Hacker News new | ask | show | jobs
by zaptheimpaler 1469 days ago
So apparently travelers have no legal obligation to provide their passcodes to the officers. Yet,

"If a traveller exercises their right to refuse to provide a passcode, their device can be taken from the border and given to the ABF's digital forensic team for examination."

So the alternative is not having access to your phone for at least 14 days. Losing access to your phone today is huge.. no 2FA codes means you're probably locked out of many services even on a PC. Not to mention this forensics team has access to software that can break smartphone security.

So there is effectively 0 choice. If they want to search your phone, they WILL search it.

I guess the only safe way to store private info is online, encrypted and ideally on your own servers.
1 comments
CPAhem 1469 days ago
And while they've got your device, in Australia, the government can legally install rootkits on your phone or laptop without informing you.
link
DoItToMe81 1469 days ago
IT employees can be legally obligated to sabotage or backdoor projects, too. Very nasty.
link
sakerbos 1468 days ago
Would a factory reset remove these root kits or backdoors?
link
randomhodler84 1468 days ago
Hypothetically? Not necessarily as an attacker can stage malware in places that will survive a factory reset. Eg: Malware can live in firmware; or recovery volume not wiped in Factory Reset. An extremely resourced attacker could write malicious microcode to your CPU. Can’t reset that.

Realistically? it means CoTS gov grade malware like gamma finfisher etc, which should die when all persistent flash or disk storage is reset.

Practically, I would guess that it’s whatever the capabilities of Australian malware vendors are shipping feature wise for the products you are trying to protect.

“It depends on your threat model”.

link