unlock" which can only be breached by a brute force attack of trying passphrase after passphrase trying to score. Strong passphrases are computationally impractical to brute force.

If you do NOT turn the device off at all however and have unlocked it, relocking it puts it at "after first unlock" which is far less secure on most devices. On some not all devices Cellbrite can fish the disk keys out of RAM in this case.

Turn it off, and just a few minutes later it is safe to turn it back on just don't unlock it.

Show threadDavid Fleetwood - RG Admin
@LukefromDC @alissaazar That's what I've been saying. Interesting point on giving it a few minutes before power on, I was under the impression DRAM lost data in microseconds, but apparently some configurations vary. Good to know, thanks!
9:54pmWeb