- cross-posted to:
- pulse_of_truth@infosec.pub
You must log in or register to comment.
Without a warrant, CBP wasn’t entitled to anything on his phone and they can go fuck themselves.
I was going to say something along the lines of being charged with anything but your statement is way better and more importantly more accurate.
I wasn’t sure if that applies to non-citizens.
Personally, I think it should, but laws aren’t always just.
If anyone is interested in having a feature to wipe your phone, GRAPHENEOS has a duress pin option that will wipe your phone from the lock screen and leave only the OS installed. AFAIK this us only available on Google Pixel devices like the gentleman in the article had.
This arrest is the best damn advertisement ever
As someone who accidentally entered the duress pin, I can confirm. It’s highly effective.
I beleve this feature was demonstrated in Mr. Robot at one point.
Details are weird here. The wiping occurred in Jan 2025. I found the indictment which was filed with the court on Nov 13th 2025 linked here
We have almost no details of what happened in Jan 2025 except “Customs and Border Patrol Tactical Terrorism Response Team” was doing something with Tunick in January and Tunick “used a code” to wipe the phone. Then suddenly in November 2025 the US Government filed to have him arrested for that event.
I’m not a legal scholar, but none of these details or timeline makes sense to me. Anyone else have any clue?
It’s not complicated, it’s Border Patrol doing their MAGA duty. The only thing we know about this case is what MAGA tells us, so it’s almost all certainly a lie. Of course the details and timeline don’t make sense, they are probably entirely fabricated.
I don’t disagree, but usually they at least try to present a semi-defensible argument. So far the only thing they elude to is “before or during a time when we were going to perform a search he wiped his own phone”. If its “before” a search then what is even the basis for that being illegal for him to wipe is own property?
I imagine they’re trying to charge him with destruction of evidence. I don’t know how that should go if this were actually a legal proceeding but would certainly hope it would require reasonable suspicion of a specific crime and a search warrant.
Can you be charged with destruction of evidence before you’ve even been charged with a crime?
Yes, if a person in your situation would reasonably believe that it could be used as evidence.
For example, you murder someone with a knife. A reasonable person in your situation would believe that the knife could be used as evidence. So you could be charged for destruction of evidence if they later discover during the investigation that you destroyed the knife. Even if they don’t have enough to pin you with the murder charge, (for example, maybe you have someone willing to help you get an airtight alibi when the murder occurred), they can still hit you with the destruction of evidence charge if they can prove you destroyed the murder weapon.
But, in that case there’s a crime, there’s a body. I don’t think there’s any underlying assertion of illegality here. If this becomes standard legal practice, that it’s illegal to destroy data in general, all paper shredders would have to be thrown out.
Yeah, but those tries are half-hearted, at best. The excuses will start falling by the wayside until the response is: “Mind yer own fucking business, but since you’re so curious, who the fuck are YOU? Get over here!”
who the fuck are YOU? Get over here!”
“Well, you certainly won’t find out from my phone, because I’ve just wiped it”
I’ll take a “deleted data” charge. On principle.
Absolutely. Got mad “I do lots of illegal shit, but I draw the line at littering” vibes.
Sometimes, doing the illegal thing is to do the moral thing.
i love the entire idea that morality is not derived from law
The holocaust was legal. Slavery was legal. Morality absolutely isn’t derived from law.
I heard on a podcast that one of the architects of the Holocaust was aghast when visiting the South in the US years earlier, because of the illegality of the lynchings there, and it being widely accepted anyway.
Always turn your phone offer before deplaning and don’t turn it back on until you’ve cleared customs. You can refuse a search and even if they take your phone they still don’t have a method of decrypting a phone that’s encrypted at rest after being turned off and all biometrics are disabled on start up until a password is entered (most phones).
You’ll most likely lose your phone and a few hours but that’s what you have backups for.
I always wipe my phone before traveling.
There’s nothing in my phone that I’d be the least bit worried about “getting out” but it’s the principle of the thing.
You should read up on Celebrite. They most definitely can get into a wide variety of phones from a cold boot. GrapheneOS seems to be one of the only ones that make their job hard.
*presuming you have a strong password set
They can and still will run it through a password cracker with a dictionary provided the phone has some method of either exposing the password hash or can be bruteforced on device similar to PIN bruteforcing.
You can refuse a search
Which can lead to an up to 24 hour detainment which CBP has been allegedly doing, so do know the consequences.
PIN bruteforcing.
Curious, how does that work? 10000 possibilities aren’t many but you get 30s break every 3 failed attempts then 5 more then its every single failed attempts so that’d be ~5000minutes so that’s about 3 days. Assuming they get “lucky” it’s about 1.5 day. I don’t know though what happens after 20 failed attempts, maybe it’s 1min break or 20min break.
Basically, does PIN bruteforcing actually work and if so on what timeframe?
I think Apple has fixed this, but they would remove the battery, hook it up to external power. When unlocking, there was a pause/dimming on the phone to show it was wrong, and the computer hacking it would kill the power before the phone wrote that there was a bogus attempt, so you got infinite attempts.
I don’t think infinite attempts is the issue, I think the timing of those attempts is what practically limit the usefulness of the attack. Here in the Apple example I imagine rebooting the phone takes longer than 30s. Also if one goes to the length of removing the battery of an iPhone to crack it, this is a pretty serious attempt. One better have proper protections in place.
Reminder that Apple/Google will absolutely give law enforcement all your cloud data if presented with a warrant. I know this for a fact. Most people’s phone data is synced to the cloud. Be careful out there folks.
And this is why encrypted backups should become the norm. Sure, they could always try to crack the encrypted file after it gets turned over, but (assuming you have a good password set for your account) we’re talking about a scale somewhere between “a few billion years” and “the heat death of the universe” with conventional (non quantum) computers.
That’s also why I have advanced protection turned on. Granted they could always get the encrypted blob and try to crack it at that point, but there has to be some point you’re willing to draw the line.
I would fully expect any cloud provider to do the same given a warrant, but I’ve heard some will provide data simply because it was requested.
at this point just leave your phone at home or get burner for this exact purpose
We don’t know the exact circumstances, but CBP stands for Customs and Border Protection.
I’ve heard of Customs agents demanding people let them search phones without a warrant and without probable cause, and so foreigners can be refused entry. We probably all heard the story of it happening for a person who had a meme of JD Vance on his phone.
But the article says that this guy is based out of Atlanta, so I’m guessing he’s a US citizen. I’m not sure they can refuse entry to a US citizen based on this.
Either way, you should never give permission to anybody to search your phone. Maybe you’ve broken a law that you didn’t know was a law, and you’ve just handed the evidence over to the police. Or maybe you have evidence that can convict somebody else who didn’t know they broke a law.
I don’t know what this means for people crossing the US border. Now is a bad time to enter the United States.
Legally, they cannot refuse entry to a US Citizen. Legally.
But just because someone is based in the US doesn’t mean they’re a citizen. And they don’t need any justification to search someone, because airports and land within 100 miles of a border is a “constitution-free zone” (but not 100 miles from an airport, contrary to popular belief).
airports and land within 100 miles of a border is a “constitution-free zone”
This isn’t accurate. That’s where CBP has jurisdiction to operate, but they’re still bound by the constitution (for now),
Lmao so now we’re saying all of Southern California south of Newport Beach (85 mi from Tijuana) is a place where the constitution does not apply? New York west of Rochester? (80 mi from Niagara) Pretty much all of Alaska’s tail thingy next to Canada? 😂
Hahahahahhahaha! 😂😂🤣
Yep. Pretty much. 😐😞
“now we’re saying”…? It has been like that for the last 50+ years, it’s just that most other administrations haven’t been as flagrant about it.
I think it’s even worse then that. Do you have an international airport nearby?
Yes. You are beginning to understand what has been going on.
Yup. And guess what, those ares are also where nearly two thirds of the country lives.
https://www.aclu.org/news/immigrants-rights/your-rights-border-zone
This town is 40mi south of the Canadian border, and you will hear people speaking other languages in public as long as you aren’t in one of the racist bars. Unfortunately, I lived there for a while, and the CBP are constantly waddling into gas stations and shops hoping to relive the glory of making international headlines. (they just arrested someone from the UK, so that strategy must be working)
Its far worse than that. Anywhere that is within 80 miles of an international airport, they claim, is also inside their jurisdiction.
"U.S. Customs and Border Protection (CBP) jurisdiction at airports covers all international arrivals/departures as designated ports of entry, plus a 100-mile zone inland from borders and coasts for immigration/customs enforcement, meaning they can operate at large international airports like DEN or DFW and even domestic ones if near borders, stopping, questioning, and searching individuals/belongings for admissibility and contraband, though searches need consent or probable cause for internal searches, notes the ACLU. "
JFYI: Your quote sates that it is within 100 miles of a border or coast. Not 80 :(
No, it’s only at the airport.
Or at least it was; I’m sure now they’d just send ICE instead of CBP anywhere in the country.
you should never give permission to anybody to search your phone
Not only does your phone have access to all your social media accounts, email, text, phone logs, but it’s also commonly used as a security device (multi factor authentication) to sign in to other accounts like your bank account, work login, etc. If you allow someone into your phone they can possibly access your work resources and that could be an even bigger problem.
Do not let anyone have access to your phone.
Was the man “Drinky” Pete Hegseth?
Oh. Well then bullshit.
He’s DoD, not DHS. This is the puppy killer’s agency
Iirc it’s the DoW now … Hegseth’s fav.
Executive branch doesn’t have the authority to change the name, so no. It’s not.
CBP = Customs and Border Protection
Not sure why that needs to be abbreviated in such a short title
