{"id":17166,"date":"2017-02-10T16:28:41","date_gmt":"2017-02-10T21:28:41","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=17166"},"modified":"2017-02-11T11:33:11","modified_gmt":"2017-02-11T16:33:11","slug":"protecting-your-data-at-a-border-crossing","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2017\/02\/10\/protecting-your-data-at-a-border-crossing\/","title":{"rendered":"Protecting Your Data at a Border Crossing"},"content":{"rendered":"<p><a href=\"https:\/\/www.zdziarski.com\/blog\/?p=6918\">Jonathan Zdziarski<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.zdziarski.com\/blog\/?p=6918\"><p>Obviously, you want all of your devices encrypted and powered off at the border. There are plenty of ways to access content on devices (even locked ones) if the encryption is already unlocked in memory.<\/p><p>[&#8230;]<\/p><p>To lock down 2FA at a border crossing, you&rsquo;ll need to disable your own capabilities to access the resources you&rsquo;ll be compelled to surrender. For example, if your 2FA sends you an SMS message when you log in, either discard or mail yourself the SIM for that number, and bring a prepaid SIM with you through the border crossing; one with a different number. If you are forced to provide your password, you can do so, however you <em>can&rsquo;t<\/em> produce the 2FA token required in order to log in.<\/p><p>[&#8230;]<\/p><p><a href=\"https:\/\/www.zdziarski.com\/blog\/?p=2589\">I&rsquo;ve written about Pair Locking<\/a> extensively in the past. It&rsquo;s an MDM feature that Apple provides allowing you to provision a device in such a way that it cannot be synced with iTunes. It&rsquo;s intended for large business enterprises, but because forensics software uses the same interfaces that iTunes does, this also effectively breaks every mainstream forensics acquisition tool on the market as well. While a border agent may gain&nbsp;access to your handset&rsquo;s GUI, this will prevent them from dumping all of the data &#x2013; including deleted content &#x2013; from it. It&rsquo;s easy to justify it too as a corporate policy you have to have installed.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Jonathan Zdziarski: Obviously, you want all of your devices encrypted and powered off at the border. There are plenty of ways to access content on devices (even locked ones) if the encryption is already unlocked in memory.[&#8230;]To lock down 2FA at a border crossing, you&rsquo;ll need to disable your own capabilities to access the resources [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[31,1380,355,48,573],"class_list":["post-17166","post","type-post","status-publish","format-standard","hentry","category-technology","tag-ios","tag-ios-10","tag-privacy","tag-security","tag-touch-id"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/17166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=17166"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/17166\/revisions"}],"predecessor-version":[{"id":17171,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/17166\/revisions\/17171"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=17166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=17166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=17166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}