Chinese Border Agents Now Installing Malware On Foreigners' Cellphones

from the 'when-in-Rome'-will-be-enforced dept

The Chinese government is no longer content to place its own citizens under pervasive surveillance. There's a new twist to border device searches in certain areas of the country: the installation of software that provides government agents with plenty of data -- including text messages -- from visitors' phones. Joseph Cox of Motherboard has the details.

The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.

It's a pretty open intrusion. The malware makes no attempt to hide itself. It even places an icon on the device's application screen. The app has been uploaded by Motherboard and analysis shows this may possibly be for the convenience of the person scanning the phone. The app is sideloaded by border agents, who run a scan and search for the targeted content. Once this is done, those files can be viewed/exfiltrated and the app uninstalled. Also, soon after the article was published, most of the major anti-malware providers started flagging this software.

It's all part of the surveillance regime the Chinese government has directed towards the Uighur population in Xinjiang. Only now it's spread past the historically-oppressed population to visitors to the region. Pretty much anyone travelling into the region via certain checkpoints is subject to device seizures and malware installation.

One tourist who crossed the border and had the malware installed on their device provided a copy to Süddeutsche Zeitung and Motherboard. A member of the reporting team from Süddeutsche Zeitung then also crossed the border and had the same malware installed on their own phone.

The Chinese government has never really worried about what other countries think about its practices and programs. The expressions of dismay from activists and journalists isn't going to result in the government rethinking these activities. However, recent protests in Hong Kong show the situation there isn't entirely hopeless: the Chinese government can be persuaded to rethink some of its efforts with enough pushback.

But for the most part, the capacity and capabilities of China's surveillance network continue to expand. But what it's doing isn't necessarily unusual. The same tech and programs are in use in freer countries, limited only by built-in protections these governments can choose to amend or excise almost at will.

Perversely, the discussion here focuses on the Chinese government targeting foreigners, while generally just accepting its full-fledged domestic surveillance program. It's the complete opposite of how things are measured here in the United States, where we somewhat expect our government to subject foreign visitors to heightened scrutiny but to keep their eyes, ears, and hands off US citizens. It's completely possible for every government to be handling surveillance issues badly, with the Chinese government merely being the most unapologetic participant in these programs.

Filed Under: border crossings, china, malware, phones, surveillance, uighur


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Stephen T. Stone (profile), 3 Jul 2019 @ 12:15pm

    Now I wonder how long we’ll have to wait before we hear of U.S. border agents doing this.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jul 2019 @ 12:19pm

      Re:

      The US has yet to train it's boarder agents to hand the phone back (If and when that ever happens, a software instal will probably be part of the new 'exchange')

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jul 2019 @ 4:06pm

      Re:

      About 5 minutes. Short wait.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jul 2019 @ 7:50am

      Re:

      That is what factory date reset is for. You just immediately reset your phone after clearing customs, if the USA starts doing this.

      You would not be breaking any laws, at least in the U
      S. if you did that after clearing cistoms.

      reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 4 Jul 2019 @ 11:52am

        Re: Re:

        Possibly untrue. The federal evidence tampering law in the US could be read to cover deleting non-informational things that would aid in a federal criminal investigation. Violating that law has a 20 year prison sentence.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Jul 2019 @ 2:06pm

          Re: Re: Re:

          How are they going to know if you do it AFTER you have cleared customs.

          I am taking about erasing your phone after you have left the airport.

          Once you have cleared customs, you can reset your phone all you want

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Jul 2019 @ 4:48pm

            Re: Re: Re: Re:

            Fat lot of good that will do you. They will probably have copied your phone on site to give them more time to go through it and to prevent you deleting the data.

            Reset it before getting to customs if you like but you still run the risk of being charged with evidence tampering if they can show, via anyone else's phone, that you possessed the data they're looking for.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 4 Jul 2019 @ 5:15pm

              Re: Re: Re: Re: Re:

              This has to do with spyware/malware used to eavrsdrop.on you after you clear customs.

              Deleting spyware and evading surveillance after you enter the country does not break any laws.

              Just like if law enforcement slips a GPS tracker into.your car to surveil you, pullinh.the right fuse to.cut off its power supply does.not break federal law or state laws in 49 states. Tampering with a tracking device in your car, if placed there by law enforcement, is a felony in Florida, but does not break federal law or state law in any state outside of Florida

              The issue being discussed here is monitoring software used to surveil you, after you have entered the country.

              Doing reset to remove such software and avoid being monitored in real time after you leave customs does not break any law at.the federal level nor the laws of any state other than florida

              reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jul 2019 @ 12:23pm

    when countries in the so called 'free, democratic' world are to all sorts of nasty to be able to keep tabs on their own citizens, whether there is any need to or not, whether they have done anything or not, why report on the Chinese? i doubt if that many people go there, unless working and that more people head out of Asian countries. wouldn't it be better to keep all of us in the so called free countries up to date with which governments are doing what? after all, we condemn the likes of the Chinese for doing exactly what we're doing. pot and kettle seems apt here!

    reply to this | link to this | view in chronology ]

  • icon
    OldMugwump (profile), 3 Jul 2019 @ 12:40pm

    The usual advice

    Backup your phone before entering <Country X>.

    If you have anything on it that's confidential, do a factory reset.

    Enter <Country X>, let them do whatever they want.

    Restore from backup.

    And, of course, don't send anything confidential unless it's encrypted. (But this is wise everywhere - esp. when on Starbucks's WiFi.)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jul 2019 @ 12:50pm

      Re: The usual advice

      Unless your backup and restore also handles the firmware, which would be tricky because of the issues raised in trusting trust, you will just delay them getting your files until you do the restore.

      If you have anything you care about, it's best just to bring a burner phone with you and make sure it never had anything on it that you don't want the anyone handling your phone to know.

      When you leave the country, ditch the phone. Ideally just give it to someone random who can use it until the plan runs out.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Jul 2019 @ 2:01pm

        Re: Re: The usual advice

        it's best just to bring a burner phone with you and make sure it never had anything on it that you don't want the anyone handling your phone to know. When you leave the country, ditch the phone.

        How's this better than buying the burner in the country? If you can never have personal data/conversations on there, why bother carrying your own?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Jul 2019 @ 2:32pm

          Re: Re: Re: The usual advice

          I've always had a lot of trouble using chinese user interfaces. Mostly based on the fact that I don't read chinese. Plus, it's okay to call your mother.

          It's just not okay to call your cia handler or your in country contacts. I would also avoid calling friends at the Computing Infrastructure Association as well.

          Although it might be fun to put some fake entries in your contact list that would look interesting to foreign governments. It would be interesting to get the chinese to devote substantial resources to investigating Domino's Pizzas association with the US Government.

          reply to this | link to this | view in chronology ]

      • identicon
        Paul Brinker, 3 Jul 2019 @ 11:06pm

        Re: Re: The usual advice

        Hate to tell you but flashing the firmware on android or IOS is a much harder thing to do then the sideload they are doing and a virus that can recover from a reflash is so far non existent. People are creating honeypots to catch China doing stuff like breaking into hotel rooms and installing stuff, but the fact is that China is after people In different ways then Americans tend to think.

        Sure a state could go this far, but China is not after spys and other state actors, they are after people who would push rights for Chinese citizens, install ideas into the population they do not approve of, and people who are in contact with those people.

        No one including China will put a state level virus on your phone, even the fact they could would not make them do that as you are not important enough for it and if it was wildly used then all the work to create said virus would go out the window.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Jul 2019 @ 5:17pm

          Re: Re: Re: The usual advice

          How can they sideload on. IoS? Apple does allow installations from any source other than the apple store.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jul 2019 @ 5:35pm

      Re: The usual advice

      I always use VPN when on wifi, especially when outside California

      While neither California law, nor the cfaa make it illegal to connect to open wifi to use the internet, some state laws are not as forgiving.

      When I go to one campground in Nevada for stargazing, I have to drive 65 miles to the nearest place I can get onto the net.

      In eureka Nevada. I can park at the Chevron station and connect to the the wifi at the motel about a mile down the road using a USB wifi adapter with.a built 10 watt linear amplifier

      While I am not breaking the cfaa when I do.this, I am not sure about Nevada state law, so I use an offshore VPN to hide where I am going so I cannot be identified based on my traffic, and pay in cash to put gas in my car for the trip back, so there is no bank trail leading back to mr

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Jul 2019 @ 6:50am

        Re: Re: The usual advice

        While the CFAA may not be an issue for you, that 10W amp is very much a 47 CFR Part 15 vio (unless you're operating under 47 CFR Part 97 rules, that is).

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Jul 2019 @ 12:15pm

          Re: Re: Re: The usual advice

          I bought on Ebay five years ago.

          Ebay would not have allowed the sale if the device was illegal.

          If it was purchased on Ebay, it was legal.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 6 Jul 2019 @ 6:49am

            Re: Re: Re: Re: The usual advice

            That's a huge and fairly baseless assumption. You're buying from private parties, not ebay, and they'll sell to anyone who sends them money. It's up to you, not them, to ensure your purchases are legal where you are.

            reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Jul 2019 @ 12:19pm

          Re: Re: Re: The usual advice

          Part 97 is ham radio. Wifi and ham are two different things.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Jul 2019 @ 6:32am

            Re: Re: Re: Re: The usual advice

            2.4GHz is an Amateur allocation in addition to being an ISM band, and there is nothing prohibiting amateurs from using the modulation modes (DSSS, OFDM) used by 802.11. However, Part 97 forbids encrypted transmissions, so WLAN gear run under Part 97 is run "in the clear", and also linked to the operator's callsign (while I'm not intimately familiar with such, it's likely done through the network SSID).

            reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Jul 2019 @ 5:53pm

          Re: Re: Re: The usual advice

          I am more concerned about state laws more than anything else. While I am not violating the CFAA because there is no password protection, there are some state computer tresspass laws that apply, though not in California. Such stricter laws to exist, for sure, in Michigan, Indiana, Massachoossetts, Texas, and Florida.

          Using a VPN, plus using cash when fueling up my car for the drive back to the campground, helps me avoid any problems with the law in Nevada.

          Some state laws are stricter than the CFAA.

          Because I use cash, when doing that, there is no bank trail leading to me. All they would know is that someone paid for gas with cash, and no bank trail leading to me. Cash leaves no bank trail that can be traced to anyone, just in case I am unknowingly breaking Nevada laws.

          And since I use an offhore VPN, I cannot be identified through my activity, since the VPN server, in Cuernavca, Mexico is not subject to US jurisdiction. The operators of that VPN, in Cuernavaca, only have to obey Mexican laws, so law enforcement, in Nevada, cannot compel the opertors of a VPN, in Mexico, to hand over any information.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 5 Jul 2019 @ 7:24pm

            Re: The usual advice

            "Using a VPN, plus using cash when fueling up my car for the drive back to the campground, helps me avoid any problems with the law in Nevada."

            Then again, the petrol station may well be taking sneaky photos of your motorcar's number plates.

            I'd be surprised if they were not...

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 5 Jul 2019 @ 8:56pm

              Re: Re: The usual advice

              Technology has caught up to that. There are these infra red license plate frames that emit radiation in the infra red spectrum just below what the human eye can see, but that can blind the camera to where your number plate is invisible to the cameras.

              The plate is visible to the human eye, so nobody would know you deployed anti camera technology. When they go to play back the video later on, your plate number be blotted out.

              You can also use this to foil automated licence place reader (ALPR) cameras, as they will make your number plate invisible to such cameras.

              I use that technology whenever crossing either the Canadian or Mexican border, so the cameras that Customs and Border Protection (CBP) use to scan or record license numbers cannot get my number. My number plate is rendered invisible to the camera. It is a stealthy way to prevent your number plate from being seen by cameras. Unlike a plastic plate cover, they will never have any clue you are using stealthy technology like that.

              CBP does have cameras that scan number plates on all cars exiting the United States.

              I also use it because I do like to play my car stereo loud, at times, and it keeps me from getting any ticket in the mail, because the "noise snare" cameras cannot see my number plate, and they use the same cameras as the red light cameras. My car has been flashed when the light is green, but I have had a ticket for loud car stereo because my number plate was rendered invisible

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 6 Jul 2019 @ 6:46am

                Re: Re: Re: The usual advice

                You have oh so carefully marked yourself out as someone of interest to the security service, by trying to avoid being tracked and monitored.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 6 Jul 2019 @ 10:05am

                  Re: Re: Re: Re: The usual advice

                  Using anti camera technology like that does not break any laws.

                  Infra red anti camera license plate frames are not illegal anywhere in the United States.

                  Like I said, I use them to fool ticket cameras and that is not illegal.

                  reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 6 Jul 2019 @ 11:40am

              Re: Re: The usual advice

              I also have a secure wiping toll that deletes evidence good enough where authorities would never be able to determine it was ever used.

              Once I have used it and reinstalled windows and all my programs, they would not be able to determine that I used it.

              These tools wipe the hard disk to be as blank as the day is was manufactured, making it impossible to determine it was ever used.

              Wiping tools have gotten better in the face of sarbanes oxley in.the USA and "perverting the course of justice" laws in Britain

              And Nevada does have any state level laws like SoX, so no Nevada laws broken in wiping out evidence on a hard disk.

              reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 3 Jul 2019 @ 1:27pm

    Its's Good vs Evil

    OOooOOooOOooo... scary Halloween stuff...

    It's so much better when you can live in denial. US CBP copies all your files, too., but they don't leave Texas Chainsaw Massacre icons hanging around, so that you can pretend they didn't offload your sexual proclivities.

    Besides, US CBP has only our best interests at heart. Who knows what that evil, grabby Chinese government is planning to do with my files? Probably outsource them to some evil mega-corporation. US CBP would never do something like that.

    AAG?

    reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 3 Jul 2019 @ 2:13pm

      Re: Its's Good vs Evil

      reply to this | link to this | view in chronology ]

      • identicon
        RacksOnMe, 4 Jul 2019 @ 4:30pm

        Re: Re: Its's Good vs Evil

        You keep linking this but it doesn't make the point any less valid. Media loves to focus on China's surveillance while ignoring that the West does a lot more data gulping. Check out the Five Eyes.

        reply to this | link to this | view in chronology ]

      • icon
        Coyne Tibbets (profile), 5 Jul 2019 @ 9:53am

        Re: Re: Its's Good vs Evil

        That is a hilarious rejoinder given that that's what the article is basically doing. It even tactitly admits that in the next-to-last paragraph:

        But what it's doing isn't necessarily unusual. The same tech and programs are in use in freer countries, limited only by built-in protections these governments can choose to amend or excise almost at will.

        So..."freer countries do this...but what about China?"

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Jul 2019 @ 11:18am

          Re: Re: Re: Its's Good vs Evil

          i know. no one is allowed to talk about china or whatever, just the US \ your personal pet interest. thanks for the reminder.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Jul 2019 @ 5:58am

        Re: Re: Its's Good vs Evil

        Whataboutism: Used to dismiss comment when comment is not likely to be hidden

        reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 3 Jul 2019 @ 1:38pm

    Do you think..

    ANY NATION, should kowtow to any other?? NOPE.
    Might take some fundamental ideals, and change abit/alot.

    But Never Kowtow..
    Except the USA which loves its corps to the point we willbend over and let them treat us as Slaves 90% of the time. And we even Help our corps Slowly take over the world, as they demand other nations to Become as bad or worse then the USA..

    This is SOP for China, they Love to control things and know whats happening. And HK, is 1% of the nation, and partly independent. Its Corp central, for China to get into the market of everything.
    The USA, EU, Australia, are all looking at using the Net and Modems to watch and track out people, so what China is doing, is nothing NEW.

    reply to this | link to this | view in chronology ]

  • icon
    K`Tetch (profile), 3 Jul 2019 @ 1:40pm

    potential for a Granny weatherwax

    while they're sideloading, one does have to wonder what hte potential is for it to be turned back on them, either by

    a) killing the program and running a fake version which says 'all clear" (possible)
    b) expanding on the practice that you NEVER plug in random USB devices (there are USB killers, just put it in the port of a phone that you charge wirelessly)
    c) Weatherwaxing them (taken from this bit of the Discworld novel 'Carpe Jugulum' - “You wanted to know where I’d put my self,” said Granny. “I didn’t go anywhere. I just put it in something alive, and you took it. You invited me in. I’m in every muscle in your body and I’m in your head, oh yes. I was in the blood, Count. In the blood. I ain’t been vampired. You’ve been Weatherwaxed. All of you. And you’ve always listened to your blood, haven’t you?”
    Extremely hard to do, but possible and could really bite them on the backside. would require details of what they're using to sideload though.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Jul 2019 @ 9:03pm

      Re: potential for a Granny weatherwax

      Or you just don't keep files on the device, but keep them stored elsewhere.

      When I have gone on road trips to Mexico, I have kept all my files on my home computer, and never anything on my laptop, where the files can only be accessed if logged into my network via VPN.

      My computer in my apartment is not subject to border searches, only the devices I take in or out of the country, at least in the USA.

      They cannot force you, to, say, log onto your office VPN.

      reply to this | link to this | view in chronology ]

      • identicon
        R,og S/, 6 Jul 2019 @ 2:08am

        Re: Re: potential for a Granny weatherwax

        “whoever they are ”

        NSA, FBI and DHS and their flying monkeys in the private security sector routinely perform black bag jobs on targeted citizens who do what you recommend-leaving the laptop at home.

        One of their favorite calling cards is to leave the "broken LED screen " prank behind, and lick you out of your log in screen after they DL your docs.

        So...who are your "they ” these days?

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jul 2019 @ 5:03am

    Back up your phone, do a reset enter country x.
    after a 1 day do another reset.
    When the nsa taps cables, records emails and txt messages ,and browsing data in the usa ,it makes it hard to for the usa to criticise other countrys
    surveillance of anyone.
    Also nsa policy seems to be we can get any data we can or monitor
    any person outside america including our allies government officials
    and civil service staff.
    its very easy to wipe all data from a chromebook ,
    and use it as a basic laptop during a visit to a foreign country .
    Australia have new laws which make it legal to monitor all txt email
    and web browsing data from anyone if the security services deem it necessary for
    the protection of the state from terrorists or any other bad actors .

    reply to this | link to this | view in chronology ]

  • identicon
    R,og S/, 6 Jul 2019 @ 1:28am

    Re:tired trope

    In other news, Chinese visitors to Guantanamo torture camps, US prisons, or Abu Ghraib at the height of the Iraq Exploitation were /are non -existent.

    Wawawawa, so: a country solves its problem of troublesome religious fanatics and meddlesome, exploitative outsiders from fake news services and mysterious NGOs with an app that eliminates both exploitative outsiders AND fake NGOs from causing trouble.

    And: I didnt see too much complaining here at TD about how Israel continues its inhumane treatment if Palestinians either, over the last decades.

    Dont kid yourself, the US democratic experiment is now a dismal failure, thanks to those who cried the loudest for security -and those people -whoever "they ” are, have their feet in China, and the Uighur problem too.

    Meanwhile, back in reality, the shaokao in the Xinjiang region is fabulous, often served under bright signs with mosques on them, by guys with beanies; and actual tigers feet, and (fabulous ) saffron from Iran and India travel by the jin in the backpacks of the minority peoples who, as long as they focus on commerce instead of Abrahamic shit religion dont get hassled.

    reply to this | link to this | view in chronology ]

  • icon
    GHB (profile), 6 Jul 2019 @ 10:07am

    They have done it again

    Remember IJOP (see here: https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-poli ce-mass-surveillance )? It stands for Integrated Joint Operations Platform. It was a chinese spyware app for any muslims and such forigners entering china to be required to have this surveillance camera installed on your phone.

    reply to this | link to this | view in chronology ]

  • identicon
    Ron Ludwig, 8 Jul 2019 @ 9:44am

    How

    ... does one remove the software once one has left China? Do border agents remove the software using a code as you leave the country? Otherwise, why not just delete it once you reach your hotel?

    reply to this | link to this | view in chronology ]

  • icon
    bhull242 (profile), 9 Jul 2019 @ 1:43pm

    Not helping

    While I am aware that there is no evidence behind claims that Hwawei is spying on behalf of the Chinese government, and Hwawei doesn’t have any real connection to this issue, a lot of people are probably going to use this as “evidence” that Chinese tech companies like Hwawei are going to spy on Americans using their services and turn that info over to the Chinese government. Not that our telecom companies never do the same for our governments, but still, this isn’t helping.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.