Travel OPSEC - Phone Security for Border Crossings

Published on

Blog Posts

Device Preparation

  • Consider using a burner phone (buy a cheap phone at your destination)
  • For iPhones, enable Lockdown Mode, especially for overseas travel
  • Put sensitive data in the cloud, delete relevant apps and data, then set up again after crossing
  • Always power down your phone completely before handing it to officials
  • For iPhones, use the “Erase All Content and Settings” option which rotates the key hierarchy for the data volume, making previous data unrecoverable

SIM Card Management

  • Travel without your regular SIM card
  • Be aware that SIM cards transmit unique identifying information to cell towers and have full root access to your device
  • Keep minimal WiFi networks stored on your phone

Operating System Considerations

  • Consider GrapheneOS for Android devices
  • GrapheneOS provides key destruction at factory reset according to their FAQ
  • For Android, ensure encryption is activated (default on Android 6.0+ when screen lock is set up)

Authentication & Access Control

  • When crossing borders, never hand over a powered-on phone
  • Disable facial recognition at border crossings to control when the phone is unlocked
  • For iOS, enable Stolen Device Protection; hold lock button and volume button together for two seconds to require PIN unlock instead of biometrics
  • Set your phone to erase after 10 failed PIN unlock attempts for extra caution

Data Security Approaches

  • For Android, consider using Termux with secure deletion tools like “shred” and “srm” packages
  • Enable 1Password’s travel mode which removes vaults except those marked safe for travel
  • Recent phones have encrypted storage with keys wiped on factory reset
  • Consider wiping your phone and restoring from iCloud upon arrival

Physical Security Options

  • Consider breaking or epoxying the USB-C port and using wireless charging only for extra protection
  • Store sensitive data encrypted on a micro SD card hidden elsewhere, then restore from it at destination

Alternative Approaches

  • Leave your phone at home entirely and say you forgot it
  • Consider a remotely accessible virtual smartphone that isolates groups of apps from each other
  • Limitation: This approach requires network availability

Things to Avoid

  • Don’t arrive with a completely wiped phone as this can raise suspicion
  • Log out of all social media accounts
  • Be cautious of phones advertising “secure wipe after failed password attempts”
  • Avoid using “secure apps” on phones as they can be seen as suspicious

Other Resources https://www.aclu.org/news/privacy-technology/can-border-agents-search-your-electronic