• General

  • Greetings. Cellebrite/GOS related questions

I have a few questions regarding GOS and cellebrite. To my delight there is a whole stickied post regarding cellebrite that answered many questions. Thank you for that to all whom contributed! (side question. How can I keep up to date with any data regarding GOS and cellebrite?)

It appears to me that the professionals and hobbyists on this forum are in the best position to answer the questions and provide feedback and ideas. I have 0 experience with GOS. I am not a very technical person.

To set a foundation of understanding:
in summary, all and any iOS/android device is open to cellebrite machine automated hacking/exploiting UNLESS it is 1)before full unlock AND 2) has post 2022 patch GOS. Correct me if I am wrong.

As for US law for US citizens they are not mandated to provide passwords of any kind or even hand over their devices WITHOUT a warrant. This raises the issue that they may detain you as a form of spite and try to trick you into consenting. If you do give them either the devices or passwords they might still detain you just for the time it takes them to rummage through your rights and privacy and download it. This obviously provides every piece of data you possess and the patterns that fingerprint your behavior, writing style, and more to the US gov, the police and their friends/family, cellebrite and Israeli gov.

My two imperatives r to minimize any and all interactions with authorities at border crossings, without giving them access to personal data. Everything else is debatable about how important it is to me.

Considering the above two, I found the best solution is to simply NOT bring any devices that have had any personal information attached to them. (please provide any better options anywhere throughout my post). If asked, I provide the burner devices in a before unlock state (if possible) but not any passwords.

This solution raises two issues: First, you still need to somehow send your devices across the border. Second, a device with little to no personal effects might spite the CBP/police into digging further. A device with GOS might do so too, as the police might be confused why they are not able to abuse your privacy.

What are the thoughts and facts around this topic? And do you have any experience with such demands from border police? Would a GOS phone raise the chances you are detained compared to an empty burner phone with stock rom?

Formatting my current devices seem out of the question too because cellebrite automatically restores deleted data.

    cellebriteandco changed the title to Greetings. Cellebrite/GOS related questions .

    cellebriteandco in summary, all and any iOS/android device is open to cellebrite machine automated hacking/exploiting UNLESS it is 1)before full unlock AND 2) has post 2022 patch GOS. Correct me if I am wrong.

    Correct, but you meant AFU, not BFU. The device is much more vulnerable AFU, it has passwords in RAM.

    cellebriteandco As for US law for US citizens they are not mandated to provide passwords of any kind or even hand over their devices WITHOUT a warrant.

    Funny, when you are under pressure, you will forget those simple amendments. Either you spend a week in jail, or provide the passwords and you can be released on the same day.

    cellebriteandco Considering the above two, I found the best solution is to simply NOT bring any devices that have had any personal information attached to them.

    Correct

    cellebriteandco What are the thoughts and facts around this topic? And do you have any experience with such demands from border police?

    As an Israeli who worked on NDA with Cellebrite in the past, I doubt a random border patrol will investigate your device with UFED. This requires special training and license, and it's usually not provided to such entities.

    cellebriteandco Formatting my current devices seem out of the question too because cellebrite automatically restores deleted data.

    No, it does not. Properly factory reset your device and reinstall the OS, they have no solution to recover the
    data. Because it was already encrypted with FBE prior the wipe.

                Please don't forget that even if your phone is compromised you still can soften the damage with "further walls". Use signal, with locked access to chats e.g. - since it's not cracked by cellebrite as far I know
                Encrypt your important noted and so on

                23Sha-ger As an Israeli who worked on NDA with Cellebrite in the past, I doubt a random border patrol will investigate your device with UFED. This requires special training and license, and it's usually not provided to such entities.

                I wouldn't bet on it - they might don't -directly- remove it from you and try to do the cellebrite magic... but they may ask to unlock and look trough your data. That's not that unlikely with US border controls e.g. - and depending how they feel they might start further processes with you.
                and if @cellebriteandco travels into CN e.g. they should definitely prefer a burner, just look at Xingjang, where you need to install a spy-app (https://github.com/motherboardgithub/bxaq // https://www.vice.com/en/article/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware/ ) it may not be cellebrite* but yeah... and I believe there is also an app for Hong Kong border crossings.

                Actually it is the reason I don't travel to China - or the US - since some years.

                (*how knows where they got (parts) of the code)

                    ILIKETRAINS

                    Not sure you completely understand GOS and Android's secure boot model.
                    There is no way for them to install anything on your phone without wiping it, or at least
                    if it's on the BL level changing the loaded hash of the signature.

                    I'm not talking about a way to circumvent border patrols here, or how to make them avoid looking
                    at your specific phone, just plain example of what is in their power and what is not. And if you think
                    any random airport has the power to pop your phone open with 0days like the FBI, you are either
                    spreading FUD or don't understand how GOS works.
                    Because they can't.
                    Even "serious" law enforcement agencies with the latest Cellebrite tools can't do much when the suspect
                    is not cooperating. And I know a thing or two about it, since in those cases the subject might be physically
                    not being able to provide any keys to the phone, because the subject himself is in the forensic unit's fridge.

                      18 days later

                      ILIKETRAINS Will software installed onto the iOS or android be 'an extra wall' even when the OS (or silicon) itself is cracked?

                      I'm referring to apps like Signal.

                          cellebriteandco

                          Apps can do this, but I'm not aware of many that do.

                          For example, if someone gets access to your phone, they will be able to access any Signal messages stored on your phone.

                          Molly has an encryption-at-rest option though, which does provide additional protection if you enable it.

                          A properly designed password manager or 2FA app would also do something like this.

                              Probably9857 For example, if someone gets access to your phone, they will be able to access any Signal messages stored on your phone.

                              Signal does have a "disappearing messages" option, but that's only a partial mitigation.