Ziggy Zapata Title

EQUIPMENT SECURITY

NOTE: If you arrived at this page without seeing a menu, please click on this link - www.ziggy.com.au - to open the entire Ziggy Zapata website in a new window.

The author asserts his right to publish this information in the public interest
No responsibility is taken for consequences resulting from using any information contained herein

PROTECT YOUR DATA AND YOURSELF

In this modern era of paranoia suffered by Australian authorities and their deliberate erosion of our long-held rights to privacy, I believe that citizens have the inherent right to protect their sensitive information and data from intrusion. Nothing is sacred these days and there are even laws that allegedly force citizens to divulge passcodes to their devices, so that police and others can pillage through their sensitive and sometimes embarrassing private data. I consider that this is completely intolerable and unacceptable. Therefore I will do whatever it takes to keep all my data out of the hands of those whom I feel have no business intruding on my privacy. I advise everybody to read this article and take my advice about cop-proofing their smartphones.

THE DIFFERENCE BETWEEN APPLE AND ANDROID

I have to say that I am a Windows PC user and I would probably never go to the Apple ecosystem for a computer. Apple Macs are very nice, but as a computer builder of over 40 years duration, I'm firmly in the Windows camp, as I was in the good old DOS days. But when it comes to smartphones, I have to say that for the forseeable future, the only one that I will ever use is the Apple iPhone, for a number of very important reasons.

The iPhone Operating System (iOS) is completely locked down by Apple and unless you 'jailbreak' your iPhone and install dodgy apps from a strange source, the only way you can acquire apps is from the Apple App Store. The beauty of this is that so far, Apple has been meticulous in checking every app thoroughly before it is permitted to be available for download from the App Store. So there is virtually no chance of downloading an app that contains malware, viruses or anything detrimental.

On the other hand, the Google Android operating system is completely open source, meaning that there are a myriad of versions available for free and this is why Android smartphones are cheaper than iPhones. Being open source, Android is very vulnerable to malware and it is most unfortunate that the Google Play Store is riddled with Android apps that contain malware, viruses, Trojan Horse spyware, keyloggers and all sorts of nasty apps. Put it this way - I feel totally secure doing everyday banking on my iPhone, but I wouldn't dare do this or anything else that is sensitive on an Android phone.

The other big issue with Android phones is that they are fairly easy to crack and get past the lock screen to access everything on those phones. Police do it all the time with seized Android phones, but because iPhones are so thoroughly protected, police and other authorities tear their collective hair out when they are tasked with accessing a locked iPhone, especially if it has the latest security updates.

The only issue with some apps that have been found in the App Store and Google Play Store is that they are what is known as 'Fleeceware'. These apps are tricky, because there's typically nothing malicious in their code. They don't steal your data or try to take over your device, meaning that there's nothing malware-like for Apple's or Google's vetting process to catch. Instead, these 'Fleeceware' apps work as advertised, but come with hidden excessive subscription fees. A flashlight app that costs $9 per week or a basic photo filters app that's $30 per month would both be 'Fleeceware', because you can get the same types of tools for free, or much cheaper from other apps. With all apps, it is up to the users to never sign up to subscriptions until they are checked out and found to be worthwhile.

AUTHORITIES COMPLETELY STYMIED BY iPHONE

There have been a few famous cases of American authorities being totally stymied by being unable to unlock iPhones seized from criminals and terrorists. For example, in 2015, the FBI seized the iPhone 5C of Islamic terrorist Syed Rizwan Farook and could not unlock it. Knowing that ten wrong attempts would totally destroy everything on the iPhone, the FBI demanded that Apple help unlock the phone. Of course Apple could not be legally forced to do this.

Nevertheless, a court order was granted that required the FBI and Apple to work in tandem to develop software that preserved the data on Farook’s phone while allowing an app devised by the FBI to input an unlimited number of passcodes until it guessed the right one. Quite rightly, Apple point-blank refused to do this or modify its operating system to allow a backdoor, so that the FBI could circumvent the passcode on an encrypted iPhone.

And that is the situation to this day. There have been rumours that devices such as the Israeli GrayKey machine have been developed that can bypass the iPhone passcode, but so far there seems to be no evidence of this. Apple has always refused to unlock a locked phone for police and other authorities, despite being threatened with dire consequences.

Not only that, after the FBI fiasco and the appearance of GrayKey, Apple introduced an update that locked the data port if the iPhone had not been used for one hour. So without the passcode unlocking the iPhone, the data port would remain completely inoperative and nothing would connect to it. This was a fabulous security measure, but I actually contacted Apple to see if they would consider an additional feature that would require the passcode to access the data port every time, not just after one hour. I have not heard back from Apple, but I live in hope.

So if you want to ensure that you have the best chance that nobody is going to get at your sensitive data, use an iPhone and keep away from Android phones.

DISABLE BIOMETRIC LOGIN

While things like fingerprint and face recognition might functionally seem like the same thing as a PIN or password when it comes to unlocking your phone, depending on your location or jurisdiction, the law may treat those two login methods very differently.

The big thing that separates biometric login methods from a PIN or password is that courts typically view the latter as information protected by law, which gives people the right to protect themselves against self-incrimination. That means if the police ask you for your PIN to unlock your phone, even if they have a warrant, you can simply refuse. You should always automatically refuse to allow police any access to your phone under any circumstances, no matter what threats they level at you. Just don't do it.

However, when it comes to face or fingerprint login, the same rules do not necessarily apply and in some cases, law enforcement personnel could forcefully press your finger to your phone or merely point its camera at your face, thereby unlocking it and gaining access to its contents against your will.

This was actually done by corrupt Queensland cops to an ex-federal policeman who was video recording them committing an illegal act. The thuggish cops grabbed the ex-Federal cop and forced his finger onto the fingerprint sensor of his iPhone, unlocked it and illegally deleted the incriminating video. It was fortunate that the whole incident was captured by a CCTV camera.Here is the news report of this incident.

The law isn't entirely settled and to be safe, it's better to completely remove biometrics from your phone's lock screen, so that even if rogue cops or other authorities try to unlock your phone, they won't be able to do it without the passcode. The iPhone is particularly good at protecting itself against any attempts to crack into it. Ten wrong passcode attempts will immediately trash everything on the iPhone, completely beyond the reach of those people.

But the iPhone can be completely restored by the owner from the iTunes encrypted backup in a couple of minutes, provided that the owner has been diligent and backed up the iPhone very regularly to a computer. I back up my iPhone to my computer's encrypted backup every morning and one day, this will pay off.

ALWAYS USE A PASSCODE OR PIN

Enabling a strong PIN or password instead of face or fingerprint login is the only safe course of action. On iPhone, navigate to Settings then scroll down and choose Face ID and Passcode to deactivate Face ID. Do the same with Touch ID and Passcode. Different versions of Android will have the settings for biometrics located in different areas, so you'll want to check with your specific phone and version of Android. Look for Face Unlock or Fingerprint Unlock under Settings.

You will also probably want to remove access from the lock screen to any digital assistants on your phone, as you do not want a cop to call up Siri, Alexa, or the Google Assistant and get data from your smartphone and thus bypass the lock screen. So if your phone is secured with a PIN or password, you can set those digital assistants to not be accessible from the lock screen and in that way, police and others cannot use them to gain access to your phone.

On iPhone, go to Settings and then choose Siri and Search and then deactivate 'Allow Siri When Locked.' On Android, navigate to Settings and look for Google Assistant to deactivate it from the lock screen. For other voice assistants like Alexa and Cortana, only allow access to them after your phone has been unlocked with your PIN or password.

SET YOUR PHONE TO REQUIRE PIN EVERY TIME

Most people have their phones set to require a PIN or password after five or 10 minutes of inactivity, which leaves the phone vulnerable to be unlocked by police within the inactivity time. You do not want someone to be able to grab and access your phone without a password because you just had it unlocked. To change that on iPhone, navigate to Settings and then Face ID and Passcode and Touch ID and Passcode and change Require Passcode to Immediately. It's more difficult to do on Android, but can usually be found in Settings under Security or Passcode. it is slightly more inconvenient to keep unlocking your phone every time it is taken out of standby, but believe me, it is worthwhile because you will know that no matter what, there's no chance of somebody unlocking your phone without your permission.

LOCK YOUR PHONE IMMEDIATELY TO STYMIE CONFISCATION

If you're in a situation where your phone could potentially get confiscated and you haven't already changed the passcode requirements, it's important to know how to force your phone to require a PIN or password the next time anyone tries to unlock it. The first way is to simply restart your phone, as on both Android and iPhone, as long as you have a PIN/password set, the operating system will require a PIN/password upon restart.

But in a pinch, there are even faster ways. On modern iPhones, you can quickly press the lock button five times and the Power Off button will appear. Even if that button is not used and the Cancel button is pressed, the PIN/passcode will be required to open the iPhone.

On Android, there's a special Lockdown setting that can appear anytime you hold the phone's power button down, but before you can use it, you first need to enable the option in your device's settings. On most versions of Android, it is found by going to Settings and then choosing Security and Location. Next, choose Lock Screen Preferences and Show Lockdown Options.

The best procedure is to only enable the camera to be accessed from the lock screen and nothing else. In that way, you can record whatever you want without leaving your phone vulnerable to be seized by cops while it is unlocked. The videos and photos that you take will remain intact, as they cannot be deleted from the lock screen.

TURN ON AEROPLANE MODE TO PREVENT GOVERNMENT TRACKING

As we've seen in China, governments have started getting more sophisticated when it comes to using technology to monitor people, including the use of tracking devices that connect to nearby cell or WiFi nodes. In Australia in 1994, Sydney businessman Phuong Ngo was convicted for killing politician John Newman, when police produced his cellphone metadata that proved that Ngo was at Newman's premises at the time of the murder, thus destroying his false alibi completely. The Australian government is retaining cellphone metadata of all users for at least two years.

So if you really do not wish to be tracked if you are going to do something that you wish to keep secret, or you want to hide your digital footprint, you should turn on your phone's Aeroplane Mode to help hide your digital footprint. Incidentally, you should understand that when you switch your smartphone off, it is not really off, but on standby and is still pinging nearby cells and registering your location at a particular time. The only way to stop the phone doing this is to put it in Aeroplane Mode or switch it off completely by holding down the Off button for some seconds.

Unfortunately, switching off your phone or turning on Aeroplane Mode comes with the downside of your phone not being able to communicate with others. But if you do temporarily enable Aeroplane Mode, it's important to know how to quickly turn it off again. On Android, open the notifications tray with a swipe from the top of the screen and choose Aeroplane Mode. On newer iPhones, swipe from the top right of the screen and press the Aeroplane button. On older iPhones, swipe up from the bottom and press the Aeroplane button.

But if you really do not want to be tracked, such as if you go out to do something that the authorities may frown upon and you want to create an alibi, the best solution is to just leave your smartphone at home. If you are questioned about your movements, refuse to answer any questions. Even if the authorities check the metadata from your smartphone records, they will see that it did not leave your premises. Hopefully they will assume that you did not leave your premises either. Don't make the same mistake as Phuong Ngo and leave an electronic trail of your whereabouts if you don't want anybody to keep tabs on you.

BACK UP YOUR DATA

Always be aware that if your phone is confiscated, you could lose all the data on your phone. So if you're serious about making sure that this doesn't happen, you should back up your phone before you leave home. In fact it is a very good policy to back up your phone every day, especially in the morning, so you will always have the latest backup from which to restore your phone if it is taken from you, or you have to replace your phone and restore the data to the new one.

On Android, you can back up your phone's data to your Google account, so that later you can restore the back on your phone, or even an entirely different Android device. On iOS, there are simple ways to back up your device to iCloud or a local Apple computer, so you can safely restore everything in case your iPhone gets lost or damaged. It is preferable to back up your iPhone to your computer with an encrypted backup and keep a copy of that backup on an external device that is well concealed, so that even if your computer is seized as well, your iPhone data can be restored from another computer. Backing your iPhone to iCloud is not a good idea, as Apple will supply that data to police on subpoena.

SET UP PERSONAL SAFETY OR EMERGENCY CONTACTS/MEDICAL ID

Another important thing to configure is your personal medical information and emergency contacts. In Android, Google's Personal Health feature has a dedicated place to list emergency contacts, along with place to list pertinent medical details such as allergies, blood type and more. On iPhone, Apple provides a similar system as part of Apple Health that lets you create a Medical ID and health profile, with the option to add emergency contacts under the Emergency SOS settings.

SCREEN PINNING OR GUIDED ACCESS

While these features may only be useful in niche situations, it's important to know that both Android and iPhone have a way of displaying one app while locking everything else behind your PIN or password. This can be useful in case you need to hand over your phone to show a digital driver licence, virtual insurance or ID card, but don't want the police to have full access to your phone.

In Android, this feature is called Screen Pinning, while on iPhone it is called Guided Access. While the setup varies slightly between platforms, both versions allow you to configure a way to provide limited access to an app or a file on your phone without giving someone free rein over the entire device.

GOING THROUGH FOREIGN CUSTOMS

Customs services in all countries have very formidable powers. They can demand that you unlock your smartphone or computer and trawl through its contents and you can be arrested and jailed if you refuse to do so. If they find anything untoward, like pornography, dog fighting or anything that may be illegal in their country, even if it is completely legal in your country, they can confiscate and destroy your smartphone or computer and hit you with a large fine or even arrest and jail you.

There is one very simple remedy that will keep you and your equipment safe. Before you embark on your trip and you are taking a notebook computer and your smartphone, check the entire contents and make sure that anything that could remotely be construed by any nation's Customs as being offensive, illegal or even obnoxious is removed. Not just deleted, but wiped from the computer's recycle bin, so that it cannot be recovered. Don't retain any content that could cause you the slightest problem.

This doesn't mean that you cannot access such sensitive files. All you need to do is to set up a Cloud storage account or a Network Addressed Storage (NAS) device that is connected to the Internet. Put your sensitive files on it and when you need them, download them to your computer and smartphone, once you have passed through Customs and are in that foreign nation. Make sure that your browser is in 'incognito' mode, so that it does not store any details of where you have browsed.

Of course you should never put a reference or the web address and log-on details for that remote storage on any of your equipment and never disclose this to foreign Customs or anybody else. You are not required to tell anybody about files, data or anything else that is not in your physical possession. If it is not written anywhere, then they would have to be clairvoyants to find out about it - and of course they are not. That way, no Customs officials will be any the wiser, even if they thoroughly examine your computer or smartphone.

But this is how crazy it is. Customs can arrest you for having illegal content on your smartphone or computer when entering a nation, yet if you wipe that content from your devices, all that content can still be instantly retrieved from your Internet Cloud storage or NAS device in an instant, once you have crossed the border. When it comes to data these days, there is no such thing as border control, so a savvy traveller can access literally anything whenever he can get onto the Internet. If Customs asks you whether you have data stored in the Cloud or elsewhere, just tell them that you won't even answer that question, as this is totally outside their jurisdiction.

If you prefer to have your data at your disposal at all times and you feel confident, you can keep your sensitive files on a microSD card. These memory cards are very tiny, literally the size of a thumbnail and not much thicker. They can be concealed almost anywhere and would be highly unlikely to trigger a metal detector. For higher security, you should encrypt the entire contents of the microSD card or even make the contents invisible, which can be done under Windows.

Sandisk 1 Terabyte microSD Card
SanDisk 1 Terabyte microSD Card

As of 2020, these microSD cards are available with capacities up to 1 terabyte, literally the same capacity as the average computer hard disk or SSD drive. A well concealed microSD card would be extremely difficult to find. So if you want to keep your sensitive data handy at all times, especially if you know that you are going somewhere without Internet access, just find a really good hiding place for your data-laden microSD card and chances are that foreign Customs officers won't find it, even with a comprehensive frisk search. And just make sure that the microSD card is in a place where x-rays won't see it.

DELETING FILES FROM SSD

If your computer has a mechanical hard disk drive, even though you delete sensitive files from the Recycle Bin and you think that they are gone, the files still leave their traces in the magnetic residue on the hard disk platters. If authorities use the right equipment such as a Spinstand Tester, some parts of those files that might be very incriminating could possibly be recovered. So if you really want to ensure that sensitive files are well and truly gone forever, you need to delete them with a military grade eraser program and there are plenty of such free apps available.

But none of this applies to solid state drives (SSD). These days, just about every modern notebook computer uses SSD for storage, so the idea is to delete anything sensitive from the SSD and delete the contents of the Recycle Bin before going through foreign or Australian Customs, making sure that those files are first backed up in your remote Cloud or NAS storage. Once files are deleted from the Recycle Bin, they are gone forever. That way, you won't get caught with your pants down, figuratively speaking. One of the best computer upgrades is to replace the old mechanical hard disk drive with a SSD. It's a hell of a lot faster and far more secure.

DELETE ALL COMMUNICATIONS

It is amazing how many people have incriminating or illegal information on their smartphones and computers. For example, people try to enter a country on a tourist visa that does not allow them to work, yet they have messages and files on their computers and smartphones indicating that they have arranged jobs in that country. This is height of stupidity and carelessness. Many people are caught out by immigration officers who find such messages and files on their devices and in almost every case, those people are instantly deported.

So when travelling, the safest thing to do is to delete all text messages and delete the 'Recent Calls' register on your smartphone, so that the authorities cannot see who you have been phoning or who has phoned you. Delete any contact entries that you don't want Customs to see. Delete all but the most innocent emails. Delete all chats and texts from encrypted message apps. It's one thing to use those apps and know that you can't be eavesdropped, but it's very foolish to have to unlock your smartphone and give border authorities access to the communications that would have been totally confidential.

If you need documents, but you do not want Customs or Immigration officers to get their hands on them, merely store them in your remote Cloud or NAS facility. Once you get through Customs and Immigration, you can just download those documents and go to an Internet café or library and print them up if you need hard copy. Borders do not exist when you use these techniques. And once you are well on your way and away from Customs, then you can restore that data onto your devices.

FLUSHING THE MEMORY

Most people who have a modern notebook computer do not realise that when they press the OFF button, it does not actually switch the computer off. The computer essentially goes into a standby sleep mode. So Customs could demand that you switch on your notebook and see what is sitting in the memory. The trick is to actually switch off your notebook completely by holding down the OFF button for about 10 seconds. This will actually switch it right off, also flushing the memory completely. The same applies to a smartphone. Hitting the OFF button only puts it on standby, so the idea is to hold the OFF button down for about 5 to 10 seconds until the phone switches right off. Then you can feel confident when you hit the Customs and Immigration hall that nothing incriminating can be recovered from your devices.

DEALING WITH AUSTRALIAN CUSTOMS

Even when I am re-entering Australia from an overseas trip, I make sure that there is nothing sensitive on my SSD-equipped ultrabook computer or iPhone. If I am pulled aside by Customs for an inspection, I immediately state that there is absolutely nothing of any interest or anything remotely illegal on my devices. I state that I have deleted everything except essential software and files and have flushed the contents of the Recycle Bin, so that nothing that was deleted can be recovered. Therefore Customs can look all they like and they will find nothing incriminating. But I can reload all those missing files from my backup as soon as I am back home or anywhere else in transit from various Cloud-type account via the Internet. It's always better to be safe than sorry.

TAKE ALL THESE ACTIVE MEASURES NOW

Finally, the other main thing you should do before going into a situation where police or other authorities might try and access your phone is to make sure that your device is charged up and has lots of available storage. Almost every phone nowadays has a way to access its camera without fully unlocking the phone, so you can capture photos or videos more securely. Furthermore, the built-in voice recorders on most phones will continue to record audio even when locked, so if anything goes down, you'll want to make sure you have room to record everything you can. Nothing beats hard indisputable evidence in court.

It is abundantly clear that the public can't trust the police or other authorities, so it's important for anyone who values their security and privacy to do everything they can to protect themselves and their devices and data. Passcodes and encryption will keep snoops at bay, but only if you employ these measures and never ever divulge those passcodes or decryption keys to anybody.