NZ Traveler's Electronics Taken At Airport; Interest in Snowden to Blame?

An anonymous reader writes "A New Zealand backpacker stripped of all electrical equipment at Auckland airport suggests attending a London talk on cyber-security following the Edward Snowden leaks may be to blame. Samuel Blackman was returning home for Christmas on 11 December from London Heathrow to Auckland via San Francisco when a customs officer at his final destination took the law graduate's two smartphones, iPad, external hard drive and laptop, demanding the passwords for all devices." For a quieter version, see also The New Zealand Herald.

Re:Figures

[SuricouRaven]

Here in the UK, refusal to give a password to the police upon request is itsself a crime.

Re:know your rights

[sirkumi]

Sadly I don't think you have any rights - at least not in Australia - where I come from, and which has very similar customs laws to those of New Zealand.

It would appear that they can take any and all of your electronic devices and storage equipment - including laptops, smartphones, usb keys - and they don't have to explain why or state what "reasonable suspicion" they have that you might have something illegal. On the whim of the customs officer, they can keep it for 14 days, or longer if they feel they have cause to.

At most all you can do is lodge a complaint...

Re:Figures

[mrchaotica]

See http://www.androidauthority.com/smartphones-have-a-second-os-317800/

Cellphones have two processors, a main processor (running an open-source OS in the case of Android) and a baseband processor built into the modem chip (running a closed-source OS in all cases). The baseband processor can be used to hack the phone. For a phone to be truly secure, you need a firewall between the main memory and the baseband processor, and AFAIK no phone is designed that way (except this one).

Re:Figures

[Hizonner]

In a phone, the GSM modem has its own CPU (and its own memory).

Most phones are based on SoCs (Systems on a Chip); everything's interconnected on the same silicon. Usually the GSM modem processor has access to the memory and I/O busses of the main processor (but not the other way around), can reset the main processor, and often boots before the main processor and must explicitly turn on the main processor before it runs. I believe that in some designs the modem processor actually sets up the boot loader for the main processor as well. The modem processor can definitely rewrite the flash where the main processor's operating system is stored.

The result of this is that the modem has total control of the phone. It can do anything it wants to any data on the phone, including the internals of the main OS, and there's basically nothing the main processor can do about it other than maybe be too obscure and complicated to manipulate easily.

The firmware in the modem is invariably closed source and secret. The modem will only boot firmware that's crypto-signed by the manufacturer, and anyway the hardware is totally undocumented.

The modems have "over the air" command sets that let the carrier manipulate the phone remotely without going through the main OS. Those command sets can be very rich... and can include the ability to reflash the main OS, or even to peek and poke its memory while it's running.

So on most (all?) phones, it basically doesn't matter what your OS is. The carrier (possibly together with the SoC manufacturer) can do whatever it wants if it's willing to figure out the complexity of doing so. And of course governments lean on carriers and SoC manufacturers to get access to that capability, and commercial "partners" also have influence.