Device Security
Security vs. Privacy
Digital security and digital privacy are often used to mean the same thing, however they are different topics. Image a home with hardened entry locks, steel barriers on the windows, a high-end alarm system and a trained guard dogs. This is a secure house. However this same house might have several ‘smart home’ devices that stream personal data to different cloud services. This means the house is secure, but not private.
Device Security
Deployment Device
Securing your device
Two methods for ensuring device security are:
- device sanitization: scrub the device of sensitive information
- device encryption: encrypt sensitive information on the device
Device sanitization | Device encryption | |
---|---|---|
Description | Scrub the device of sensitive information | Encrypt sensitive information on the device |
When to use | ||
Advantages | ||
Disadvantages | The sensitive information remains on the device and an adversary can attempt coercion to force you to decrypt the device |
Device sanitization
Device sanitization is a thorough search and removal of all information from your device that could present a security threat for you, your team, your organisation or your friends and family.
Slow method
Search and remove sensitive information, such as the following:
- Personal photos and videos
- Team photos and videos
- Photos of organisation assets
- Team group chats
- Maps
- Plans
- Personal documents
- Bank statements
- Cryptocurrency material
- Culturally insensitive material
- Unnecessary apps
Fast method
- Check all important material is backed up
- Factory reboot your device
- Only reinstall apps and content that is mission-essential
Apps
Unnecessary apps should be deleted. Not only do unnecessary apps cause delays if an adversary is going through your device, they also drain your battery if they are constantly communicating with a sever which can also create a security risk.
Device Accounts
Device accounts such as Google, Apple, and Facebook provide convenience by allowing seamless access to all their connected services at a device level. Unfortunately this also helps an adversary the same way. While you may have deleted unnecessary apps, your device account provides easy access to this material.
Material linked to device accounts, which should be deleted, can include:
- Photo and video storage such as Google Photos and Apple iCloud
- Maps history including places visited and searches
- Browser search history
Device encryption
Plausible Deniability
Plausible deniability in security means that you can plausibly deny a request from an authority or adversary and have a somewhat believable reason. For example, if a government official was attempting to force you to unlock an encrypted password manager with a master password, you could ‘plausibly deny’ that you remember the password. The adversary may not believe you, but there’s no denying that it’s a plausible excuse - people do forget things. On the other hand, if you use biometrics (fingerprint, retina, face) to unlock an encrypted vault, then it is impossible to deny that you have access to the vault (you can deny that you have a face, retina or fingerprint). The official could simply hold the device to your eye, face or finger and unlock the vault. The amount of resources that an adversary will allocate to unlocking your encrypted data will be proportional to the potential value of the information you may have. For most people working in the field, they are low-value travellers. The amount of effort required to force you to unlock your encrypted data is low.