{"id":7160,"date":"2020-01-05T14:30:36","date_gmt":"2020-01-05T12:30:36","guid":{"rendered":"https:\/\/forklog.media\/?p=7160"},"modified":"2020-01-20T02:00:15","modified_gmt":"2020-01-20T00:00:15","slug":"how-to-protect-your-crypto-wallet-during-phone-search","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/how-to-protect-your-crypto-wallet-during-phone-search\/","title":{"rendered":"How to Protect Your Crypto Wallet if Someone Searches Your Phone?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">We all keep a lot of personal information on our phones and obviously don\u2019t want to share our correspondence, cryptocurrency wallets, or contacts to become a part of the public domain. Nonetheless, in some cases, authorities can ask you to provide full access to your device.<\/span><\/p>\n<p><!--more--><\/p>\n<p><span style=\"font-weight: 400;\">Is this even legal? Can you refuse to give your phone to law enforcement? How can you protect your cryptocurrency wallet? Let\u2019s find out.<\/span><\/p>\n<h2><strong>Who Can Search My Phone?<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Any country deems the state border as a source of ongoing danger. So visa\/passport\/customs control services usually have more rights to invade your personal space and search your belongings. Statistically, they do more searches than any other law enforcement agency.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The border control authorities in the U.S., Canada, China, and Israel are legally entitled to search the digital content on your devices. If you refuse, they may deny your entry. The customs officers analyze your social media posts, history of calls, browser history, look through your messages, photos, videos, and text documents. But, what\u2019s important, even though they are entitled to search the data stored on your device,<\/span><b> they have no right to search through data stored in cloud or third-party web services<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The available <\/span><a href=\"https:\/\/www.oig.dhs.gov\/sites\/default\/files\/assets\/2018-12\/OIG-19-10-Nov18.pdf\"><span style=\"font-weight: 400;\">data<\/span><\/a><span style=\"font-weight: 400;\"> suggests that in 2017 alone customs officers in the U.S. searched through 30 thousand devices, which was 58% more than in 2016. Considering that the U.S. border is crossed 400 million times a year on average, the searches account for 1 in 13,000.<\/span><\/p>\n<h2><strong>What Information Can They Access?<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">As lying to officials or forcefully resisting them is obviously a bad idea, let\u2019s consider the situation when you had to give your phone to the searching party.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">First of all, if your phone is not encrypted, the chances that the data will be retrieved one way or another are nearly 100%. Many Android and Windows Phone devices have a service mode allowing one to download all data via regular USB connection. This also works for most devices working on Qualcomm (HS-USB mode that works even if the uploader is blocked), on Chinese smartphones on MTK (MediaTek) Spreadtrum and Allwinner processors (if the uploader is unlocked), and with all LG smartphones (their service mode allows to retrieve data even from a \u2018bricked\u2019 device).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But even if the phone doesn\u2019t have a service backdoor, they can retrieve data by dismounting the device and connecting to JTAG service port. If even that doesn\u2019t work, they can remove the eMMC chip, and put it in a simple adapter working on the protocol similar to the one used with SD cards. If the data were not encrypted, the searching party can retrieve anything, including authentication markers that grant access to cloud storage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Kurt Opsahl and William Budington of Electronic Frontier Organization <\/span><a href=\"https:\/\/www.youtube.com\/watch?v=HsGZKrjRYZI\"><span style=\"font-weight: 400;\">claim<\/span><\/a><span style=\"font-weight: 400;\"> that customs officers may have special equipment designed to retrieve data from your gadgets in a fast and efficient fashion. Usually, they employ Cellebrite devices that can copy even deleted information as shown below. In some cases, they can retrieve data even from blocked smartphones.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If they make a backup via Android Debug Bridge from your phone, here is what they will be able to access:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">WiFi passwords and system settings.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Photos, videos, and all contents of internal storage.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Installed apps (APK files).<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Data from apps that support backups (including authentication markers).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Another Android vulnerability is the abundance of unsafe methods of unlocking collectively known as Smart Lock. Nobody can prevent the customs officer from making a photo of your face or pressing your finger to the fingerprint sensor. Sometimes they can even use a copy of your fingerprint if there is one in their database. Make sure that there is no other way to unlock your phone than to use a passcode or, if possible, a password (preferably strong). If you use a password, you should opt for combinations of big and small letters, special symbols, and numbers. If it\u2019s longer than 16 symbols, it\u2019s even better. For instance, it will take a modern computer more than 200 years to guess P#$$M&gt;Rd_wR1443N_c0Wpl1c4^3D. Use services like GenPas to generate complex passwords randomly.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">iPhone users are much luckier. If they use the newest iOS and never performed a jailbreak, it would be impossible for customs officers to retrieve data. The only method they could use is to make a backup via iTunes or special app like Elcomsoft iOS Forensic Toolkit. If you don\u2019t want that to happen, lock your backups with a password. This option is available as Encrypt iPhone backup at the time of writing.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you want to protect your passwords, disable Keychain and iCloud keychain on your phone. The passwords will be deleted from the device and won\u2019t use ones stored in the cloud until you activate the service again. Browser history and search history are deleted in a similar fashion. Please note, however, that the browser history will remain in iCloud for at least two weeks after that. If you don\u2019t want anybody to access it, disable data sync with the cloud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, you could disable iCloud completely. This is not preferable, however, because it will also deactivate iCloud Lock and Find My, which you would need in case someone steals your device.<\/span><\/p>\n<h2><strong>How Can I Protect Data on a Non-encrypted Android Device?<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">If the phone is not encrypted and backup is allowed, you can install TWRP, a custom recovery, reboot in it, make a Nandroid backup of system and data folders that contain the OS your data\/apps respectively, remove the backup from the phone (it will be stored in TWRP on a memory card) and upload it to a cloud (for example, Dropbox).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Then reset the phone to factory settings, link it to a fake account, install some apps, use some passwords you don\u2019t care much about in the browser, and altogether make an impression of an actively used device. Then reboot in TWRP again, make a backup and upload it to the cloud again.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As a result, you will have two backups: your real system and a fake one. All you have to do is restore the fake system before your journey, pass the border, and then restore the basic system. Everything up until the locations of icons on the screen will remain the same.<\/span><\/p>\n<h2><strong>How to Encrypt My Gadget?<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">If you prefer not to risk entering the grey area described above, activate Full Disk Encryption (FDE) on your Android gadget and switch it off. When you turn it on again, it will ask you to enter a password even if it usually gets unblocked with a fingerprint. If you have an iPhone, you also can activate FDE and delete encryption keys. This operation is built-in restoring the device to factory settings. After the search, all you have to do is connect to a WiFi network, restore the phone once again, and download your backup from the cloud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So, if you want to authorize with your AppleID, you will have to have the second authentication factor with you (for instance, the SIM card for the trusted phone number). Otherwise, you won\u2019t be able to enter your own account and iCloud data.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, keep in mind that encryption may take a few hours. You will not be able to use it during that time.<\/span><\/p>\n<h2><strong>Laptop Encryption<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Use FileVault for Apple OS X devices (it encrypts the entire disk). Apple\u2019s website contains <\/span><a href=\"https:\/\/support.apple.com\/en-us\/HT204837\"><span style=\"font-weight: 400;\">detailed instructions<\/span><\/a><span style=\"font-weight: 400;\"> for its use.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Professional versions of Windows (Enterprise, Pro, Ultimate Edition) have the built-in software BitLocker. For other cases, use VeraCrypt. At present technology level, it will take 40 years to decrypt the data encrypted by this software.<\/span><\/p>\n<h2><strong>Two Kinds of 2FA<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Two-factor authentication provides additional protection of your accounts in social networks, messengers, email, Google, Apple, and iCloud. All manufacturers and developers recommend that you use it in all cases.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Most services offer 2FA via SMS. However, certain mail services allow for an app that automatically generates temporary codes (for example, Google Authenticator). It is safer than SMS confirmations that can be interceded upon transmission. You can set up the generator of codes in Gmail\u2019s Security tab.<\/span><\/p>\n<h2><strong>Use Secure Messengers<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Telegram and Signal are considered the most secure, even though Telegram is often criticized for its encryption mechanisms.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Telegram, however, has secret chats that are not stored on servers and can self-destroy. Select the user you want to talk in private, tap on their userpic and select Start Secret Chat. You cannot create secret chats for groups or make calls through one. If you need both, Signal is your choice. It completely encrypts all data transferred between users.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Both messengers have Android and iOS apps as well as apps for personal computers (note that desktop version of Telegram doesn\u2019t have secret chats). Both apps are free but you might want to enhance security using in-app settings.<\/span><\/p>\n<h2><strong>Email encryption<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">You may use PGP to encrypt your letters: it encrypts messages prior to sending and only the owner of a special password can read them. Even if your letter is intercepted, nobody would be able to read it. Neither the FBI nor the CIA was able to read PGP-encrypted letters so far.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Alternatively, you can use Peerio. It\u2019s easier to use than PGP and enables full encryption of data. Peerio has iOS, Android, and Windows versions as well as a Chrome plugin.<\/span><\/p>\n<h2><strong>Cryptocontainers<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Cryptocontainer is a logical disk whose file structure is usually similar to the OS\u2019s structure. When it\u2019s open, you can record all kinds of files there. To conceal them, just dismount the cryptocontainer. If you want to see your files again, you will have to use a previously created key or password.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When it\u2019s dismounted, other people won\u2019t even notice it exists. All data you have there will be securely hidden from prying eyes.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">On top of that, decryption here is impossible without the key, and creating special utilities capable of hacking the encrypted disk is too expensive, and even then their efficiency would be dubious.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The most obvious advantage of this method is the option to create a \u201cdouble bottom\u201d cryptocontainer. If there is one, you can freely give the key to the searching party. Whatever is in the hidden chamber will remain unknown and invisible to anyone until the second password is entered. It is impossible to detect the presence of the hidden part with either software or hardware.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This method, however, is not perfect. If you forget the access key, you will never open the container. A faulty encrypted file will never be restored. The only thing you can do in this case is make a backup elsewhere. Additionally, files are recorded into the container much slower than you may have become accustomed while working with regular disks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">At the time of writing, Google Play has the following apps for encryption:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">LUKS Manager;<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">EDS Lite;<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Cryptonite;<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">CyberSafe Mobile.<\/span><\/li>\n<\/ul>\n<p><b>LUKS Manager<\/b><span style=\"font-weight: 400;\"> is the oldest file encryption software for Android. It uses AES algorithm and supports EXT2\/4 and FAT32 file systems. The volume of the encrypted container is limited only by the storage of your phone. It encrypts files \u201con the go\u201d and is easy to use (encrypted containers work as regular folders). On the other hand, the software requires root rights for its operation and does not support TrueCrypt, which is a de-facto standard solution for most desktop platforms.<\/span><\/p>\n<p><b>EDS Lite<\/b><span style=\"font-weight: 400;\"> does not need root rights and supports TrueCrypt. It uses AES 256 and SHA-512 algorithms. Nonetheless, you cannot encrypt files \u201con the go\u201d and work with encrypted containers similarly to regular folders. There is a built-in file manager that supports all file operations, though. For example, you can create an encrypted container in EDS Lite or TrueCrypt, open it in the file manager and copy all the files you need encrypted.\u00a0<\/span><\/p>\n<p><b>Cryptonite<\/b><span style=\"font-weight: 400;\"> is in beta right now. It supports cloud storage but requires Android core to support Kernel FUSE, which is not available on every Android phone.<\/span><\/p>\n<p><b>CyberSafe Mobile<\/b><span style=\"font-weight: 400;\"> can sync cryptocontainers with Google Drive which enables one to work with the same data array on different devices. The app does not require root rights until you try to mount the container in a certain folder. The app also enables one to exchange encrypted files with other users and to encrypt any folders in Google Drive. Its downside is that you have to pay for it as the free version limits the length of your password just to two characters.\u00a0<\/span><\/p>\n<h2><strong>Breaking Into Cryptocontainer<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Bruteforce attack (simple guessing of passwords) is one of the most obvious ways to break into a cryptocontainer. However, if your password and encryption algorithms are good enough, it will take hundreds of years for standard computers. That is not the case for quantum computers, however: it will be able to crack the code within days. Still, it would cost millions of dollars and therefore is quite unlikely to be used against a regular person.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The most efficient protection against brute force is onion encryption where data is encrypted several times with different passwords. For example, first, you encrypt files with TrueCrypt using algorithm 1, and then with AES Crypt with algorithm 2.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For regular users, dictionary attack is way more dangerous. Basically, the software uses a password database and checks each of them. It\u2019s a simple and cheap attack compared to brute-force. The success of this attempt relies on the quality of the database and depends on password strength. The method of protection here is fairly simple: your password shall not be in the database. And if you randomly generate a password of 50 characters or more and use an encryption key, the hackers won\u2019t stand a chance.<\/span><\/p>\n<h2><strong>Thermorectal Cryptanalysis<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">This is a pseudoscientific way of describing a soldering iron up someone\u2019s rectum put there to get the information through torture. Generally, this method of extracting passwords is about forcing the person to give them away through physical or psychological pressure or threats, which in some cases may include imprisonment, torture, blackmail, and other highly unpleasant experiences.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This method sadly can break any algorithm and password, but there are still ways to protect the valuable data.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The first of them is about physically destroying the way to access data. You can place the key to a cryptocontainer on an SD card and in case of trouble, just smash it, throw away, or even eat (which is not recommended for obvious medical reasons). If the key is destroyed, there is no way to access the data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Double-bottom containers described above are also an efficient way of not giving away valuable information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, you can use professional software and hardware for emergency erasure of data. Push a secret panic button to destroy containers and keys without any chance for restoration alongside with browser history and other \u201cfootprints\u201d of your actions.\u00a0<\/span><\/p>\n<h2><strong>Forensic Analysis of RAM<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Analyzing RAM is a standard forensic practice. Law enforcement uses special software to dump RAM and then scrupulously study it in search of valuable artifacts like encryption keys. To protect your data against that, just activate the automatic cryptocontainer dismounting option and enable automatic removal of keys from RAM after a certain non-active period.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You also can use Panic Button software: it can delete all data from random access memory after a non-active period.<\/span><\/p>\n<h2><strong>Spare Key Hack<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">If you run full encryption of your Windows system, the encryption keys are automatically saved on Microsoft Account, while macOS encryption keys are automatically stored on iCloud. If someone accesses your account, they may decrypt all data on the hard drive. So if you want to avoid that, disable the option of saving the key when encrypting the system.<\/span><\/p>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Always remember that customs or police officers can always interpret the law to their own benefit. On top of that, they have a well-known collection of ways to make you do what they want.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Of course, lying to customs officers is not only unethical and illegal but also silly. It could escalate the situation from a hindrance to a real problem within seconds. Using protection methods described here would be much wiser. Remember: nobody can retrieve something that isn\u2019t there. But there are always ways of getting a password from you.<\/span><\/p>\n<p><strong>Follow us on <a href=\"https:\/\/twitter.com\/forklogmedia\">Twitter<\/a> and <a href=\"https:\/\/www.facebook.com\/forklogmedia\">Facebook<\/a> and join our <a href=\"https:\/\/t.me\/forklogmedia\">Telegram channel<\/a> to know what&#8217;s up with crypto and why it&#8217;s important.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We all keep a lot of personal information on our phones and obviously don\u2019t want to share our correspondence, cryptocurrency wallets, or contacts to become a part of the public domain. Nonetheless, in some cases, authorities can ask you to provide full access to your device.<\/p>\n","protected":false},"author":5,"featured_media":7145,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[148],"class_list":["post-7160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-security"],"aioseo_notices":[],"amp_enabled":true,"views":"612","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/7160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=7160"}],"version-history":[{"count":8,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/7160\/revisions"}],"predecessor-version":[{"id":7872,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/7160\/revisions\/7872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/7145"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=7160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=7160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=7160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}