Some enterprising (probably Chinese) programmer should ctreate a dummy program with the same name/icon and preload it on their phones before entering the area. Flash it to the local border guards and be waved through.
We are shocked to learn oppressive authoritarian surveillance state China injects spyware into foreigners' smartphones
Authorities in a tumultuous region of China are ordering tourists and other visitors to install spyware on their smartphones, it is claimed. The New York Times reported today that guards working the border with Krygyzstan, in China's Xinjiang region, have insisted visitors put an app called Fengcai on their Android devices – …
COMMENTS
-
-
-
Monday 24th February 2020 17:50 GMT Philip Lewis
A lifetime of VANS phones
Looks on the shelf.
N9. That still works for 3G+ telephony and they won't have that
Xperia X running SFOS. Dump the Android 4.4.x emulation and that'll be safe as well.
Some old 2G phones around, but not sure if 2G even exists in China
Any iPhone4 or 3GS will have a version of iOS so old that their fruity app will probably bork - must have one here somewhere?
-
-
-
-
Wednesday 3rd July 2019 15:38 GMT DuncanLarge
> I suggest you delay the reset until you are safely back home
Too late, damage already done.
Take a wiped / new smart phone attached to a new account or a feature phone. Leave your digital life outside the border and create a new one inside the border, thus they can simply watch what you get up to inside but have no look in to your real data that remains outside.
When you leave, wipe the phone and destroy it (responsibly) / give it to the guards to keep.
Or just get a feature phone. You can tweet via telnet running over a null modem connection to an apple 2 / C64 these days so sending an SMS to tweet should be a piece of cake.
I give the same advice when going to the USA.
-
-
-
-
-
Wednesday 3rd July 2019 08:19 GMT 0laf
Going to China (or let's be honest the USA as well) take a burner.
You know your phone will be examined so don't take it. Take what you need and no more.
If you're going to the states make sure you've no social media accounts or if you can't remove the app at least remove the account from the device.
You can use the web for your email at least until you reinstall the app.
If you going to China really you should expect to need to toss your devices when you get home or at least have them refomatted.
-
-
Wednesday 3rd July 2019 11:24 GMT 0laf
https://www.theguardian.com/us-news/2017/apr/09/uk-tourists-to-us-may-get-asked-to-hand-in-passwords-or-be-denied-entry
"Nearly all applicants for US visas will have to submit their social media details under newly adopted rules.
The State Department regulations say people will have to submit social media names and five years' worth of email addresses and phone numbers.
When proposed last year, authorities estimated the proposal would affect 14.7 million people annually."
From the BBC June 19 - https://www.bbc.co.uk/news/world-us-canada-48486672
-
Wednesday 3rd July 2019 11:25 GMT goodjudge
US border
Presumably you're of Caucasian descent, unlike, say, my bearded, darkish-skinned, Spanish, brother-in-law who was regularly pulled for "random" additional security checks when flying on declared academic business. Thankfully he got a promotion before searching phones / social media accounts became the in-thing, and has delegated the US trips to some other poor sod.
-
-
Wednesday 3rd July 2019 15:47 GMT DuncanLarge
> If you going to China really you should expect to need to toss your devices when you get home or at least have them refomatted.
No, chuck them. Never trust the device again. You can "reformat" the main OS but you cant reformat the other OS , the one that handles all the cell connections etc. Those chips are off limits to the likes of most people.
-
-
-
-
Wednesday 3rd July 2019 00:15 GMT Anonymous Coward
Re: At least they are open about it...
To actually reset a phone that may have been compromised, you need the manufacturer specific flashing tools, partition map, and signed image including bootloader, radio firmwares, vendor partition, user partitions, cache, etc and write zeros to every space that isn't specifically repopulated with the original manufacturer programming. Including parts The flash chip that may not be documented or partitioned. It's never enough to simply do a factory reset.
You have to wipe and Rewrite the entire flash chip in raw write mode.
-
-
Monday 8th July 2019 10:51 GMT Muscleguy
Re: At least they are open about it...
During the Scottish IndyRef my Android phone had a strange feature. The phone reported it had much more data on it than adding stuff up or was reported when connected to a laptop. I ran virus checkers, file readers etc and looked for stuff at every level I could (Developer activated).
Then I got an Android update and it resolved the situation. This was after the vote was over and I have no evidence of anything on my current device.
When attending meetings of RIC (Radical Independence Campaign) I would ensure the phone was off or just leave it at home. Playing 'who is reporting to MI5' is fun as well. Not assuming any of this stuff happens when much more benign protestors and activists have MI5 files on them would be naive.
-
-
Wednesday 3rd July 2019 00:11 GMT Anonymous Coward
I thought It had been well established that in this day and age, but if you're traveling internationally, that you don't bring electronic devices with you. You pick up a burner when you get in country, and you ditch it before you leave. They only do it because statistically results in oan uncertain x percentage of success. The key is to make it a lossy operation to the point where other parts of their government and influencing sources push to cut the program as irrelevant and a waste of money.
If they going to implement such things, it's everyone's personal responsibility responsibility to make sure that it is as pointless and unjustifiably expensive as possible to do so.
-
Wednesday 3rd July 2019 01:32 GMT Anonymous Coward
"I thought It had been well established that in this day and age, but if you're traveling internationally, that you don't bring electronic devices with you."
And if it's in your job description to bring something electronic with you? Because it contains the very reason for your visit, and not bringing it with you is not an option? And no, a VPN is not an option (because China is already known to bork unsanctioned VPNs and other encrypted connections)?
-
-
-
Wednesday 3rd July 2019 18:50 GMT Anonymous Coward
Re: They can't make you bring your own personal phone or laptop.
I have no problem using my personal phone for work (i.e. receiving work related calls on it) since I've ALWAYS done that and have refused any attempts to have me carry a second phone, but I'm not bringing it overseas and having it subject to a search let alone spyware installation. I'd set up a number via skype, rent a burner phone while I'm there and tell work to call me via that skype number. Then I'll turn in my charges for the burner phone rental and skype bill as expenses when I return.
I'll tell them that's what I plan to do ahead of time - if they don't approve then I'll quit the day I was scheduled to leave on the trip and leave them screwed and scrambling to find someone else to do whatever it was I was supposed to travel for.
-
-
-
Wednesday 3rd July 2019 09:05 GMT theModge
And no, a VPN is not an option (because China is already known to bork unsanctioned VPNs and other encrypted connections)?
They try, but the number of Chinese students here in the UK running VPNs for their friends back home would suggest that they're ineffective in cracking down on them. From my colleges who travel it seems that something like your employers corporate VPN will work, even if say nordVPN is blocked. Not that this is a reliable bias for demonstrating your product if it requires a connection to your server at home, but if you're selling to anyone government owned in China you may well find there's a requirement to host your service locally anyway.
-
Wednesday 3rd July 2019 11:32 GMT Just Enough
It goes with the job
"And if it's in your job description to bring something electronic with you?"
If it's your job, and you are going to China for your job, then your employer must be aware of the risks, and should be taking appropriate precautions. Don't take anything to China that your employer doesn't want the Chinese authorities to see.
Don't take your personal devices with you, unless you apply the same criteria to your own data on it.
Either way, don't mix your personal data with your employers data on the same device.
-
-
-
Wednesday 3rd July 2019 08:10 GMT big_D
No, that is the official advice from anti-hacking units.
A friend's server turned up on a list on a hacker forum. They told him to shred the hardware and do a fresh re-install on a new system and reload the data from a checked backup.
Their advice for travelling to certain countries was to buy a disposable phone and throw it in the bin at the airport on the way back. The same for any laptop, no sensitive information on it and throw it away when you come back.
-
Wednesday 3rd July 2019 09:19 GMT Potemkine!
Their advice for travelling to certain countries was to buy a disposable phone and throw it in the bin at the airport on the way back. The same for any laptop, no sensitive information on it and throw it away when you come back.
Good advice, but it makes the travel a little bit expensive, doesn't it?
-
Wednesday 3rd July 2019 09:53 GMT big_D
It can. We keep the old laptops and company phones in a cupboard, ready for issue to employees travelling to "at risk" destination. The laptops get a deep delete and re-install when we get them back and aren't connected to the network. No confidential information, they get to work over VPN on the terminal server.
Likewise, the company phones (mainly old Windows Phones at the moment) get reset and the user can do a factory reset and leave them in the destination land when they are finished. No company email or company data on the phones.
-
-
-
-
-
-
Wednesday 3rd July 2019 09:22 GMT Potemkine!
Re: "don't ever visit China or its subsidiaries"
Repression works best in the silence.
Everybody knows the horrors committed in North Korea, it does not deter Norks to continue. Knowledge is not a way to stop atrocities. Sadly.
If there's no money involved, a dictatorship can freely torture, murder, exterminate, nobody will care.
-
Wednesday 3rd July 2019 15:12 GMT Anonymous Coward
"Everybody knows the horrors committed in North Korea"
Do we? We have scanty reports, second hand information, and North Korea likes to play with that - look at the reports someone has been eliminated and then reappears - it's a tactic to make sources look unreliable.
Do we have images from their camps? Direct reports from independent journalists? We mostly have some cheerleaders from abroad allowed to visit it - and only see what they want you to see.
-
Wednesday 3rd July 2019 18:21 GMT DropBear
Re: "don't ever visit China or its subsidiaries"
There's a huge difference between open knowledge of shittery committed existing _outside_ and _inside_ a dictatorship. They generally tend to not give a shadow of a flying fsck about what people outside know (well they do prefer you not knowing but if that's not an option: meh...) but anything being discussed inside tends to be cracked down on with extreme prejudice. As long as people inside can't get organized or even become aware of the true scale and nature of things going on, nobody cares how much democratic states might dislike a dictatorship they already despise anyway.
How sure are you "everybody" inside North Korea also knows all about those horrors (assuming they didn't happen to their neighbour / family), and how many might even dismiss them as subversive rumours and western propaganda, when people's access to information is basically limited to what their state has been telling them all their life (at full volume, day in and day out, because why not) and what they might gossip about with their neighbour (assuming they dare opening their mouths at all in front of someone who might any time be a state informant)...? You will find nothing but "fervently patriotic righteous people*" anywhere you look in a country where it's reasonably well known (or suspected) that anything else may well get you "un-personned".
*that's what they will be looking like, and you'll never tell how many might be faking it, because those you could tell tend to fail the Darwin test by definition. All you will know for certain is that at least some of them truly do believe most of it...
-
-
-
Wednesday 3rd July 2019 08:03 GMT big_D
Burner phone...
A friend had a visit from government security specialists and one piece of advice was that if you are travelling to such countries, you should use a disposable phone during your stay and just reset it and throw it in the bin at the airport when you fly back home. The same advice was also given for laptops and tablets, just throw them in the bin, when your visit is over.
You don't know what could have been installed and you can never be certain that it has been successfully removed (UEFI rootkits etc.)
-
-
-
Friday 5th July 2019 07:38 GMT James 51
I really like my Q10 as well. If my infant son hadn't used it as a teething ring and drooled into the microphone it would still be my main phone (was in contract at the time but Vodafone just kept playing support pingpong until the contract ended). The amazon app store still works, that's what I use overdrive on. Some of the websites do come up with your browser is too old message now.
-
-
Wednesday 3rd July 2019 14:22 GMT ConcernedCitizen
U.S.Government has DROPOUTJEEP.
DROPOUTJEEP: "A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."[8]
Between my cell carrier, U.S., and Chinese spyware it's a wonder my phone can still play my games.
-
Wednesday 3rd July 2019 17:31 GMT atropine blackout
Plus Ca Change
Having spent a bit of time in that part of China, I'd have to say that this level of repression is not really new - just different tech / better publicized. At that time (turn of the century), the roads in the area were some of the best in China - and were built *solely* for the benefit of heavy troop movements.
Even then we used Chinese-made burner phones; cash, rather than credit cards - you get the drift..... maybe still good advice.
Incidentally, part of the ongoing Han Chinese paranoia towards the Uighurs may stem from the fact that, unlike the Tibetans further South, the Uighurs are not (at all) given to turning the other cheek. In other (completely unreported at the time) news, the PLA and their nastier cousins, the Gong An, came off a decidedly poor second in several small encounters with Uighur groups in the desert West of Urumqi.
Didn't really help in the long run though, and its hard to see this ending well.