Ziggy Zapata Title

EQUIPMENT SECURITY

NOTE: If you arrived at this page without seeing a menu, please click on this link - www.ziggy.com.au - to open the entire Ziggy Zapata website in a new window.

The author asserts his right to publish this information in the public interest
No responsibility is taken for consequences resulting from using any information contained herein

PROTECT YOUR DATA AND YOURSELF

In this modern era of paranoia suffered by Australian authorities and their deliberate erosion of our long-held rights to privacy, I believe that citizens have the inherent right to protect their sensitive information and data from intrusion. Nothing is sacred these days and there are even laws that allegedly force citizens to divulge passcodes to their devices, so that police and others can pillage through their sensitive and sometimes embarrassing private data. I consider that this is completely intolerable and unacceptable. Therefore I will do whatever it takes to keep all my data out of the hands of those whom I feel have no business intruding on my privacy. I advise everybody to read this article and take my advice about cop-proofing their smartphones.

THE DIFFERENCE BETWEEN APPLE AND ANDROID

I have to say that I am a Windows PC user and I would probably never go to the Apple ecosystem for a computer. Apple Macs are very nice, but as a computer builder for over 40 years, I'm firmly in the Windows camp, as I was in the good old DOS days. But when it comes to smartphones, I have to say that for the forseeable future, the only one that I will ever use is the Apple iPhone, for a number of very important reasons.

The iPhone Operating System (iOS) is completely locked down by Apple and unless you 'jailbreak' your iPhone and install dodgy apps from a strange source, the only way you can acquire apps is from the Apple App Store. The beauty of this is that so far, Apple has been very meticulous in checking every app thoroughly before it is permitted to be available for download from the App Store. So there is not much chance of downloading an app that contains malware, viruses or anything detrimental.

On the other hand, the Google Android operating system is completely open source, meaning that there are a myriad of versions available for free and this is why Android smartphones are cheaper than iPhones. Being open source, Android is very vulnerable to malware and it is most unfortunate that the Google Play Store is riddled with Android apps that contain malware, viruses, Trojan Horse spyware, keyloggers and all sorts of nasty apps. Put it this way - I feel totally secure doing everyday banking on my iPhone, but I wouldn't dare do this or anything else that is sensitive on an Android phone.

The other big issue with Android phones is that they are fairly easy to crack and get past the lock screen to access everything on those phones. Police do it all the time with seized Android phones, but because iPhones are so thoroughly protected, police and other authorities tear their collective hair out when they are tasked with accessing a locked iPhone, especially if it has the latest security updates.

The only issue with some apps that have been found in the App Store and Google Play Store is that they are what is known as 'Fleeceware'. These apps are tricky, because there's typically nothing malicious in their code. They don't steal your data or try to take over your device, meaning that there's nothing malware-like for Apple's or Google's vetting process to catch. Instead, these 'Fleeceware' apps work as advertised, but come with hidden excessive subscription fees. A flashlight app that costs $9 per week or a basic photo filters app that's $30 per month would both be 'Fleeceware', because you can get the same types of tools for free, or much cheaper from other apps. With all apps, it is up to the users to never sign up to subscriptions until they are checked out and found to be worthwhile.

AUTHORITIES COMPLETELY STYMIED BY iPHONE

There have been a few famous cases of American authorities being totally stymied by being unable to unlock iPhones seized from criminals and terrorists. For example, in 2015, the FBI seized the iPhone 5C of Islamic terrorist Syed Rizwan Farook and could not unlock it. Knowing that ten wrong attempts would totally destroy everything on the iPhone, the FBI demanded that Apple help unlock the phone. Of course Apple could not be legally forced to do this.

Nevertheless, a court order was granted that required the FBI and Apple to work in tandem to develop software that preserved the data on Farook’s phone while allowing an app devised by the FBI to input an unlimited number of passcodes until it guessed the right one. Quite rightly, Apple point-blank refused to do this or modify its operating system to allow a backdoor, so that the FBI could circumvent the passcode on an encrypted iPhone.

And that is the situation to this day. There have been rumours that devices such as the Israeli GrayKey machine have been developed that can bypass the iPhone passcode, but so far there seems to be no evidence of this. Apple has always refused to unlock a locked phone for police and other authorities, despite being threatened with dire consequences.

Not only that, after the FBI fiasco and the appearance of GrayKey, Apple introduced an update that locked the data port if the iPhone had not been used for one hour. So without the passcode unlocking the iPhone, the data port would remain completely inoperative and nothing would connect to it. This was a fabulous security measure, but I actually contacted Apple to see if they would consider an additional feature that would require the passcode to access the data port every time, not just after one hour. I have not heard back from Apple, but I live in hope.

So if you want to ensure that you have the best chance that nobody is going to get at your sensitive data, use an iPhone and keep away from Android phones.

BEWARE OF COVERT SPYWARE

In 2021, it was discovered that over 50,000 people had their smartphones compromised by the Pegasus spyware. This very covert malware is extremely hard to detect, but it will enable those who deployed it to smartphones to literally do whatever they like with those devices. They can listen to private calls, read private messages, capture keystrokes, intercept communications, track the device and use the camera and microphone to spy on the users.

The initial hack can involve a crafted SMS or iMessage that provides a link to a website. If clicked, this link delivers malicious software that compromises the device. The aim is to seize full control of the mobile device's operating system, either by rooting (on Android devices) or jailbreaking (on Apple iOS devices). There are simple steps you can take to minimise your potential exposure, not only to Pegasus but to other malicious attacks too.

Only open links from known and trusted contacts and sources when using your device. Pegasus is deployed to Apple devices through an iMessage link. And this is is the same technique used by many cybercriminals for both malware distribution and less technical scams. The same advice applies to links sent via email or other messaging applications. Make sure your device is updated with any relevant patches and upgrades. While having a standardised version of an operating system creates a stable base for attackers to target, it's still your best defence.

You should avoid public and free WiFi services, including hotels, especially when accessing sensitive information. The use of a VPN is a good solution when you need to use such networks. And most importantly, only use a strong PIN or passcode to unlock your device. Do not use FaceID or TouchID, as your face or finger can be used forcibly to unlock your smartphone. But they can't make you reveal the PIN or password.

The nice thing about the iPhone is that after 10 wrong attempts at entering the unlock code, the iPhone will wipe everything on it. But the idea is to encrypt your device data and back it up frequently, even every day. Enable remote-wipe features where available. If your device is lost or stolen, you will have some reassurance your data can remain safe. However, if you have that encrypted backup on your computer, you can restore everything in a few minutes to another iPhone or the Iphone that was remotely wiped.

DISABLE BIOMETRIC LOGIN

While things like fingerprint and face recognition might functionally seem like the same thing as a PIN or password when it comes to unlocking your phone, depending on your location or jurisdiction, the law may treat those two login methods very differently.

The big thing that separates biometric login methods from a PIN or password is that courts typically view a password as information protected by law, which gives people the right to protect themselves against self-incrimination. That means if the police ask you for your PIN to unlock your phone, even if they have a warrant, you can simply refuse. You should always automatically refuse to allow police any access to your phone under any circumstances, no matter what threats they level at you. Just don't do it.

However, when it comes to face or fingerprint login, the same rules do not necessarily apply and in some cases, law enforcement personnel could forcefully press your finger to your phone or merely point its camera at your face, thereby unlocking it and gaining access to its contents against your will.

This was actually done by corrupt Queensland cops to an ex-federal policeman who was video recording them committing an illegal act. The thuggish cops grabbed the ex-Federal cop and forced his finger onto the fingerprint sensor of his iPhone, unlocked it and illegally deleted the incriminating video. It was fortunate that the whole incident was captured by a CCTV camera.Here is the news report of this incident.

The law isn't entirely settled and to be safe, it's better to completely remove biometrics from your phone's lock screen, so that even if rogue cops or other authorities try to unlock your phone, they won't be able to do it without the passcode. The iPhone is particularly good at protecting itself against any attempts to crack into it. Ten wrong passcode attempts will immediately trash everything on the iPhone, completely beyond the reach of those people.

But the iPhone can be completely restored by the owner from the iTunes encrypted backup in a couple of minutes, provided that the owner has been diligent and backed up the iPhone very regularly to a computer. I back up my iPhone to my computer's encrypted backup every morning and one day, this will pay off. I suggest that if you use an iPhone, that you constantly back it up to iTunes - not iCloud - and make sure that the backup is encrypted with a very strong password.

ALWAYS USE A PASSCODE OR PIN

Enabling a strong PIN or password instead of face or fingerprint login is the only safe course of action. On iPhone, navigate to Settings then scroll down and choose Face ID and Passcode to deactivate Face ID. Do the same with Touch ID and Passcode. Different versions of Android will have the settings for biometrics located in different areas, so you'll want to check with your specific phone and version of Android. Look for Face Unlock or Fingerprint Unlock under Settings.

You will also probably want to remove access from the lock screen to any digital assistants on your phone, as you do not want a cop to call up Siri, Alexa or the Google Assistant and get data from your smartphone and thus bypass the lock screen. So if your phone is secured with a PIN or password, you can set those digital assistants to not be accessible from the lock screen and in that way, police and others cannot use them to gain access to your phone.

On iPhone, go to Settings and then choose Siri and Search and then deactivate 'Allow Siri When Locked'. On Android, navigate to Settings and look for Google Assistant to deactivate it from the lock screen. For other voice assistants like Alexa and Cortana, only allow access to them after your phone has been unlocked with your PIN or password.

SET YOUR PHONE TO REQUIRE PIN EVERY TIME

Most people have their phones set to require a PIN or password after five or 10 minutes of inactivity, which leaves the phone vulnerable to be unlocked by police within the inactivity time. You do not want someone to be able to grab and access your phone without a password because you just had it unlocked. To change that on iPhone, navigate to Settings and then Face ID and Passcode and Touch ID and Passcode and change Require Passcode to Immediately. It's more difficult to do on Android, but can usually be found in Settings under Security or Passcode. it is slightly more inconvenient to keep unlocking your phone every time it is taken out of standby, but believe me, it is worthwhile because you will know that no matter what, there's no chance of somebody unlocking your phone without your permission.

LOCK YOUR PHONE IMMEDIATELY TO STYMIE CONFISCATION

If you're in a situation where your phone could potentially get confiscated and you haven't already changed the passcode requirements, it's important to know how to force your phone to require a PIN or password the next time anyone tries to unlock it. The first way is to simply restart your phone, as on both Android and iPhone, as long as you have a PIN or password set, the operating system will require a PIN/password upon restart.

But in a pinch, there are even faster ways. On modern iPhones, you can quickly press the lock button five times and the Power Off button will appear. Even if that button is not used and the Cancel button is pressed, the PIN or passcode will be required to open the iPhone. But you should have your iPhone set to require a PIN or passcode every time your phone is switched off and on again, so if somebody tries to snatch your iPhone, just hit the OFF button and the PIN or passcode will be required to unlock the phone.

On Android, there's a special Lockdown setting that can appear anytime you hold the phone's power button down, but before you can use it, you first need to enable the option in your device's settings. On most versions of Android, it is found by going to Settings and then choosing Security and Location. Next, choose Lock Screen Preferences and Show Lockdown Options.

The best procedure is to only enable the camera to be accessed from the lock screen and nothing else. In that way, you can record whatever you want without leaving your phone vulnerable to be seized by cops while it is unlocked. The videos and photos that you take will remain intact, as they cannot be deleted from the lock screen.

TURN ON AEROPLANE MODE TO PREVENT GOVERNMENT TRACKING

As we've seen in China, governments have started getting more sophisticated when it comes to using technology to monitor people, including the use of tracking devices that connect to nearby cell or WiFi nodes. In Australia in 1994, Sydney businessman Phuong Ngo was convicted for killing politician John Newman, when police produced his cellphone metadata that proved that Ngo was at Newman's premises at the time of the murder, thus destroying his false alibi completely. The Australian government is retaining cellphone metadata of all users for at least two years.

So if you really do not wish to be tracked if you are going to do something that you wish to keep secret, or you want to hide where you are going, you should turn on your phone's Aeroplane Mode to help hide your digital footprint. Incidentally, you should understand that when you switch your smartphone off, it is not really off, but on standby and is still pinging nearby cells and registering your location at a particular time. The only way to stop the phone doing this is to put it in Aeroplane Mode. But it is far better to switch it off completely by holding down the Off button for some seconds.

Unfortunately, switching off your phone or turning on Aeroplane Mode comes with the downside of your phone not being able to communicate with others. But if you do temporarily enable Aeroplane Mode, it's important to know how to quickly turn it off again. On Android, open the notifications tray with a swipe from the top of the screen and choose Aeroplane Mode. On newer iPhones, swipe from the top right of the screen and press the Aeroplane button. On older iPhones, swipe up from the bottom and press the Aeroplane button.

But if you really do not want to be tracked, such as if you go out to do something that the authorities may frown upon and you want to create an alibi, the best solution is to just leave your smartphone at home. If you are questioned about your movements, refuse to answer any questions. Even if the authorities check the metadata from your smartphone records, they will see that it did not leave your premises. Hopefully they will assume that you did not leave your premises either. Don't make the same mistake as Phuong Ngo and leave an electronic trail of your whereabouts if you don't want anybody to keep tabs on you.

BACK UP YOUR DATA

Always be aware that if your phone is confiscated, you could lose all the data on your phone. So if you're serious about making sure that this doesn't happen, you should back up your phone before you leave home. In fact it is a very good policy to back up your phone every day, especially in the morning, so you will always have the latest backup from which to restore your phone if it is taken from you, or you have to replace your phone and restore the data to the new one.

On Android, you can back up your phone's data to your Google account, so that later you can restore the back on your phone, or even an entirely different Android device. On iOS, there are simple ways to back up your device to iCloud or a local computer, so you can safely restore everything in case your iPhone gets lost or damaged. It is preferable to back up your iPhone to your computer with an encrypted backup and keep a copy of that backup on an external device that is well concealed, so that even if your computer is seized as well, your iPhone data can be restored from another computer. Backing your iPhone to iCloud is not a good idea, as Apple will supply that data to police on subpoena.

SET UP PERSONAL SAFETY OR EMERGENCY CONTACTS AND MEDICAL ID

Another important thing to configure is your personal medical information and emergency contacts. In Android, Google's Personal Health feature has a dedicated place to list emergency contacts, along with place to list pertinent medical details such as allergies, blood type and more. On iPhone, Apple provides a similar system as part of Apple Health that lets you create a Medical ID and health profile, with the option to add emergency contacts under the Emergency SOS settings.

SCREEN PINNING OR GUIDED ACCESS

While these features may only be useful in niche situations, it's important to know that both Android and iPhone have a way of displaying one app while locking everything else behind your PIN or password. This can be useful in case you need to hand over your phone to show a digital driver licence, virtual insurance or ID card, but don't want the police to have full access to your phone.

In Android, this feature is called Screen Pinning, while on iPhone it is called Guided Access. While the setup varies slightly between platforms, both versions allow you to configure a way to provide limited access to an app or a file on your phone without giving someone free rein over the entire device.