How to Protect Your Crypto Wallet if Someone Searches Your Phone?

We all keep a lot of personal information on our phones and obviously don’t want to share our correspondence, cryptocurrency wallets, or contacts to become a part of the public domain. Nonetheless, in some cases, authorities can ask you to provide full access to your device.

Is this even legal? Can you refuse to give your phone to law enforcement? How can you protect your cryptocurrency wallet? Let’s find out.

Who Can Search My Phone?

Any country deems the state border as a source of ongoing danger. So visa/passport/customs control services usually have more rights to invade your personal space and search your belongings. Statistically, they do more searches than any other law enforcement agency.

The border control authorities in the U.S., Canada, China, and Israel are legally entitled to search the digital content on your devices. If you refuse, they may deny your entry. The customs officers analyze your social media posts, history of calls, browser history, look through your messages, photos, videos, and text documents. But, what’s important, even though they are entitled to search the data stored on your device, they have no right to search through data stored in cloud or third-party web services.

The available data suggests that in 2017 alone customs officers in the U.S. searched through 30 thousand devices, which was 58% more than in 2016. Considering that the U.S. border is crossed 400 million times a year on average, the searches account for 1 in 13,000.

What Information Can They Access?

As lying to officials or forcefully resisting them is obviously a bad idea, let’s consider the situation when you had to give your phone to the searching party.

First of all, if your phone is not encrypted, the chances that the data will be retrieved one way or another are nearly 100%. Many Android and Windows Phone devices have a service mode allowing one to download all data via regular USB connection. This also works for most devices working on Qualcomm (HS-USB mode that works even if the uploader is blocked), on Chinese smartphones on MTK (MediaTek) Spreadtrum and Allwinner processors (if the uploader is unlocked), and with all LG smartphones (their service mode allows to retrieve data even from a ‘bricked’ device).

But even if the phone doesn’t have a service backdoor, they can retrieve data by dismounting the device and connecting to JTAG service port. If even that doesn’t work, they can remove the eMMC chip, and put it in a simple adapter working on the protocol similar to the one used with SD cards. If the data were not encrypted, the searching party can retrieve anything, including authentication markers that grant access to cloud storage.

Kurt Opsahl and William Budington of Electronic Frontier Organization claim that customs officers may have special equipment designed to retrieve data from your gadgets in a fast and efficient fashion. Usually, they employ Cellebrite devices that can copy even deleted information as shown below. In some cases, they can retrieve data even from blocked smartphones.

If they make a backup via Android Debug Bridge from your phone, here is what they will be able to access:

WiFi passwords and system settings.

Photos, videos, and all contents of internal storage.

Installed apps (APK files).

Data from apps that support backups (including authentication markers).

Another Android vulnerability is the abundance of unsafe methods of unlocking collectively known as Smart Lock. Nobody can prevent the customs officer from making a photo of your face or pressing your finger to the fingerprint sensor. Sometimes they can even use a copy of your fingerprint if there is one in their database. Make sure that there is no other way to unlock your phone than to use a passcode or, if possible, a password (preferably strong). If you use a password, you should opt for combinations of big and small letters, special symbols, and numbers. If it’s longer than 16 symbols, it’s even better. For instance, it will take a modern computer more than 200 years to guess P#$$M>Rd_wR1443N_c0Wpl1c4^3D. Use services like GenPas to generate complex passwords randomly.

iPhone users are much luckier. If they use the newest iOS and never performed a jailbreak, it would be impossible for customs officers to retrieve data. The only method they could use is to make a backup via iTunes or special app like Elcomsoft iOS Forensic Toolkit. If you don’t want that to happen, lock your backups with a password. This option is available as Encrypt iPhone backup at the time of writing.

If you want to protect your passwords, disable Keychain and iCloud keychain on your phone. The passwords will be deleted from the device and won’t use ones stored in the cloud until you activate the service again. Browser history and search history are deleted in a similar fashion. Please note, however, that the browser history will remain in iCloud for at least two weeks after that. If you don’t want anybody to access it, disable data sync with the cloud.

Finally, you could disable iCloud completely. This is not preferable, however, because it will also deactivate iCloud Lock and Find My, which you would need in case someone steals your device.

How Can I Protect Data on a Non-encrypted Android Device?

If the phone is not encrypted and backup is allowed, you can install TWRP, a custom recovery, reboot in it, make a Nandroid backup of system and data folders that contain the OS your data/apps respectively, remove the backup from the phone (it will be stored in TWRP on a memory card) and upload it to a cloud (for example, Dropbox).

Then reset the phone to factory settings, link it to a fake account, install some apps, use some passwords you don’t care much about in the browser, and altogether make an impression of an actively used device. Then reboot in TWRP again, make a backup and upload it to the cloud again.

As a result, you will have two backups: your real system and a fake one. All you have to do is restore the fake system before your journey, pass the border, and then restore the basic system. Everything up until the locations of icons on the screen will remain the same.

How to Encrypt My Gadget?

If you prefer not to risk entering the grey area described above, activate Full Disk Encryption (FDE) on your Android gadget and switch it off. When you turn it on again, it will ask you to enter a password even if it usually gets unblocked with a fingerprint. If you have an iPhone, you also can activate FDE and delete encryption keys. This operation is built-in restoring the device to factory settings. After the search, all you have to do is connect to a WiFi network, restore the phone once again, and download your backup from the cloud.

So, if you want to authorize with your AppleID, you will have to have the second authentication factor with you (for instance, the SIM card for the trusted phone number). Otherwise, you won’t be able to enter your own account and iCloud data.

Finally, keep in mind that encryption may take a few hours. You will not be able to use it during that time.

Laptop Encryption

Use FileVault for Apple OS X devices (it encrypts the entire disk). Apple’s website contains detailed instructions for its use.

Professional versions of Windows (Enterprise, Pro, Ultimate Edition) have the built-in software BitLocker. For other cases, use VeraCrypt. At present technology level, it will take 40 years to decrypt the data encrypted by this software.

Two Kinds of 2FA

Two-factor authentication provides additional protection of your accounts in social networks, messengers, email, Google, Apple, and iCloud. All manufacturers and developers recommend that you use it in all cases.

Most services offer 2FA via SMS. However, certain mail services allow for an app that automatically generates temporary codes (for example, Google Authenticator). It is safer than SMS confirmations that can be interceded upon transmission. You can set up the generator of codes in Gmail’s Security tab.

Use Secure Messengers

Telegram and Signal are considered the most secure, even though Telegram is often criticized for its encryption mechanisms.

Telegram, however, has secret chats that are not stored on servers and can self-destroy. Select the user you want to talk in private, tap on their userpic and select Start Secret Chat. You cannot create secret chats for groups or make calls through one. If you need both, Signal is your choice. It completely encrypts all data transferred between users.

Both messengers have Android and iOS apps as well as apps for personal computers (note that desktop version of Telegram doesn’t have secret chats). Both apps are free but you might want to enhance security using in-app settings.

Email encryption

You may use PGP to encrypt your letters: it encrypts messages prior to sending and only the owner of a special password can read them. Even if your letter is intercepted, nobody would be able to read it. Neither the FBI nor the CIA was able to read PGP-encrypted letters so far.

Alternatively, you can use Peerio. It’s easier to use than PGP and enables full encryption of data. Peerio has iOS, Android, and Windows versions as well as a Chrome plugin.

Cryptocontainers

Cryptocontainer is a logical disk whose file structure is usually similar to the OS’s structure. When it’s open, you can record all kinds of files there. To conceal them, just dismount the cryptocontainer. If you want to see your files again, you will have to use a previously created key or password.

When it’s dismounted, other people won’t even notice it exists. All data you have there will be securely hidden from prying eyes.

On top of that, decryption here is impossible without the key, and creating special utilities capable of hacking the encrypted disk is too expensive, and even then their efficiency would be dubious.

The most obvious advantage of this method is the option to create a “double bottom” cryptocontainer. If there is one, you can freely give the key to the searching party. Whatever is in the hidden chamber will remain unknown and invisible to anyone until the second password is entered. It is impossible to detect the presence of the hidden part with either software or hardware.

This method, however, is not perfect. If you forget the access key, you will never open the container. A faulty encrypted file will never be restored. The only thing you can do in this case is make a backup elsewhere. Additionally, files are recorded into the container much slower than you may have become accustomed while working with regular disks.

At the time of writing, Google Play has the following apps for encryption:

LUKS Manager;

EDS Lite;

Cryptonite;

CyberSafe Mobile.

LUKS Manager is the oldest file encryption software for Android. It uses AES algorithm and supports EXT2/4 and FAT32 file systems. The volume of the encrypted container is limited only by the storage of your phone. It encrypts files “on the go” and is easy to use (encrypted containers work as regular folders). On the other hand, the software requires root rights for its operation and does not support TrueCrypt, which is a de-facto standard solution for most desktop platforms.

EDS Lite does not need root rights and supports TrueCrypt. It uses AES 256 and SHA-512 algorithms. Nonetheless, you cannot encrypt files “on the go” and work with encrypted containers similarly to regular folders. There is a built-in file manager that supports all file operations, though. For example, you can create an encrypted container in EDS Lite or TrueCrypt, open it in the file manager and copy all the files you need encrypted.

Cryptonite is in beta right now. It supports cloud storage but requires Android core to support Kernel FUSE, which is not available on every Android phone.

CyberSafe Mobile can sync cryptocontainers with Google Drive which enables one to work with the same data array on different devices. The app does not require root rights until you try to mount the container in a certain folder. The app also enables one to exchange encrypted files with other users and to encrypt any folders in Google Drive. Its downside is that you have to pay for it as the free version limits the length of your password just to two characters.

Breaking Into Cryptocontainer

Bruteforce attack (simple guessing of passwords) is one of the most obvious ways to break into a cryptocontainer. However, if your password and encryption algorithms are good enough, it will take hundreds of years for standard computers. That is not the case for quantum computers, however: it will be able to crack the code within days. Still, it would cost millions of dollars and therefore is quite unlikely to be used against a regular person.

The most efficient protection against brute force is onion encryption where data is encrypted several times with different passwords. For example, first, you encrypt files with TrueCrypt using algorithm 1, and then with AES Crypt with algorithm 2.

For regular users, dictionary attack is way more dangerous. Basically, the software uses a password database and checks each of them. It’s a simple and cheap attack compared to brute-force. The success of this attempt relies on the quality of the database and depends on password strength. The method of protection here is fairly simple: your password shall not be in the database. And if you randomly generate a password of 50 characters or more and use an encryption key, the hackers won’t stand a chance.

Thermorectal Cryptanalysis

This is a pseudoscientific way of describing a soldering iron up someone’s rectum put there to get the information through torture. Generally, this method of extracting passwords is about forcing the person to give them away through physical or psychological pressure or threats, which in some cases may include imprisonment, torture, blackmail, and other highly unpleasant experiences.

This method sadly can break any algorithm and password, but there are still ways to protect the valuable data.

The first of them is about physically destroying the way to access data. You can place the key to a cryptocontainer on an SD card and in case of trouble, just smash it, throw away, or even eat (which is not recommended for obvious medical reasons). If the key is destroyed, there is no way to access the data.

Double-bottom containers described above are also an efficient way of not giving away valuable information.

Finally, you can use professional software and hardware for emergency erasure of data. Push a secret panic button to destroy containers and keys without any chance for restoration alongside with browser history and other “footprints” of your actions.

Forensic Analysis of RAM

Analyzing RAM is a standard forensic practice. Law enforcement uses special software to dump RAM and then scrupulously study it in search of valuable artifacts like encryption keys. To protect your data against that, just activate the automatic cryptocontainer dismounting option and enable automatic removal of keys from RAM after a certain non-active period.

You also can use Panic Button software: it can delete all data from random access memory after a non-active period.

Spare Key Hack

If you run full encryption of your Windows system, the encryption keys are automatically saved on Microsoft Account, while macOS encryption keys are automatically stored on iCloud. If someone accesses your account, they may decrypt all data on the hard drive. So if you want to avoid that, disable the option of saving the key when encrypting the system.

Conclusion

Always remember that customs or police officers can always interpret the law to their own benefit. On top of that, they have a well-known collection of ways to make you do what they want.

Of course, lying to customs officers is not only unethical and illegal but also silly. It could escalate the situation from a hindrance to a real problem within seconds. Using protection methods described here would be much wiser. Remember: nobody can retrieve something that isn’t there. But there are always ways of getting a password from you.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.