Chinese Border Agents Now Installing Malware On Foreigners' Cellphones

from the 'when-in-Rome'-will-be-enforced dept

The Chinese government is no longer content to place its own citizens under pervasive surveillance. There’s a new twist to border device searches in certain areas of the country: the installation of software that provides government agents with plenty of data — including text messages — from visitors’ phones. Joseph Cox of Motherboard has the details.

The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller’s device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.

It’s a pretty open intrusion. The malware makes no attempt to hide itself. It even places an icon on the device’s application screen. The app has been uploaded by Motherboard and analysis shows this may possibly be for the convenience of the person scanning the phone. The app is sideloaded by border agents, who run a scan and search for the targeted content. Once this is done, those files can be viewed/exfiltrated and the app uninstalled. Also, soon after the article was published, most of the major anti-malware providers started flagging this software.

It’s all part of the surveillance regime the Chinese government has directed towards the Uighur population in Xinjiang. Only now it’s spread past the historically-oppressed population to visitors to the region. Pretty much anyone travelling into the region via certain checkpoints is subject to device seizures and malware installation.

One tourist who crossed the border and had the malware installed on their device provided a copy to Süddeutsche Zeitung and Motherboard. A member of the reporting team from Süddeutsche Zeitung then also crossed the border and had the same malware installed on their own phone.

The Chinese government has never really worried about what other countries think about its practices and programs. The expressions of dismay from activists and journalists isn’t going to result in the government rethinking these activities. However, recent protests in Hong Kong show the situation there isn’t entirely hopeless: the Chinese government can be persuaded to rethink some of its efforts with enough pushback.

But for the most part, the capacity and capabilities of China’s surveillance network continue to expand. But what it’s doing isn’t necessarily unusual. The same tech and programs are in use in freer countries, limited only by built-in protections these governments can choose to amend or excise almost at will.

Perversely, the discussion here focuses on the Chinese government targeting foreigners, while generally just accepting its full-fledged domestic surveillance program. It’s the complete opposite of how things are measured here in the United States, where we somewhat expect our government to subject foreign visitors to heightened scrutiny but to keep their eyes, ears, and hands off US citizens. It’s completely possible for every government to be handling surveillance issues badly, with the Chinese government merely being the most unapologetic participant in these programs.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Chinese Border Agents Now Installing Malware On Foreigners' Cellphones”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re:2 Re:

Fat lot of good that will do you. They will probably have copied your phone on site to give them more time to go through it and to prevent you deleting the data.

Reset it before getting to customs if you like but you still run the risk of being charged with evidence tampering if they can show, via anyone else’s phone, that you possessed the data they’re looking for.

Anonymous Coward says:

Re: Re: Re:3 Re:

This has to do with spyware/malware used to eavrsdrop.on you after you clear customs.

Deleting spyware and evading surveillance after you enter the country does not break any laws.

Just like if law enforcement slips a GPS tracker into.your car to surveil you, pullinh.the right fuse to.cut off its power supply does.not break federal law or state laws in 49 states. Tampering with a tracking device in your car, if placed there by law enforcement, is a felony in Florida, but does not break federal law or state law in any state outside of Florida

The issue being discussed here is monitoring software used to surveil you, after you have entered the country.

Doing reset to remove such software and avoid being monitored in real time after you leave customs does not break any law at.the federal level nor the laws of any state other than florida

Anonymous Coward says:

when countries in the so called ‘free, democratic’ world are to all sorts of nasty to be able to keep tabs on their own citizens, whether there is any need to or not, whether they have done anything or not, why report on the Chinese? i doubt if that many people go there, unless working and that more people head out of Asian countries. wouldn’t it be better to keep all of us in the so called free countries up to date with which governments are doing what? after all, we condemn the likes of the Chinese for doing exactly what we’re doing. pot and kettle seems apt here!

OldMugwump (profile) says:

The usual advice

Backup your phone before entering <Country X>.

If you have anything on it that’s confidential, do a factory reset.

Enter <Country X>, let them do whatever they want.

Restore from backup.

And, of course, don’t send anything confidential unless it’s encrypted. (But this is wise everywhere – esp. when on Starbucks’s WiFi.)

Anonymous Coward says:

Re: The usual advice

Unless your backup and restore also handles the firmware, which would be tricky because of the issues raised in trusting trust, you will just delay them getting your files until you do the restore.

If you have anything you care about, it’s best just to bring a burner phone with you and make sure it never had anything on it that you don’t want the anyone handling your phone to know.

When you leave the country, ditch the phone. Ideally just give it to someone random who can use it until the plan runs out.

Anonymous Coward says:

Re: Re: The usual advice

it’s best just to bring a burner phone with you and make sure it never had anything on it that you don’t want the anyone handling your phone to know. When you leave the country, ditch the phone.

How’s this better than buying the burner in the country? If you can never have personal data/conversations on there, why bother carrying your own?

Anonymous Coward says:

Re: Re: Re: The usual advice

I’ve always had a lot of trouble using chinese user interfaces. Mostly based on the fact that I don’t read chinese. Plus, it’s okay to call your mother.

It’s just not okay to call your cia handler or your in country contacts. I would also avoid calling friends at the Computing Infrastructure Association as well.

Although it might be fun to put some fake entries in your contact list that would look interesting to foreign governments. It would be interesting to get the chinese to devote substantial resources to investigating Domino’s Pizzas association with the US Government.

Paul Brinker (profile) says:

Re: Re: The usual advice

Hate to tell you but flashing the firmware on android or IOS is a much harder thing to do then the sideload they are doing and a virus that can recover from a reflash is so far non existent. People are creating honeypots to catch China doing stuff like breaking into hotel rooms and installing stuff, but the fact is that China is after people In different ways then Americans tend to think.

Sure a state could go this far, but China is not after spys and other state actors, they are after people who would push rights for Chinese citizens, install ideas into the population they do not approve of, and people who are in contact with those people.

No one including China will put a state level virus on your phone, even the fact they could would not make them do that as you are not important enough for it and if it was wildly used then all the work to create said virus would go out the window.

Anonymous Coward says:

Re: The usual advice

I always use VPN when on wifi, especially when outside California

While neither California law, nor the cfaa make it illegal to connect to open wifi to use the internet, some state laws are not as forgiving.

When I go to one campground in Nevada for stargazing, I have to drive 65 miles to the nearest place I can get onto the net.

In eureka Nevada. I can park at the Chevron station and connect to the the wifi at the motel about a mile down the road using a USB wifi adapter with.a built 10 watt linear amplifier

While I am not breaking the cfaa when I do.this, I am not sure about Nevada state law, so I use an offshore VPN to hide where I am going so I cannot be identified based on my traffic, and pay in cash to put gas in my car for the trip back, so there is no bank trail leading back to mr

Anonymous Coward says:

Re: Re: Re:2 The usual advice

2.4GHz is an Amateur allocation in addition to being an ISM band, and there is nothing prohibiting amateurs from using the modulation modes (DSSS, OFDM) used by 802.11. However, Part 97 forbids encrypted transmissions, so WLAN gear run under Part 97 is run "in the clear", and also linked to the operator’s callsign (while I’m not intimately familiar with such, it’s likely done through the network SSID).

Anonymous Coward says:

Re: Re: Re: The usual advice

I am more concerned about state laws more than anything else. While I am not violating the CFAA because there is no password protection, there are some state computer tresspass laws that apply, though not in California. Such stricter laws to exist, for sure, in Michigan, Indiana, Massachoossetts, Texas, and Florida.

Using a VPN, plus using cash when fueling up my car for the drive back to the campground, helps me avoid any problems with the law in Nevada.

Some state laws are stricter than the CFAA.

Because I use cash, when doing that, there is no bank trail leading to me. All they would know is that someone paid for gas with cash, and no bank trail leading to me. Cash leaves no bank trail that can be traced to anyone, just in case I am unknowingly breaking Nevada laws.

And since I use an offhore VPN, I cannot be identified through my activity, since the VPN server, in Cuernavca, Mexico is not subject to US jurisdiction. The operators of that VPN, in Cuernavaca, only have to obey Mexican laws, so law enforcement, in Nevada, cannot compel the opertors of a VPN, in Mexico, to hand over any information.

Anonymous Coward says:

Re: Re: Re:2 The usual advice

"Using a VPN, plus using cash when fueling up my car for the drive back to the campground, helps me avoid any problems with the law in Nevada."

Then again, the petrol station may well be taking sneaky photos of your motorcar’s number plates.

I’d be surprised if they were not…

Anonymous Coward says:

Re: Re: Re:3 The usual advice

Technology has caught up to that. There are these infra red license plate frames that emit radiation in the infra red spectrum just below what the human eye can see, but that can blind the camera to where your number plate is invisible to the cameras.

The plate is visible to the human eye, so nobody would know you deployed anti camera technology. When they go to play back the video later on, your plate number be blotted out.

You can also use this to foil automated licence place reader (ALPR) cameras, as they will make your number plate invisible to such cameras.

I use that technology whenever crossing either the Canadian or Mexican border, so the cameras that Customs and Border Protection (CBP) use to scan or record license numbers cannot get my number. My number plate is rendered invisible to the camera. It is a stealthy way to prevent your number plate from being seen by cameras. Unlike a plastic plate cover, they will never have any clue you are using stealthy technology like that.

CBP does have cameras that scan number plates on all cars exiting the United States.

I also use it because I do like to play my car stereo loud, at times, and it keeps me from getting any ticket in the mail, because the "noise snare" cameras cannot see my number plate, and they use the same cameras as the red light cameras. My car has been flashed when the light is green, but I have had a ticket for loud car stereo because my number plate was rendered invisible

Anonymous Coward says:

Re: Re: Re:3 The usual advice

I also have a secure wiping toll that deletes evidence good enough where authorities would never be able to determine it was ever used.

Once I have used it and reinstalled windows and all my programs, they would not be able to determine that I used it.

These tools wipe the hard disk to be as blank as the day is was manufactured, making it impossible to determine it was ever used.

Wiping tools have gotten better in the face of sarbanes oxley in.the USA and "perverting the course of justice" laws in Britain

And Nevada does have any state level laws like SoX, so no Nevada laws broken in wiping out evidence on a hard disk.

Coyne Tibbets (profile) says:

Its's Good vs Evil

OOooOOooOOooo… scary Halloween stuff…

It’s so much better when you can live in denial. US CBP copies all your files, too., but they don’t leave Texas Chainsaw Massacre icons hanging around, so that you can pretend they didn’t offload your sexual proclivities.

Besides, US CBP has only our best interests at heart. Who knows what that evil, grabby Chinese government is planning to do with my files? Probably outsource them to some evil mega-corporation. US CBP would never do something like that.


Coyne Tibbets (profile) says:

Re: Re: Its's Good vs Evil

That is a hilarious rejoinder given that that’s what the article is basically doing. It even tactitly admits that in the next-to-last paragraph:

But what it’s doing isn’t necessarily unusual. The same tech and programs are in use in freer countries, limited only by built-in protections these governments can choose to amend or excise almost at will.

So…"freer countries do this…but what about China?"

ECA (profile) says:

Do you think..

ANY NATION, should kowtow to any other?? NOPE.
Might take some fundamental ideals, and change abit/alot.

But Never Kowtow..
Except the USA which loves its corps to the point we willbend over and let them treat us as Slaves 90% of the time. And we even Help our corps Slowly take over the world, as they demand other nations to Become as bad or worse then the USA..

This is SOP for China, they Love to control things and know whats happening. And HK, is 1% of the nation, and partly independent. Its Corp central, for China to get into the market of everything.
The USA, EU, Australia, are all looking at using the Net and Modems to watch and track out people, so what China is doing, is nothing NEW.

K`Tetch (profile) says:

potential for a Granny weatherwax

while they’re sideloading, one does have to wonder what hte potential is for it to be turned back on them, either by

a) killing the program and running a fake version which says ‘all clear" (possible)
b) expanding on the practice that you NEVER plug in random USB devices (there are USB killers, just put it in the port of a phone that you charge wirelessly)
c) Weatherwaxing them (taken from this bit of the Discworld novel ‘Carpe Jugulum’ – “You wanted to know where I’d put my self,” said Granny. “I didn’t go anywhere. I just put it in something alive, and you took it. You invited me in. I’m in every muscle in your body and I’m in your head, oh yes. I was in the blood, Count. In the blood. I ain’t been vampired. You’ve been Weatherwaxed. All of you. And you’ve always listened to your blood, haven’t you?”
Extremely hard to do, but possible and could really bite them on the backside. would require details of what they’re using to sideload though.

Anonymous Coward says:

Re: potential for a Granny weatherwax

Or you just don’t keep files on the device, but keep them stored elsewhere.

When I have gone on road trips to Mexico, I have kept all my files on my home computer, and never anything on my laptop, where the files can only be accessed if logged into my network via VPN.

My computer in my apartment is not subject to border searches, only the devices I take in or out of the country, at least in the USA.

They cannot force you, to, say, log onto your office VPN.

R,og S/ says:

Re: Re: potential for a Granny weatherwax

“whoever they are ”

NSA, FBI and DHS and their flying monkeys in the private security sector routinely perform black bag jobs on targeted citizens who do what you recommend-leaving the laptop at home.

One of their favorite calling cards is to leave the "broken LED screen " prank behind, and lick you out of your log in screen after they DL your docs.

So…who are your "they ” these days?

Anonymous Coward says:

Back up your phone, do a reset enter country x.
after a 1 day do another reset.
When the nsa taps cables, records emails and txt messages ,and browsing data in the usa ,it makes it hard to for the usa to criticise other countrys
surveillance of anyone.
Also nsa policy seems to be we can get any data we can or monitor
any person outside america including our allies government officials
and civil service staff.
its very easy to wipe all data from a chromebook ,
and use it as a basic laptop during a visit to a foreign country .
Australia have new laws which make it legal to monitor all txt email
and web browsing data from anyone if the security services deem it necessary for
the protection of the state from terrorists or any other bad actors .

R,og S/ says:

Re:tired trope

In other news, Chinese visitors to Guantanamo torture camps, US prisons, or Abu Ghraib at the height of the Iraq Exploitation were /are non -existent.

Wawawawa, so: a country solves its problem of troublesome religious fanatics and meddlesome, exploitative outsiders from fake news services and mysterious NGOs with an app that eliminates both exploitative outsiders AND fake NGOs from causing trouble.

And: I didnt see too much complaining here at TD about how Israel continues its inhumane treatment if Palestinians either, over the last decades.

Dont kid yourself, the US democratic experiment is now a dismal failure, thanks to those who cried the loudest for security -and those people -whoever "they ” are, have their feet in China, and the Uighur problem too.

Meanwhile, back in reality, the shaokao in the Xinjiang region is fabulous, often served under bright signs with mosques on them, by guys with beanies; and actual tigers feet, and (fabulous ) saffron from Iran and India travel by the jin in the backpacks of the minority peoples who, as long as they focus on commerce instead of Abrahamic shit religion dont get hassled.

GHB (profile) says:

They have done it again

Remember IJOP (see here: )? It stands for Integrated Joint Operations Platform. It was a chinese spyware app for any muslims and such forigners entering china to be required to have this surveillance camera installed on your phone.

bhull242 (profile) says:

Not helping

While I am aware that there is no evidence behind claims that Hwawei is spying on behalf of the Chinese government, and Hwawei doesn’t have any real connection to this issue, a lot of people are probably going to use this as “evidence” that Chinese tech companies like Hwawei are going to spy on Americans using their services and turn that info over to the Chinese government. Not that our telecom companies never do the same for our governments, but still, this isn’t helping.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...