17

The New York Times had a front-page article today: Traveling Light in a Time of Digital Thievery, aka "Electronic Security a Worry in an Age of Digital Espionage".

Former director of US national intelligence Mike McConnell is quoted as saying

“In looking at computer systems of consequence — in government, Congress, at the Department of Defense, aerospace, companies with valuable trade secrets — we’ve not examined one yet that has not been infected by an advanced persistent threat.”

It notes that many high-profile organizations require their employees to take extensive precautions when traveling to China, Russia and other countries that have been implicated in advanced attacks. That includes, e.g.:

  • traveling with "loaner devices" which are wiped pre- and post- travel, rather than their own cell phones or laptops
  • disabling Bluetooth and Wi-Fi
  • never typing a password
  • and, in meetings, not just powering off devices, but removing batteries "for fear the microphone could be turned on remotely"

It seems that using encryption might be problematic:

Both China and Russia prohibit travelers from entering the country with encrypted devices unless they have government permission.

and also notes that

When officials from those countries visit the United States, they take extra precautions to prevent the hacking of their portable devices, according to security experts.

Do these precautions make sense for people with access to info they consider highly sensitive? (Even the bit about removing batteries?) What else might people do?

Which countries have this sort of capability?

Of course I know that good answers require more careful analysis of the traveler's security requirements, plans while traveling, etc. etc. But a list of precautions to consider would still be helpful.

nealmcb
  • 20,544
  • 6
  • 69
  • 116
  • Sometimes I think you ask questions that you already know the answer to. :) – tylerl Feb 12 '12 at 04:40
  • 1
    taking batteries out? Sounds like an urban myth. How about wearing tin-foil hats? – Yoav Aner Feb 12 '12 at 10:07
  • @tylerl I certainly tried to share what I knew, but I knew I there was a lot I didn't know. And your excellent answer amply contributed to the holes! – nealmcb Feb 12 '12 at 16:55
  • Related: [Prevention measures against laptop seizure at US borders](https://security.stackexchange.com/q/88947/32746) – WhiteWinterWolf Jul 18 '16 at 10:01

2 Answers2

11

As far as travel precautions, the EFF has these recommendations for travelling to the US:

  • Carry as little data as possible over the border.
  • Keep a backup of your data elsewhere.
  • Encrypt the data on your device.
  • Store the information you need somewhere else, then download it when you reach your destination.
  • Protect the data on your devices with passwords.

This is because of the often-discussed US Customs policy giving themselves permission and responsibility to examine all incoming devices (and data on these devices), including computers, cell phones, etc. But it's not unreasonable to assume that most other high-profile countries will follow similar procedures. Canada, for example, has a documented history of searching incoming devices specifically for pornography.

But the threat isn't limited to governments examining data on your devices. There have been a number of cases of Customs officials placing monitoring/tracking software on transiting computers, such as this example by the German government: German Governments admit spyware was theirs

Again, it is reasonable to assume that the practice is more widespread than has so far been discovered.

And with that background, we move to cell phones. Recall this case where a judge published a statement that the FBI's established practice of remotely turning on cell phone microphones to monitor conversations was indeed legal. One important paragraph from the article:

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery.

Therefore, if you don't want eavesdropping then remove the batteries from all nearby cell phones. This applies not only to phones that have transited a customs border, but also any phones that have operated within a potentially snoopy country (which includes pretty much all of them) as remote monitoring software can potentially be installed covertly over the cell network.

Finally, don't forget the value of Truecrypt hidden volumes. The plausible-deniability is helpful when dealing with governments. It works even better with media that you would expect to be FAT formatted, such as flash media. In fact, it wouldn't be a bad idea to put your REAL operating system on the hidden partition of your camera's memory card (put a few dozen boring pictures on the visible portion of the card for good measure). Then on the computer's real hard drive, just put a fresh OS install that you never use anyway.

tylerl
  • 82,225
  • 25
  • 148
  • 226
  • Excellent info! But note that as I read it, these apply to people of all nationalities going in either direction over the border - e.g. they could keep a laptop from a US citizen exiting the US for a *"brief, reasonable" amount of time to be searched on- or off-site, ordinarily not more than five days."* regardless of whether they have reason for suspicion. Yikes.... – nealmcb Feb 12 '12 at 17:25
7

I can confirm that removing the batteries before meetings is really done in some organizations. It is at least partially sensible, in that battery management might be handled by a dedicated very small CPU which cannot be switched off otherwise: I have an old Mac laptop -- a G4 iBook -- where such a dedicated unit is called the PMU (Power Management Unit). Strangely enough, the PMU also handles some other peripherals such as the trackpad, and, on some systems, is linked to the keyboard. If such things happen on an old laptop, it is conceivable that newer smartphones also embed such small processing units which cannot be switched off.

Also, when the first iPhone were sold, there have been some stories about people who brought them abroad, and got tremendous bills because of roaming prices. It turned out that the iPhone would regularly check for new emails, even if "turned off". Apparently there was no way to really "shut down" an iPhone without opening the case.

So while the recommendation of removing the battery sounds paranoid, there is some logic behind it. Personally, I would rather have all the meeting participants put their mobile phones in a box stored outside of the room; this seems simpler and even more secure.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • 1
    Thanks for the iPhone info! As for telling people to store their phones outside the room - how could they trust that the phones would be safe? I suppose they could try to use some clever box with shared-secret crypto - do such things exist? But it seems like a bigger risk. Next we'll find spy phones with dual batteries, so you can take one out.... – nealmcb Feb 12 '12 at 16:59
  • 2
    @nealmcb: if the meeting must be protected from eavesdropping, one might assume that it occurs in a room with some physical security, i.e. in a guarded building. I have been part of meetings held in a building where you were supposed to give your phone to a policeman who was guarding the lobby. – Thomas Pornin Feb 12 '12 at 17:03