Chinese Border Agents Now Installing Malware On Foreigners' Cellphones
from the 'when-in-Rome'-will-be-enforced dept
The Chinese government is no longer content to place its own citizens under pervasive surveillance. There's a new twist to border device searches in certain areas of the country: the installation of software that provides government agents with plenty of data -- including text messages -- from visitors' phones. Joseph Cox of Motherboard has the details.
The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.
It's a pretty open intrusion. The malware makes no attempt to hide itself. It even places an icon on the device's application screen. The app has been uploaded by Motherboard and analysis shows this may possibly be for the convenience of the person scanning the phone. The app is sideloaded by border agents, who run a scan and search for the targeted content. Once this is done, those files can be viewed/exfiltrated and the app uninstalled. Also, soon after the article was published, most of the major anti-malware providers started flagging this software.
It's all part of the surveillance regime the Chinese government has directed towards the Uighur population in Xinjiang. Only now it's spread past the historically-oppressed population to visitors to the region. Pretty much anyone travelling into the region via certain checkpoints is subject to device seizures and malware installation.
One tourist who crossed the border and had the malware installed on their device provided a copy to Süddeutsche Zeitung and Motherboard. A member of the reporting team from Süddeutsche Zeitung then also crossed the border and had the same malware installed on their own phone.
The Chinese government has never really worried about what other countries think about its practices and programs. The expressions of dismay from activists and journalists isn't going to result in the government rethinking these activities. However, recent protests in Hong Kong show the situation there isn't entirely hopeless: the Chinese government can be persuaded to rethink some of its efforts with enough pushback.
But for the most part, the capacity and capabilities of China's surveillance network continue to expand. But what it's doing isn't necessarily unusual. The same tech and programs are in use in freer countries, limited only by built-in protections these governments can choose to amend or excise almost at will.
Perversely, the discussion here focuses on the Chinese government targeting foreigners, while generally just accepting its full-fledged domestic surveillance program. It's the complete opposite of how things are measured here in the United States, where we somewhat expect our government to subject foreign visitors to heightened scrutiny but to keep their eyes, ears, and hands off US citizens. It's completely possible for every government to be handling surveillance issues badly, with the Chinese government merely being the most unapologetic participant in these programs.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: border crossings, china, malware, phones, surveillance, uighur
Reader Comments
Subscribe: RSS
View by: Time | Thread
Now I wonder how long we’ll have to wait before we hear of U.S. border agents doing this.
[ link to this | view in chronology ]
Re:
The US has yet to train it's boarder agents to hand the phone back (If and when that ever happens, a software instal will probably be part of the new 'exchange')
[ link to this | view in chronology ]
Re:
About 5 minutes. Short wait.
[ link to this | view in chronology ]
Re:
That is what factory date reset is for. You just immediately reset your phone after clearing customs, if the USA starts doing this.
You would not be breaking any laws, at least in the U
S. if you did that after clearing cistoms.
[ link to this | view in chronology ]
Re: Re:
Possibly untrue. The federal evidence tampering law in the US could be read to cover deleting non-informational things that would aid in a federal criminal investigation. Violating that law has a 20 year prison sentence.
[ link to this | view in chronology ]
Re: Re: Re:
How are they going to know if you do it AFTER you have cleared customs.
I am taking about erasing your phone after you have left the airport.
Once you have cleared customs, you can reset your phone all you want
[ link to this | view in chronology ]
Re: Re: Re: Re:
Fat lot of good that will do you. They will probably have copied your phone on site to give them more time to go through it and to prevent you deleting the data.
Reset it before getting to customs if you like but you still run the risk of being charged with evidence tampering if they can show, via anyone else's phone, that you possessed the data they're looking for.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
This has to do with spyware/malware used to eavrsdrop.on you after you clear customs.
Deleting spyware and evading surveillance after you enter the country does not break any laws.
Just like if law enforcement slips a GPS tracker into.your car to surveil you, pullinh.the right fuse to.cut off its power supply does.not break federal law or state laws in 49 states. Tampering with a tracking device in your car, if placed there by law enforcement, is a felony in Florida, but does not break federal law or state law in any state outside of Florida
The issue being discussed here is monitoring software used to surveil you, after you have entered the country.
Doing reset to remove such software and avoid being monitored in real time after you leave customs does not break any law at.the federal level nor the laws of any state other than florida
[ link to this | view in chronology ]
when countries in the so called 'free, democratic' world are to all sorts of nasty to be able to keep tabs on their own citizens, whether there is any need to or not, whether they have done anything or not, why report on the Chinese? i doubt if that many people go there, unless working and that more people head out of Asian countries. wouldn't it be better to keep all of us in the so called free countries up to date with which governments are doing what? after all, we condemn the likes of the Chinese for doing exactly what we're doing. pot and kettle seems apt here!
[ link to this | view in chronology ]
'Look over there, a distraction!'
Three comments before whataboutism. Yeah, that's about what I expected.
[ link to this | view in chronology ]
The usual advice
Backup your phone before entering <Country X>.
If you have anything on it that's confidential, do a factory reset.
Enter <Country X>, let them do whatever they want.
Restore from backup.
And, of course, don't send anything confidential unless it's encrypted. (But this is wise everywhere - esp. when on Starbucks's WiFi.)
[ link to this | view in chronology ]
Re: The usual advice
Unless your backup and restore also handles the firmware, which would be tricky because of the issues raised in trusting trust, you will just delay them getting your files until you do the restore.
If you have anything you care about, it's best just to bring a burner phone with you and make sure it never had anything on it that you don't want the anyone handling your phone to know.
When you leave the country, ditch the phone. Ideally just give it to someone random who can use it until the plan runs out.
[ link to this | view in chronology ]
Re: Re: The usual advice
How's this better than buying the burner in the country? If you can never have personal data/conversations on there, why bother carrying your own?
[ link to this | view in chronology ]
Re: Re: Re: The usual advice
I've always had a lot of trouble using chinese user interfaces. Mostly based on the fact that I don't read chinese. Plus, it's okay to call your mother.
It's just not okay to call your cia handler or your in country contacts. I would also avoid calling friends at the Computing Infrastructure Association as well.
Although it might be fun to put some fake entries in your contact list that would look interesting to foreign governments. It would be interesting to get the chinese to devote substantial resources to investigating Domino's Pizzas association with the US Government.
[ link to this | view in chronology ]
Re: Re: The usual advice
Hate to tell you but flashing the firmware on android or IOS is a much harder thing to do then the sideload they are doing and a virus that can recover from a reflash is so far non existent. People are creating honeypots to catch China doing stuff like breaking into hotel rooms and installing stuff, but the fact is that China is after people In different ways then Americans tend to think.
Sure a state could go this far, but China is not after spys and other state actors, they are after people who would push rights for Chinese citizens, install ideas into the population they do not approve of, and people who are in contact with those people.
No one including China will put a state level virus on your phone, even the fact they could would not make them do that as you are not important enough for it and if it was wildly used then all the work to create said virus would go out the window.
[ link to this | view in chronology ]
Re: Re: Re: The usual advice
How can they sideload on. IoS? Apple does allow installations from any source other than the apple store.
[ link to this | view in chronology ]
Re: The usual advice
I always use VPN when on wifi, especially when outside California
While neither California law, nor the cfaa make it illegal to connect to open wifi to use the internet, some state laws are not as forgiving.
When I go to one campground in Nevada for stargazing, I have to drive 65 miles to the nearest place I can get onto the net.
In eureka Nevada. I can park at the Chevron station and connect to the the wifi at the motel about a mile down the road using a USB wifi adapter with.a built 10 watt linear amplifier
While I am not breaking the cfaa when I do.this, I am not sure about Nevada state law, so I use an offshore VPN to hide where I am going so I cannot be identified based on my traffic, and pay in cash to put gas in my car for the trip back, so there is no bank trail leading back to mr
[ link to this | view in chronology ]
Re: Re: The usual advice
While the CFAA may not be an issue for you, that 10W amp is very much a 47 CFR Part 15 vio (unless you're operating under 47 CFR Part 97 rules, that is).
[ link to this | view in chronology ]
Re: Re: Re: The usual advice
I bought on Ebay five years ago.
Ebay would not have allowed the sale if the device was illegal.
If it was purchased on Ebay, it was legal.
[ link to this | view in chronology ]
Re: Re: Re: Re: The usual advice
That's a huge and fairly baseless assumption. You're buying from private parties, not ebay, and they'll sell to anyone who sends them money. It's up to you, not them, to ensure your purchases are legal where you are.
[ link to this | view in chronology ]
Re: Re: Re: The usual advice
Part 97 is ham radio. Wifi and ham are two different things.
[ link to this | view in chronology ]
Re: Re: Re: Re: The usual advice
2.4GHz is an Amateur allocation in addition to being an ISM band, and there is nothing prohibiting amateurs from using the modulation modes (DSSS, OFDM) used by 802.11. However, Part 97 forbids encrypted transmissions, so WLAN gear run under Part 97 is run "in the clear", and also linked to the operator's callsign (while I'm not intimately familiar with such, it's likely done through the network SSID).
[ link to this | view in chronology ]
Re: Re: Re: The usual advice
I am more concerned about state laws more than anything else. While I am not violating the CFAA because there is no password protection, there are some state computer tresspass laws that apply, though not in California. Such stricter laws to exist, for sure, in Michigan, Indiana, Massachoossetts, Texas, and Florida.
Using a VPN, plus using cash when fueling up my car for the drive back to the campground, helps me avoid any problems with the law in Nevada.
Some state laws are stricter than the CFAA.
Because I use cash, when doing that, there is no bank trail leading to me. All they would know is that someone paid for gas with cash, and no bank trail leading to me. Cash leaves no bank trail that can be traced to anyone, just in case I am unknowingly breaking Nevada laws.
And since I use an offhore VPN, I cannot be identified through my activity, since the VPN server, in Cuernavca, Mexico is not subject to US jurisdiction. The operators of that VPN, in Cuernavaca, only have to obey Mexican laws, so law enforcement, in Nevada, cannot compel the opertors of a VPN, in Mexico, to hand over any information.
[ link to this | view in chronology ]
Re: The usual advice
"Using a VPN, plus using cash when fueling up my car for the drive back to the campground, helps me avoid any problems with the law in Nevada."
Then again, the petrol station may well be taking sneaky photos of your motorcar's number plates.
I'd be surprised if they were not...
[ link to this | view in chronology ]
Re: Re: The usual advice
Technology has caught up to that. There are these infra red license plate frames that emit radiation in the infra red spectrum just below what the human eye can see, but that can blind the camera to where your number plate is invisible to the cameras.
The plate is visible to the human eye, so nobody would know you deployed anti camera technology. When they go to play back the video later on, your plate number be blotted out.
You can also use this to foil automated licence place reader (ALPR) cameras, as they will make your number plate invisible to such cameras.
I use that technology whenever crossing either the Canadian or Mexican border, so the cameras that Customs and Border Protection (CBP) use to scan or record license numbers cannot get my number. My number plate is rendered invisible to the camera. It is a stealthy way to prevent your number plate from being seen by cameras. Unlike a plastic plate cover, they will never have any clue you are using stealthy technology like that.
CBP does have cameras that scan number plates on all cars exiting the United States.
I also use it because I do like to play my car stereo loud, at times, and it keeps me from getting any ticket in the mail, because the "noise snare" cameras cannot see my number plate, and they use the same cameras as the red light cameras. My car has been flashed when the light is green, but I have had a ticket for loud car stereo because my number plate was rendered invisible
[ link to this | view in chronology ]
Re: Re: Re: The usual advice
You have oh so carefully marked yourself out as someone of interest to the security service, by trying to avoid being tracked and monitored.
[ link to this | view in chronology ]
Re: Re: Re: Re: The usual advice
Using anti camera technology like that does not break any laws.
Infra red anti camera license plate frames are not illegal anywhere in the United States.
Like I said, I use them to fool ticket cameras and that is not illegal.
[ link to this | view in chronology ]
Re: Re: The usual advice
I also have a secure wiping toll that deletes evidence good enough where authorities would never be able to determine it was ever used.
Once I have used it and reinstalled windows and all my programs, they would not be able to determine that I used it.
These tools wipe the hard disk to be as blank as the day is was manufactured, making it impossible to determine it was ever used.
Wiping tools have gotten better in the face of sarbanes oxley in.the USA and "perverting the course of justice" laws in Britain
And Nevada does have any state level laws like SoX, so no Nevada laws broken in wiping out evidence on a hard disk.
[ link to this | view in chronology ]
Its's Good vs Evil
OOooOOooOOooo... scary Halloween stuff...
It's so much better when you can live in denial. US CBP copies all your files, too., but they don't leave Texas Chainsaw Massacre icons hanging around, so that you can pretend they didn't offload your sexual proclivities.
Besides, US CBP has only our best interests at heart. Who knows what that evil, grabby Chinese government is planning to do with my files? Probably outsource them to some evil mega-corporation. US CBP would never do something like that.
AAG?
[ link to this | view in chronology ]
Re: Its's Good vs Evil
https://en.wikipedia.org/wiki/Whataboutism
[ link to this | view in chronology ]
Re: Re: Its's Good vs Evil
You keep linking this but it doesn't make the point any less valid. Media loves to focus on China's surveillance while ignoring that the West does a lot more data gulping. Check out the Five Eyes.
[ link to this | view in chronology ]
Re: Re: Its's Good vs Evil
That is a hilarious rejoinder given that that's what the article is basically doing. It even tactitly admits that in the next-to-last paragraph:
So..."freer countries do this...but what about China?"
[ link to this | view in chronology ]
Re: Re: Re: Its's Good vs Evil
i know. no one is allowed to talk about china or whatever, just the US \ your personal pet interest. thanks for the reminder.
[ link to this | view in chronology ]
Re: Re: Its's Good vs Evil
Whataboutism: Used to dismiss comment when comment is not likely to be hidden
[ link to this | view in chronology ]
Do you think..
ANY NATION, should kowtow to any other?? NOPE.
Might take some fundamental ideals, and change abit/alot.
But Never Kowtow..
Except the USA which loves its corps to the point we willbend over and let them treat us as Slaves 90% of the time. And we even Help our corps Slowly take over the world, as they demand other nations to Become as bad or worse then the USA..
This is SOP for China, they Love to control things and know whats happening. And HK, is 1% of the nation, and partly independent. Its Corp central, for China to get into the market of everything.
The USA, EU, Australia, are all looking at using the Net and Modems to watch and track out people, so what China is doing, is nothing NEW.
[ link to this | view in chronology ]
Re: Do you think..
Monkey See, Monkey DO.
[ link to this | view in chronology ]
potential for a Granny weatherwax
while they're sideloading, one does have to wonder what hte potential is for it to be turned back on them, either by
a) killing the program and running a fake version which says 'all clear" (possible)
b) expanding on the practice that you NEVER plug in random USB devices (there are USB killers, just put it in the port of a phone that you charge wirelessly)
c) Weatherwaxing them (taken from this bit of the Discworld novel 'Carpe Jugulum' - “You wanted to know where I’d put my self,” said Granny. “I didn’t go anywhere. I just put it in something alive, and you took it. You invited me in. I’m in every muscle in your body and I’m in your head, oh yes. I was in the blood, Count. In the blood. I ain’t been vampired. You’ve been Weatherwaxed. All of you. And you’ve always listened to your blood, haven’t you?”
Extremely hard to do, but possible and could really bite them on the backside. would require details of what they're using to sideload though.
[ link to this | view in chronology ]
Re: potential for a Granny weatherwax
Or you just don't keep files on the device, but keep them stored elsewhere.
When I have gone on road trips to Mexico, I have kept all my files on my home computer, and never anything on my laptop, where the files can only be accessed if logged into my network via VPN.
My computer in my apartment is not subject to border searches, only the devices I take in or out of the country, at least in the USA.
They cannot force you, to, say, log onto your office VPN.
[ link to this | view in chronology ]
Re: Re: potential for a Granny weatherwax
“whoever they are ”
NSA, FBI and DHS and their flying monkeys in the private security sector routinely perform black bag jobs on targeted citizens who do what you recommend-leaving the laptop at home.
One of their favorite calling cards is to leave the "broken LED screen " prank behind, and lick you out of your log in screen after they DL your docs.
So...who are your "they ” these days?
[ link to this | view in chronology ]
Back up your phone, do a reset enter country x.
after a 1 day do another reset.
When the nsa taps cables, records emails and txt messages ,and browsing data in the usa ,it makes it hard to for the usa to criticise other countrys
surveillance of anyone.
Also nsa policy seems to be we can get any data we can or monitor
any person outside america including our allies government officials
and civil service staff.
its very easy to wipe all data from a chromebook ,
and use it as a basic laptop during a visit to a foreign country .
Australia have new laws which make it legal to monitor all txt email
and web browsing data from anyone if the security services deem it necessary for
the protection of the state from terrorists or any other bad actors .
[ link to this | view in chronology ]
Re:
If you're trying to format your posts like prose then you're failing. Lay off the carriage return.
[ link to this | view in chronology ]
Re:tired trope
In other news, Chinese visitors to Guantanamo torture camps, US prisons, or Abu Ghraib at the height of the Iraq Exploitation were /are non -existent.
Wawawawa, so: a country solves its problem of troublesome religious fanatics and meddlesome, exploitative outsiders from fake news services and mysterious NGOs with an app that eliminates both exploitative outsiders AND fake NGOs from causing trouble.
And: I didnt see too much complaining here at TD about how Israel continues its inhumane treatment if Palestinians either, over the last decades.
Dont kid yourself, the US democratic experiment is now a dismal failure, thanks to those who cried the loudest for security -and those people -whoever "they ” are, have their feet in China, and the Uighur problem too.
Meanwhile, back in reality, the shaokao in the Xinjiang region is fabulous, often served under bright signs with mosques on them, by guys with beanies; and actual tigers feet, and (fabulous ) saffron from Iran and India travel by the jin in the backpacks of the minority peoples who, as long as they focus on commerce instead of Abrahamic shit religion dont get hassled.
[ link to this | view in chronology ]
They have done it again
Remember IJOP (see here: https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-poli ce-mass-surveillance )? It stands for Integrated Joint Operations Platform. It was a chinese spyware app for any muslims and such forigners entering china to be required to have this surveillance camera installed on your phone.
[ link to this | view in chronology ]
How
... does one remove the software once one has left China? Do border agents remove the software using a code as you leave the country? Otherwise, why not just delete it once you reach your hotel?
[ link to this | view in chronology ]
Not helping
While I am aware that there is no evidence behind claims that Hwawei is spying on behalf of the Chinese government, and Hwawei doesn’t have any real connection to this issue, a lot of people are probably going to use this as “evidence” that Chinese tech companies like Hwawei are going to spy on Americans using their services and turn that info over to the Chinese government. Not that our telecom companies never do the same for our governments, but still, this isn’t helping.
[ link to this | view in chronology ]