NZ Traveler's Electronics Taken At Airport; Interest in Snowden to Blame?

An anonymous reader writes "A New Zealand backpacker stripped of all electrical equipment at Auckland airport suggests attending a London talk on cyber-security following the Edward Snowden leaks may be to blame. Samuel Blackman was returning home for Christmas on 11 December from London Heathrow to Auckland via San Francisco when a customs officer at his final destination took the law graduate's two smartphones, iPad, external hard drive and laptop, demanding the passwords for all devices." For a quieter version, see also The New Zealand Herald.

Re:Figures

[SuricouRaven]

Here in the UK, refusal to give a password to the police upon request is itsself a crime.

Re:Highway Robbery

[TallGuy]

Seeing how this happened in New Zealand, probably thousands of miles across the sea?

Re:know your rights

[sirkumi]

Sadly I don't think you have any rights - at least not in Australia [itnews.com.au] - where I come from, and which has very similar customs laws to those of New Zealand.

It would appear that they can take any and all of your electronic devices and storage equipment [customs.gov.au] - including laptops, smartphones, usb keys - and they don't have to explain why or state what "reasonable suspicion" they have that you might have something illegal. On the whim of the customs officer, they can keep it for 14 days, or longer if they feel they have cause to.

At most all you can do is lodge a complaint...

Re:Figures

[mrchaotica]

See http://www.androidauthority.com/smartphones-have-a-second-os-317800/ [androidauthority.com]

Cellphones have two processors, a main processor (running an open-source OS in the case of Android) and a baseband processor built into the modem chip (running a closed-source OS in all cases). The baseband processor can be used to hack the phone. For a phone to be truly secure, you need a firewall between the main memory and the baseband processor, and AFAIK no phone is designed that way (except this one [cryptophone.de]).

Re:Figures

[Anonymous Coward]

The real solution is to travel with an unencrypted drive, with a stock install of something boring (Windows is particularly good for this), along with some innocuous garbage to dirty it up. When you get to your destination, you download something like PuTTY, SFTP/SSH back home, grab your stuff, even VPN software if you want. Heck, to avoid even having to grab anything "suspicious" on download, you can set up VSFTPD with an anonymous FTP locked down to one chroot'd directory to retrieve PuTTY from. Bonus points if you shovel them online to some third-party hosting site instead of your own server. There's a million and one ways to do this, but it all boils down to cutting the links between your real life and the equipment you carry. Same applies to visiting hostile locations: carry only "normal" stuff. Nothing else. Purchase what you need on the other side and throw it away before you come back. It shouldn't have to be like this, but welcome to the modern world.

Re:Figures

[Hizonner]

In a phone, the GSM modem has its own CPU (and its own memory).

Most phones are based on SoCs (Systems on a Chip); everything's interconnected on the same silicon. Usually the GSM modem processor has access to the memory and I/O busses of the main processor (but not the other way around), can reset the main processor, and often boots before the main processor and must explicitly turn on the main processor before it runs. I believe that in some designs the modem processor actually sets up the boot loader for the main processor as well. The modem processor can definitely rewrite the flash where the main processor's operating system is stored.

The result of this is that the modem has total control of the phone. It can do anything it wants to any data on the phone, including the internals of the main OS, and there's basically nothing the main processor can do about it other than maybe be too obscure and complicated to manipulate easily.

The firmware in the modem is invariably closed source and secret. The modem will only boot firmware that's crypto-signed by the manufacturer, and anyway the hardware is totally undocumented.

The modems have "over the air" command sets that let the carrier manipulate the phone remotely without going through the main OS. Those command sets can be very rich... and can include the ability to reflash the main OS, or even to peek and poke its memory while it's running.

So on most (all?) phones, it basically doesn't matter what your OS is. The carrier (possibly together with the SoC manufacturer) can do whatever it wants if it's willing to figure out the complexity of doing so. And of course governments lean on carriers and SoC manufacturers to get access to that capability, and commercial "partners" also have influence.

Re:I'm sure there is more to this story

[Anonymous Coward]

This is not correct. The international terminal is most certainly considered part of the US. You land, your checked bags gets re-screend, and you pass through customs.

Re:The Whole Issue

[Anonymous Coward]

The whole issue is contained in the US Constitution where it says,

Note to all retards who skimmed the summary and didn't read the article:

This happened in New Zealand, not in the United States. The U.S. Constitution has absolutely fucking nothing to do with this because it didn't happen in the United States.

Re:iDevices

[Andrewkov]

I quickly turned off that feature when I found my 4 year old playing with my phone. She was 2 attempts away from wiping it!