Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's stuff like this that makes me want to build after-market privacy-oriented Samsung firmware, that at a low level (secondary bootloader) supports dual booting. By default you'd boot into the "non-private" environment. That way if customs asks to see your device, you simply boot it up and hand it over. Could make life a lot easier for lawyers, doctors, C-level executives etc.

I should note, dual-booting Android phones isn't a new concept, it's just generally performed at a higher (less secure) level. In particular, the secondary bootloader implements Loke (flashing protocol)[1], so a custom secondary bootloader could also prohibit flashing of unsigned images.

[1] source, I'm the developer of Heimdall - https://github.com/Benjamin-Dobell/Heimdall - https://gitlab.com/BenjaminDobell/Heimdall



Providing the fake password would be, at the very least, lying to the border patrol agent. Which is an actual crime.

This might be a reasonable solution if it's a one-off unique solution and is therefore unlikely to be detected. But if you can't count on security through obscurity, this is a good way to end up serving real jail time.


That's certainly something to consider.

However, it's pretty well understood criminals aren't legally required to self-incriminate. For example, if a criminal was to hand over their password, they're not then obligated to assist border security in navigating through their phone's storage to specifically point out evidence against themselves.

Whilst I'm not advocating this solution for criminals(!), I'd assume the same logic ought to hold true for those that have careers where privacy is paramount.

If you simply boot up your phone (into the "non-private" environment) and have no password, or perhaps even use the same real password (remember to change it later), then it's not necessarily your fault the border agents don't know how to use your phone.

EDIT: In terms of lying / being discovered, this is why I'm proposing a low-level dual-booting solution, rather than simply having multiple profiles on the device. It ought to be 100% undetectable that the device supports dual-booting at all, unless the user performs a precise action to boot into the private environment e.g. connect the phone to PC, and submit a specific boot command with a user provided password. Without the correct password being provided, the phone should respond no differently than a phone that does not support dual booting.

Although, IANAL nor have I made any attempt to look into the laws surrounding this. I would be surprised, although not too surprised, to hear there are laws specifically covering this situation. Nonetheless, it'd be a loophole for sure, and presumably easy enough to close off with further legislation.


Thank you for using Gitlab. I'm not affiliated with them but I love seeing open source projects that use open source platforms.


Thanks for your work on Heimdall btw. It the only reason my samsung s5 is still running fine years after it came out.


Did you put a new Android on it, or just a bloat-free ROM? My devices became noticably slower with (official) major Android version upgrades.


The latest lineageOS roms. They seem to work well.


Would this system come with plausible deniability?

Also, does anything like this exist for desktop operating systems?


Yeah. You can install GRUB snd default load it to windows 10 fresh install. Put some dummy files in the desktop, make it cluttered with oictures of cats and articles about meditation. This might sound like a great idea maybe i should try it!!


People say they scrape the filesystem (rather than copying everything), maybe they'd detect *nix systems too.


If there is a common mechanism for triggering dual boot, they would know about it and try it out too. So, not unless you use a unique, inconspicuous mechanism.


I don't know much about cryptography or low-level software, but could you hide the second profile inside the encrypted data?

For example, I believe Truecrypt has a dual container system with two passwords in addition to their regular encrypted containers. You enter one password to get to the "fake" container and another password to get to the "hidden" container. Plausible deniability exists where it is impossible to prove whether you are providing the hidden password and whether there is a second hidden container.

Could a similar system be employed for a mobile device? The core OS components could be shared by both containers and it's clear that you could potentially have a second hidden profile, but it's not possible to prove that it exists.

Of course just the presence of countermeasures on your devices would raise suspicion.


Lying to immigration officers is a crime. If you're going to go that route, you better be damn sure it's gonna work and they don't have prior information on you.

If you're at the point where this seems like a good idea, you're better off not bringing data over the border.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: