For all the infosec here.
-
For all the infosec here. I’m going on a holiday (about a week) to Turkey. I’m preparing for it and I’m wondering : am I justified in thinking I do not need to change my phone to a temporary one? Using an iPhone with Apple Pay, stuff like a password manager, 2FA auth, and the usual like mail and such. Nowhere near any confidential stuff only personal
-
@qper @neil
Are you an enemy of the state? A suppressive person? A journalist? Politically exposed? Likely to have trade secrets?If none if the above, the only things I'd recommend iare:
Disable Apple Pay. That'll make it harder for thieves to rinse you.
Get a chunky phone strap and use it to lessen the risk of theft.
Make sure all your sensitive apps are behind a biometric lock.
Have a secondary way of getting important info (like flight tickets) if it is stolen.
Enjoy your holiday
-
@Edent @qper @neil
All that and leave your phone OFF until you get out of the airport. Not just airplane mode!Turkey are not one of the countries likely to attempt to clone your phone (although I wouldn't advise visiting the Saudi Embassy if I were you!), but having the phone off makes that significantly harder.
-
@xdydx what do you think phone cloning is? And why can it only happen in an airport?
-
@Edent
As others alluded to...
One deplanes.
One stands in a passport/visa queue.
One may or may not be asked to list social media accounts.
One may or may not be asked to hand over an unlocked phone. In some places this is sufficient.
In others the phone will be connected to a laptop with a special cable and software. And then handed back.Not having reviewed the software, or the cables, I cannot tell you if it's just looking for anti-regime text/images/sentiment, or anything criminal.
-
Death by Lambdareplied to Death by Lambda last edited by
I do know one can be turned away at that point if one refuses to unlock the phone. And for example in the US you can be compelled to unlock the phone if it is on and protected by biometrics only.
Regimes who want to clone phones do not need to do it at the airport, nor do they specifically need the phone to be on. But it is logistically easier at the airport and if one is going to worry about it once one needs to the hotel, one might as well not take the device.
-
Death by Lambdareplied to Death by Lambda last edited by
Most phones these days are encrypted at rest, meaning the clone would need to be brute-forced to be useable.
-
@xdydx that's absolutely fascinating. Can you please tell me more?