Cell Phone OPSEC for Border Crossings
35 comments
·April 2, 2025dhsysusbsjsi
If you have a modern iPhone and don’t want the crazy hacks, a very very simple but effective tip is to power off your iPhone when exiting the aircraft. When the device powers up it is in “before first unlock” mode and is severely restricted in what it can do. The attack surface area is significantly reduced. They’re not going to burn one of their $100,000 per install exploits on your BFU phone the same way they do with a full physical access unlocked paid exploit.
Also lockdown mode to reduce attack surface area.
marcusb
> If you have a modern iPhone and don’t want the crazy hacks, a very very simple but effective tip is to power off your iPhone when exiting the aircraft. When the device powers up it is in “before first unlock” mode and is severely restricted in what it can do. The attack surface area is significantly reduced.
From a comment in the article:
"Schneier’s border crossing opsec advice is characteristically thorough, but the recommendation to simply ‘turn off your phone’ undersells modern forensic capabilities. As a security consultant who’s testified in border device seizure cases, I’ve seen CBP’s Cellebrite tools extract data from ‘off’ iPhones up to 72 hours post-shutdown via remnant charge in memory chips (see 2024 DEFCON demo). The article’s Faraday bag suggestion works, but only if activated before entering the 100-mile border zone – we’ve documented RFID sniffers in airport limo services."
jstasmltwngrl
I shut down my macbook before coming back to Canada and the agent threatened to confiscate it for a year. I unlocked it because it was purely a principle thing and a new laptop would've been expensive.
throw0101d
For the record (for Canada):
* https://www.cbsa-asfc.gc.ca/travel-voyage/edd-ean-eng.html
koolba
From that link (emphasis mine):
> A CBSA officer will start with some questions before examining your personal digital device. To examine the device, the officer will first ask for the password. If the device is password-protected, they will write your password on a piece of paper. You are obligated to provide your password when asked.
> Note Failure to grant access to your personal digital device may result in the detention of that device under section 101 of the Customs Act, or seizure of the device under subsection 140 (1) of the Immigration and Refugee Protection Act or under section 110 of the Customs Act.
Well guess we’re not going to Canada again.
It also never mentions them destroying the written down password.
Muromec
How do you know they didnt install a rootkit?
angulardragon03
Persistence in modern macOS is only really possible in userspace, as the OS partition is immutable. There are only a handful of places this is possible, which are fairly easy to detect.
Unless border agents are burning 0-days on random passersby, it’s fairly unlikely they installed anything persistent that can’t be removed.
jstasmltwngrl
He looked through my files in front of me.
Muromec
It's a good advice if you are citizen and cant be compelled to unlock the phone or be denied entrance for not consenting to search.
The good opsec in general, I think, is to comply, not have an obvious burning phone setup, but to have nothing capturing attention
lordofgibbons
They can still hold you for a long time (days?) at the border without being formally charged with anything. That's what I've been told, not sure how true it is. A Canadian entering the U.S was held for 2 weeks with no charges - not just a entry denial.
nolist_policy
Good point. This applies to Android as well.
mvdwoord
This kind of article makes me sad, as why should we live in a world where we (or at least some people) need to even think about this.. maybe I woke up this morning in a foul mood, but honestly, the idea of even having to think about burner phones and "opsec" for traveling (or even just living) depresses me to the point where I will probably not do it at all, and if things go sour, I just accept my fate. Similar to the prepping advice currently given by the scaremongering news in the EU... (Have water, and an emergency radio!!).
Anyone else feel like this? I simply do not have any desire to live in a world where this kind of behavior is required.
nehal3m
I flail between being in awe of the convenience and possibility modern tech brings and rueing the day the transistor was invented. There was an article posted here called Digital Echoes [0] a few days ago and it describes the sort of murky feeling of using a black box to interact with the modern world, and how it leaves ethereal traces everywhere that you have no control over. Sometimes I feel like getting rid of that weird sense of dread is worth giving up convenience for, other times my lazy lizard brain wins.
Muromec
In a world or in a country? Its one specific country problem. Ive been to places and nobody ever looked into my porn browsing history so far
antonvs
> nobody ever looked into my porn browsing history so far
I like this idea. My burner laptop will open up to a bonanza of the most extreme but legal porn imaginable. Pop-ups and lurid ads everywhere, loud moaning, the works.
"Can I help you find anything, officer? What are you into? Why are you turning red?"
refurb
It's not one specific country.
In addition to the US: Canada, Australia, New Zealand, Germany.
I'm sure there are others as well.
decimalenough
I think the question and the answer conflate two very different threat models.
Back in the day, everything of interest was on the device, and to be search-resistant, it was necessary to encrypt and hide it well. And most answers still seem to assume this is the case.
Nowadays, though, almost everything of interest is stored in the cloud and what the cops/CBP/three-letter agencies want is the credentials to access those. Sure, you can make their life a bit harder by logging out of everything, so access is not completely trivial, but they can still stick you in detention (or worse) until you cough up your passwords, regardless of what is or is not on your device. And the only way around this is to never show up on their radar in the first place.
yoaviram
This is not true. Current CBP policy instructs officers to only inspect data residing on the device, not to probe your online accounts. Obviously any data loaded in apps that are already open when you hand over your phone are fair game, which is why the advice is to turn off the phone before handing it over.
Source: https://www.theguardian.com/technology/2025/mar/26/phone-sea...
shrx
> I think the question and the answer conflate two very different threat models.
Where is the answer? I only see the question (and comments section).
actionfromafar
Another take is to nurture a "tamagotchi" or "pet" phone (iPhone) at home, with some innocuous memes, following sports accounts and such. Bring that when crossing any border. Leave the "real" or "business" phone at home at all times. Of course, it's not a realistic solution for many people.
Bringing anything non-standard can be misinterpreted as, or worse, construed as something malicious.
The problem with an empty "burner phone" is, that can also look suspicious. Even if you have a receipt with you, they may wonder why you bought a new phone just for the trip. Lockdown mode seems even more suspicious.
Just don't stick out is unfortunately probably the best answer.
tzs
If you are entering a foreign country and they ask about your burner phone say that your normal phone is on a cheap plan that doesn’t support out of country service so you have a cheap burner for international travel.
If you are returning to your own country say it is because you didn't want to risk having your expensive phone stolen while abroad so you travel with a cheap burner.
antonvs
In that situation, don't refer to it as a "burner". Using that word is automatically suspect.
Keep in mind that they hear plenty of stories like this. What it amounts to is that you're trying to achieve plausible deniability even if they assume you're lying, i.e. don't give them any concrete basis for suspicion.
LadyCailin
Plausible deniability is probably the best answer. If you just tell them “no, I know my rights” if you get randomly selected, then you’ll get put on a list for being randomly selected every time. But if you appear to cooperate, you get let off entirely.
j16sdiz
> Does resetting a phone to factory defaults erase data, or is it still recoverable?
This is a easy one.
Both ios and android does the same thing -- the filesystem is always encrypted, factory reset discards the decryption key.
On macOS and windows, that's encryption by default. (yes, bitlocker is the default now)
This is pretty standard nowadays.
Linux, otoh, don't usually do the encrpytion.
Borealid
Every non-gaming-focused Linux distribution offers a checkbox for encryption during the OS install process. Many of the gaming-oriented ones like Bazzite do too.
When checked it uses cryptsetup and the full disk is encrypted.
wobfan
It's offered, and I think for quite some time already, but it's not default. So it's not wrong to assume that most installations are not encrypted. I think.
vanschelven
The (sad) answer would seem to be: if you don't understand it, don't attempt it.
Given the authority of the author of the post this approach would seem to be necessary for almost everybody.
1oooqooq
the normalization of "in soviet russia" jokes. what sorry state we live in.
null
sipofwater
[flagged]
GrapheneOS offers good OPSEC against Cellebrite: https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
This comment, at the end of the thread, is particularly interesting:
My Pixel 6 was confiscated by the German police after a political rally. I was recently able to pick it up again. From an inquiry with my lawyer, the following emerged: The authorities tried to read the device with both UFED4PC and Cellebrite Premium Touch. In addition, software from other forensic providers was used without success. The software did not succeed in breaking the system. The device was in BFU mode and had a 30-digit PIN. USB port was deactivated. As of March 2025, I can therefore say that it is not possible for Cellebrite to break a secured GrapheneOS.