[dhsysusbsjsi]

If you have a modern iPhone and don’t want the crazy hacks, a very very simple but effective tip is to power off your iPhone when exiting the aircraft. When the device powers up it is in “before first unlock” mode and is severely restricted in what it can do. The attack surface area is significantly reduced. They’re not going to burn one of their $100,000 per install exploits on your BFU phone the same way they do with a full physical access unlocked paid exploit.

Also lockdown mode to reduce attack surface area.

[marcusb]

> If you have a modern iPhone and don’t want the crazy hacks, a very very simple but effective tip is to power off your iPhone when exiting the aircraft. When the device powers up it is in “before first unlock” mode and is severely restricted in what it can do. The attack surface area is significantly reduced.

From a comment in the article:

"Schneier’s border crossing opsec advice is characteristically thorough, but the recommendation to simply ‘turn off your phone’ undersells modern forensic capabilities. As a security consultant who’s testified in border device seizure cases, I’ve seen CBP’s Cellebrite tools extract data from ‘off’ iPhones up to 72 hours post-shutdown via remnant charge in memory chips (see 2024 DEFCON demo). The article’s Faraday bag suggestion works, but only if activated before entering the 100-mile border zone – we’ve documented RFID sniffers in airport limo services."

[jstasmltwngrl]

I shut down my macbook before coming back to Canada and the agent threatened to confiscate it for a year. I unlocked it because it was purely a principle thing and a new laptop would've been expensive.

[throw0101d]

For the record (for Canada):

* https://www.cbsa-asfc.gc.ca/travel-voyage/edd-ean-eng.html

[koolba]

From that link (emphasis mine):

> A CBSA officer will start with some questions before examining your personal digital device. To examine the device, the officer will first ask for the password. If the device is password-protected, they will write your password on a piece of paper. You are obligated to provide your password when asked.

> Note Failure to grant access to your personal digital device may result in the detention of that device under section 101 of the Customs Act, or seizure of the device under subsection 140 (1) of the Immigration and Refugee Protection Act or under section 110 of the Customs Act.

Well guess we’re not going to Canada again.

It also never mentions them destroying the written down password.

[throw0101d]

> Well guess we’re not going to Canada again.

Or Australia:

> Electronic devices held for forensic examination under section 186 of the Customs Act will be retained for no longer than 14 days, provided there is no content on any device retained which renders the device subject to seizure under Customs-related laws. If any device is subject to seizure, the examination of any associated retained devices may take longer than 14 days.

* https://www.abf.gov.au/entering-and-leaving-australia/crossi...

Or every other country.

You may be asked by a border agent from any country to unlock your electronic device.

Feel free to not unlock or give your password of course: every country has a law about confiscation and/or not allowing you in.

[HeatrayEnjoyer]

It's a border crossing, required unlocking of devices is common practice including especially by the US. National sovereignty is supreme and countries have the right to implement whatever procedures they deem necessary before permitting entry.

[koolba]

Unlocking of devices is distinctly different than “write your password on a slip of paper”. Even if they shred the paper, the room for sure has CCTV video recordings so they’ll have a copy there as well.

[xethos]

Good thing all of us here are following (and extolling) the advice to never reuse passwords, espcially when ones device is in an evidence locker and subject to controlled access by authorized personnel

[Muromec]

How do you know they didnt install a rootkit?

[angulardragon03]

Persistence in modern macOS is only really possible in userspace, as the OS partition is immutable. There are only a handful of places this is possible, which are fairly easy to detect.

Unless border agents are burning 0-days on random passersby, it’s fairly unlikely they installed anything persistent that can’t be removed.

[jstasmltwngrl]

He looked through my files in front of me.

[redeux]

I’ve always been mildly curious about this. When you say “looked through my files” what exactly do you mean? They opened finder and scrolled through the standard folders like downloads, documents, pictures, etc?

[yencabulator]

My laptop boots to a text-mode getty prompt, I wonder what would happen...

[nolist_policy]

Good point. This applies to Android as well.

[Muromec]

It's a good advice if you are citizen and cant be compelled to unlock the phone or be denied entrance for not consenting to search.

The good opsec in general, I think, is to comply, not have an obvious burning phone setup, but to have nothing capturing attention

[lordofgibbons]

They can still hold you for a long time (days?) at the border without being formally charged with anything. That's what I've been told, not sure how true it is. A Canadian entering the U.S was held for 2 weeks with no charges - not just a entry denial.