cross-posted from: https://lemmy.world/post/40009551
https://www.404media.co/man-charged-for-wiping-phone-before-cbp-could-search-it/
A man in Atlanta has been arrested and charged for allegedly deleting data from a Google Pixel phone before a member of a secretive Customs and Border Protection (CBP) unit was able to search it, according to court records and social media posts reviewed by 404 Media. The man, Samuel Tunick, is described as a local Atlanta activist in Instagram and other posts discussing the case. The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known. But it is uncommon to see someone charged specifically for wiping a phone, a feature that is easily accessible in some privacy and security-focused devices. 💡 Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co. The indictment says on January 24, Tunick “did knowingly destroy, damage, waste, dispose of, and otherwise take any action to delete the digital contents of a Google Pixel cellular phone, for the purpose of preventing and impairing the Government’s lawful authority to take said property into its custody and control.” The indictment itself was filed in mid-November. Tunick was arrested earlier this month, according to a post on a crowd-funding site and court records. “Samuel Tunick, an Atlanta-based activist, Oberlin graduate, and beloved musician, was arrested by the DHS and FBI yesterday around 6pm EST. Tunick’s friends describe him as an approachable, empathetic person who is always finding ways to improve the lives of the people around him,” the site says. Various activists have since shared news of Tunick’s arrest on social media.
The indictment says the phone search was supposed to be performed by a supervisory officer from a CBP Tactical Terrorism Response Team. The American Civil Liberties Union (ACLU) wrote in 2023 these are “highly secretive units deployed at U.S. ports of entry, which target, detain, search, and interrogate innocent travelers.” “These units, which may target travelers on the basis of officer ‘instincts.’ raise the risk that CBP is engaging in unlawful profiling or interfering with the First Amendment-protected activity of travelers,” the ACLU added. The Intercept previously covered the case of a sculptor and installation artist who was detained at San Francisco International Airport and had his phone searched. The report said Gach did not know why, even years later. Court records show authorities have since released Tunick, and that he is restricted from leaving the Northern District of Georgia as the case continues. The prosecutor listed on the docket did not respond to a request for comment. The docket did not list a lawyer representing Tunick.
GrapheneOS has a secret pin feature that wipes the phone when entered. So if someone takes your phone and demands your pin you can destroy the contents of the phone. GrapheneOS works on Pixel phones, given they are an activist, I wonder if this is what happened 🤔
There was a recent post on Reddit that a person was relying on Duress PIN, and when forced to unlock a device, he used the said duress PIN instead, to his amusement the phone quietly unlocked itself and was happily inspected by the authorities.
I am curious if anyone tested that feature in a real life scenarioI remember that – the guy provided no real evidence. I wouldn’t trust it that easily given the number of groups who hate that things like Graphene exist.
Thanks for informing us about this. I just set my duress PIN and password.
Currently running GOS and not using that feature. Thinking about it now.
I feel like it should also open into a fake account that looks like a real account so they are busy on that while the real account is getting deleted. They should probably start with items listed by the user as important to delete first.
I feel like it should also open into a fake account that looks like a real account so they are busy on that while the real account is getting deleted. They should probably start with items listed by the user as important to delete first.
It doesn’t bother with files. The GrapheneOS wipe process deletes (by overwriting with 0s) the encryption headers on the drive and zeros the keys out of memory before shutting down.
You should never, ever allow anyone access to your unlocked phone that you don’t trust. Even an otherwise smartphone could be exploited if it is unlocked because it exposes a much larger attack surface.
What would be really cool is if also started streaming both cameras and the microphone. And changed your background image to be pro Trump.
That reminds me a bit of the Undercover mode in Kali Linux. It doesn’t wipe anything, but it changes the desktop to look like Windows lol.
what would be really cool is if it binned the storage keys for one user and not the other, silently. That way you could actually protect your data, without being martyred.
They’d have to prove a lot in the first instance to warrant arresting you then and there, like that the knew you’d done it
They’d have to prove a lot in the first instance to warrant arresting you then and there
No? It’s been pretty clear they can arrest literally anyone and you’re lucky if you even get to see a judge before you’re shipped off to the concentration camps. Even in the cases where judges have gone out of their ways to file injunctions against the ICE on someone’s behalf they won’t give a shit and have no problems blatantly violating court order and disappearing them anyway.
I’m aware of what’s happening in the states. I’m talking from a resourcing perspective. You’d already have to know what you were after to confirm its absence from the phone, if the wipe can be done silently.
If you could load in to your dummy profile, while deleting the keys to your main profile, which could then be freed up as storage space, all silently, with the right unlock password, that’d be pretty hard to prove in a way that warranted arresting everyone.
This would limit this charge to only those that announced it as a political statement or who were already being targeted specifically.
what would be really cool is if it binned the storage keys for one user and not the other, silently. That way you could actually protect your data, without being martyred.
If you leave the primary account ‘blank’ and use a secondary account for your personal use then you can do that.
When you logout of a secondary profile, GrapheneOS zeroes the keys from memory so that even an attacker with full control of the phone could not retrieve the keys unless you entered your password to re-generate them.
Sounds like a good place for an API hook that executes whatever contingency script you want on entering of the fake password.
They don’t explain enough about the circumstances of the arrest or how the phone was wiped. As far as I’m concerned that’s probably because the law enforcement entity mismanaged the situation and supposed “evidence” and are now trying to pin whatever they can on the guy.
It’s stupid that they can just do this with no actual evidence and just an accusation with no factual information provided.
Haven’t things like Cellebrite machines been able to almost fully recover data even after a format since basically ever? Most phones aren’t zeroing out the SSD on factory reset AFAIK, might not even format the partitions.
Most phones are full disk encrypted. So they don’t need to zero out the whole disk… They just need to zero out the part of the disk that stores the encryption key. Once the encryption key is erased, the rest of the disk is essentially random noise.
Most phones aren’t zeroing out the SSD on factory reset AFAIK, might not even format the partitions.
He was using a Pixel and he fast wiped the phone. That means that he was probably using Graphene OS and entered the duress password when the agents told him to unlock his phone. See: https://grapheneos.org/features#duress
wait can it? I thought most resets nuke the keystore to prevent the decryption key from being seen. Thats concerning.
