[HN Gopher] NSA Mobile Device Best Practices
___________________________________________________________________
NSA Mobile Device Best Practices
Author : asix66
Score : 122 points
Date : 2021-07-28 14:01 UTC (5 hours ago)
(HTM) web link (www.documentcloud.org)
(TXT) w3m dump (www.documentcloud.org)
| sandworm101 wrote:
| Defense links for anyone on government systems that might not
| have easy access to documentcloud.
|
| https://media.defense.gov/2020/Jul/28/2002465830/-1/-1/0/MOB...
|
| Corresponding NSA document for OCONUS (travel outside continental
| US)
|
| https://home.army.mil/stewart/index.php/download_file/view/1...
| derefr wrote:
| > Do not charge your devices by connecting them to charging
| stations, computers, televisions, DVRs, etc. Use only issued
| chargers or those acquired with sufficient OPSEC.
|
| I'm surprised the government/military does not issue its
| employees USB condoms to obviate this worry.
| dsr_ wrote:
| Same reason people treat internal email as insecure: you get
| used to the convenience, then one day you reply-all to an
| outside address. In this case, you get used to using public
| chargers with a condom and one day you forget the condom.
| johnchristopher wrote:
| Well, considering all those restrictions and how it's still not
| secure enough anyway how long before the recommendation will be
| "Don't use your smartphone. Use the landline phone in your
| office" ?
| necheffa wrote:
| Because land lines are super secure and no one has found out
| how to tap the line from a switching station?
| baybal2 wrote:
| One problem with both Android, and Ios: impossible to disable
| automatic previews
|
| Send yourself a link by SMS, or some popular messenger like
| Whatsapp.
|
| Your phone will automatically make you a browser page preview,
| and in the process run every browser exploit available.
|
| Google added an extremely well hidden option to disable it it
| Messages few versions ago. Since there is no way to be sure
| Google does not remove it, and add some kind of another autoplay
| like feature in the future, I just replaced the SMS app
| altogether to one which does not peek into my conversations
| https://play.google.com/store/apps/details?id=com.simplemobi...
| (google straight tells they can get a copy of your SMSes as per
| their disclaimer if you use Google Messages for "improving
| service")
| Hackbraten wrote:
| No idea how Android does it but Apple has recently moved
| message parsing and preview generation into a heavily sandboxed
| process.
| jvanderbot wrote:
| Sounds like we need a more secure messenger app?
| baybal2 wrote:
| We need, but making a default SMS app straight sending your
| texts to Google.com by default, and making it very hard to
| disable for a technically illiterate user is beyond
| unethical.
| motohagiography wrote:
| Annoyingly, putting your device in a shielded evidence bag
| without turning it off can cause its various radios to franticly
| seek connections and even amplify their signals until they
| completely empty your battery.
|
| Useful to have if you are curious about protests or concerts and
| other gatherings of people with a significant criminal element
| who could get your IMEI stingray-ed and then palantir-ed.
| Arrath wrote:
| I usually change my phone to airplane mode for long drives or
| hikes through signal-less wilderness, otherwise they'll thrash
| around searching frantically for signal until they drain the
| battery outrageously fast. It's really quite annoying.
| duxup wrote:
| I worked for a company where we sent folks onsite to very secure
| sites.
|
| Nothing electronic EVER arrived at the facility or left with you
| when you left the facility that wasn't accounted for. Nothing
| that ever entered that wasn't needed, NO phones allowed ever. You
| and your vehicle were searched on arrival and exit. We went
| through a lot of laptops...
|
| With the complexity of hardware / software involved, I suspect
| that's the only way.
| bottled_poe wrote:
| Kinda surprised biometrics are recommended. I've always thought
| passcodes were more secure - particularly as the data is not
| easily accessible by interrogators for example.
| nonameiguess wrote:
| It says to protect your lock screen with a password, and
| _additionally_ protect minimally sensitive data on an already-
| unlocked device with biometrics for convenience.
| WrtCdEvrydy wrote:
| Biometrics are recommended if the data is not classified.
|
| Remember this is for people working on sensitive information.
|
| This is what the NSA's original mission was, to keep people
| safe and strengthen the American defense posture from the
| single person up to the entire infrastructure that we rely on
| day-to-day. The mission has shifted to offense after 9/11 so
| there's conflicting goals here (can't patch something we're
| using against the bad guys)
| nojito wrote:
| NSA was always about offense and is strictly for
| international offense.
|
| The only shift after 9/11 was getting the three agencies to
| actually talk to each other.
| vajrabum wrote:
| It says on their mission statement that they do SIGINT and
| information assurance (i.e. IT security) and there is
| plenty of public evidence that they do both. Plus they've
| been deeply involved with designing cryptographic protocols
| and equipment for the US govt for a very long time which is
| part of SIGINT but it's not the offensive part.
|
| https://www.nsa.gov/about/mission-values/
| AlexCoventry wrote:
| The NSA was created in a reorganization of US SIGINT/COMINT
| services, because SIGINT/COMINT during the Korean War had
| been unsatisfactory. Its primary mandate has always been
| COMINT.
|
| https://www.nsa.gov/about/cryptologic-heritage/historical-
| fi...
|
| > _The Brownell Committee suggested that the creation of AFSA
| could be seen as a "step backward," and recommended that the
| power of the director, AFSA, to centralize COMINT be
| increased._
|
| > _In October, Harry Truman authorized a reorganization and
| renaming of AFSA, and in November, the secretary of defense
| authorized the replacement of AFSA by the National Security
| Agency._
| sandworm101 wrote:
| >> biometrics are recommended.
|
| Maybe by the NSA. Any defense attorney will tell you otherwise.
| If your fingerprint unlocks your phone then the cops will hold
| your finger to the phone. If you face unlocks your phone then
| they will do that too. A pin/password means you retain at least
| some control.
|
| If this was an Archer episode, I'd point out that while dead
| people cannot divulge pins/passwords their fingerprints still
| work.
| derefr wrote:
| I believe they're recommending setting your phone up in a
| "lock immediately upon sleep; require password after five
| minutes" configuration.
|
| Passwords are better than biometrics for security; but
| _between_ password validations, presuming some level of
| convenience is needed, using biometrics to check that the
| same person is still there is better than "just stay
| unlocked for a few minutes even after being put to sleep".
|
| It's like HTTP Basic Auth (sending credentials with every
| request), vs. logging in, receiving a short-lived session
| cookie, and then sending that session cookie with your
| requests for a few minutes.
| hugh-avherald wrote:
| It explicitly says 'minimal sensitivity'. That basically means
| the threat vector is "I left it at the cafe."
| CompuHacker wrote:
| If every NSA employee has a perfect security posture, any
| adversary is going to have to take more extreme measures to get
| information. Better to let them have the occasional un-updated
| iPhone.
| twox2 wrote:
| I went to a legal presentation at Defcon a couple of years back
| where they said that the government needs a court order /
| warrant in order to force you to tell them your password, but
| if you're using biometrics, they can just force you to touch
| your finger to your phone or scan your eyes without it. It's
| some legal loophole.... so in that respect I think passwords
| ARE more secure.
| ne9xt wrote:
| Smart, but there is a way to force your (faceid/touchid)
| iphone to require your password by holding the power button
| to get to the "slide to power off" screen.
| panzagl wrote:
| Presumably NSA employees are not using their phones for
| illegal activities, so they should not be in a situation
| where a court will order them to unlock their phone.
| greggturkington wrote:
| A defendant was compelled to use their face to unlock their
| computer in a recent case (2021) [1]. The reasoning given by
| an analyst:
|
| > requiring a defendant to expose his face to unlock a
| computer can be lawful, and is not far removed from other
| procedures that are now routinely approved by courts, with
| proper justification: standing in a lineup, submitting a
| handwriting or voice exemplar, or submitting a blood or DNA
| sample
|
| Contrasting the logic used by a judge in a similar case in
| (2019) [2]:
|
| > If a person cannot be compelled to provide a passcode
| because it is a testimonial communication, a person cannot be
| compelled to provide one's finger, thumb, iris, face, or
| other biometric feature to unlock that same device
|
| Ars has a summary of more cases [3]. It looks like in several
| instances state courts allowed the devices to be unlocked
| using biometrics, but the rulings were reversed at the
| federal level. In many cases a warrant was required.
|
| 1. https://archive.is/i2Bx9
|
| 2. https://archive.is/px2Qz
|
| 3. https://arstechnica.com/tech-policy/2020/06/indiana-
| supreme-...
| mikewarot wrote:
| Why do people need smart phones, really? The only time they come
| in handy is for driving directions.
|
| It turns out my Samsung candy bar phone with no camera, GPS and
| internet leads the way in security.
| CabSauce wrote:
| Why stop there? You can't get hacked if you don't have
| electricity.
| lovelettr wrote:
| You must work at my company's cyber security team. They're
| convinced that the safest stuff is when that stuff is never
| allowed to exist in the first place. Which is probably true but
| in my opinion misses the point.
| vajrabum wrote:
| Why do people need computers, really? A smart phone is a small
| portable computer with a phone built in. Maps is one of the
| types of apps that most people use but it's not the only one.
| Email, social media, text messaging, note taking, audio and
| video recording, a camera, a compass, pedometer, access to
| cloud file storage, reading apps like nook or kindle are a few
| of the apps that I use regularly on my phone in places where a
| laptop or even a tablet wouldn't be inconvenient or impossible.
| aasasd wrote:
| Sorta have to wonder if it's safe to open that pdf locally--the
| site doesn't quite work on the phone.
| maerF0x0 wrote:
| I'm curious if anyone has any leads/stories on compromised 3rd
| party devices? Would love to learn more about detecting these
| things. Like say a USB charging brick that also attempts malware
| or a keyboard etc?
| Arrath wrote:
| Is there much that can be done to detect them? I know they're
| for sale for pen testing and what not, but I've never seen much
| in the realm of preventing or protecting against them.
| maerF0x0 wrote:
| I've thought about somehow creating a raspberry pi that sits
| between usb devices and snitches on data transfer that is not
| expected? It could be really hard to do, and probably easy
| for a device to mask (only attempt attacks when other file
| operations are happening)
| ARandomerDude wrote:
| > Power the device off and on weekly.
|
| Thoughts, HN? I can see how this might be good for performance,
| but how is it good for security?
| a5withtrrs wrote:
| Running your malicious actions without writing to disk is a
| very effective way of bypassing a lot of security and forensics
| technologies.
|
| As soon as you make changes have persistence you have proof and
| some operators are not oaky with that.
| whoisjohnkid wrote:
| a lot of exploits deliberately avoid persistence as an extra
| layer of protection from detection. Since most folks rarely
| restart their phones these bugs can live on your phone until a
| restart. So by restarting your phone on a weekly basis you are
| potentially wiping out memory only infections.
| quenix wrote:
| Another explanation is the hardware root of trust. On iOS,
| for example, hardware root of trust in a separate physical
| security processor validates all code in a chain. An exploit
| cannot gain persistence across a reboot unless it has access
| to the private signing keys of Apple
| necheffa wrote:
| I highly doubt this is as complicated as persistence.
|
| 1) even on mobiles you still get the occasional webview or
| other core library update and need to reboot to complete the
| patch.
|
| 2) modern versions of Android use per-file encryption.
| Periodically rebooting flushes unencrypted buffers.
| shiado wrote:
| There is a whole category of potentially exploitable bugs that
| result from programs simply running. Slow memory leaks,
| floating point precision loss, and integer overflows to name a
| few. But this is more likely about clearing caches.
| Hackbraten wrote:
| It's to get rid of exploits that have no persistence.
|
| For example, your running kernel space may be compromised but
| your on-disk kernel image may be still pristine due to a
| secure boot chain. That's why rebooting can help remove such
| exploits.
| timpattinson wrote:
| It's possible to have a security exploit which can compromise a
| running device, but is not able to make itself permanent across
| restarts (e.g. changes programs in RAM but not in flash)
|
| That's my best guess.
| gruez wrote:
| Concrete example: all the recent ios jailbreaks (aka sandbox
| escape and/or EoP exploits) are tethered, which means they're
| undone/reset after a reboot.
| [deleted]
| alex_anglin wrote:
| Makes it harder to maintain persistence on the device, I
| believe. Whether it solves the problem in question is another
| matter.
| beermonster wrote:
| This is a good tip to avoid persistence. Lots of exploits won't
| survive a reboot and so the target would have to be exploited
| again.
| runjake wrote:
| beermonster has it right.
|
| For a very recent example of this, see the NSO Pegasus
| scandal from the past couple of weeks.
|
| A reboot "unloads" the malware (until the adversary sends
| another payload, anyway.)
| barcoder wrote:
| Having recently switched to iPhone I have been very surprised at
| finding my wifi and Bluetooth automatically turning on. There
| could be a better way, but I had to create a shortcut to disable
| connectivity until I manually turn it back on
| billbrown wrote:
| If you long-press the icon in Control Center, it brings up a
| panel that allows you to turn Wifi and Bluetooth entirely.
|
| In general, try long-pressing everything: there's generally
| shortcuts or "power moves" afterwards.
| nofunsir wrote:
| Are you sure? This is not the case in the latest iOS. Long-
| pressing the icons in Control Center offers a wider view and
| access to hotspot and airdrop settings. Pressing either WiFi
| or Bluetooth from this second menu has the same effect as the
| icons on the first page, (you can inspect settings afterwards
| and see it's still "off until tomorrow") and further long
| presses on the second page icons only let you choose which
| WiFi network or Bluetooth device to connect to.
| markn951 wrote:
| They're not automatically turning on if you're "turning them
| off" from Control Center. Those buttons just temporarily
| disable them (and state that clearly when you do so). The only
| way to actually turn off Wifi and Bluetooth is to go into
| Settings and turn them off there.
| MAGZine wrote:
| "Clearly" it's not as clear as you think it is.
|
| On android, if I turn bluetooth off from the quick access
| menu, it stays off--which is what I expect.
| marcellus23 wrote:
| Can't get much clearer than text that says "Disconnecting
| nearby wi-fi networks until tomorrow."
| bkallus wrote:
| But that same button used to be a permananent toggle, and
| now there is no way to restore the (better) old behavior.
| Another instance of Apple thinking they know better than
| their users.
| marcellus23 wrote:
| You are not everyone. Just because _you_ think it 's
| better doesn't mean it actually is. Most of the time when
| I want to disconnect from Wifi, it's a temporary measure
| because the network I'm connected to is slow or dead. I
| imagine it's the same for many others.
|
| Apple is notoriously allergic to putting toggles for
| every little thing, and that shouldn't be a surprise to
| software developers. We all know every user-configurable
| setting increases complexity.
| howaboutnope wrote:
| > We all know every user-configurable setting increases
| complexity.
|
| They can also mean the difference between a tool and a
| toy or even worse, a slave collar.
|
| One of the good practices in programming is to not
| hardcode things. Where that is followed, often the
| hardest part about configurability is the UI for it,
| since under the hood it's already determined by a bunch
| of variables anyway, and it's mostly a matter of exposing
| them nicely to the user.
|
| Besides, it's way more complex to have a timed toggle
| than just a toggle.
| marcellus23 wrote:
| > a slave collar
|
| for real? because you have to go into the Settings app to
| turn off wifi permanently? Sometimes you people are
| delusional.
| howaboutnope wrote:
| "you people" -- you don't know the first thing about me.
| And this argument to excuse to treat adult consumers like
| infants, and use the people that don't mind as the
| measure all other adults have to reduce themselves to, is
| used for a lot more than just a wifi toggle.
| mixmastamyk wrote:
| If you want to have a disconnect button, add as another
| button choice to the panel. Even make it default. But the
| original button shouldn't have been broken with no
| recourse.
|
| Not to mention, some brief wordy nearby text display in
| tiny print after the fact, is the opposite of clear.
| oauea wrote:
| Does it say that text on the button before you press it?
| Do you have a screenshot?
| deelowe wrote:
| https://imgur.com/a/zk382Wl
| asix66 wrote:
| It does indeed say, clearly, "Disconnecting Nearby Wi-Fi
| Until Tomorrow" [0]
|
| [0] https://ibb.co/kJ59LCN
| mixmastamyk wrote:
| That's afterward.
| unethical_ban wrote:
| It's different than Android, and different from itself pre-
| iOS13. It is a new behavior that cannot be toggled.
| mixmastamyk wrote:
| Also the BT is often turned on after an update. I know this
| because I've never ever used it, therefore never had it on
| purposely.
| cygned wrote:
| They do that in order to allow accessibility devices to
| connect for disabled users, I've been told.
| J253 wrote:
| This is one of the nice things about shortcuts. I created a
| shortcut that will turn off wifi and Bluetooth. You can then
| add an icon to your home screen to run the shortcut and boom.
| Both are actually turned off...not just disabled for 24
| hours. I also have a shortcut to turn them back on when I
| need them.
| snarf21 wrote:
| As much as I prefer iOS to Android, this is my biggest pet
| peave. They way they are so aggressive with bluetooth and wifi
| is annoying. I hate that they don't even go through DHCP most
| of the time and just assume that last known IP is still
| available, all to "help it connect quicker". Just get your own
| IP because having to toggle wifi on multiple devices is way
| slower and annoying. I get that AirDrop and FindMy** and other
| features require these things to work but how about just giving
| a (one-time) warning when people turn them off. Most people
| will never turn them off ever so let the subset of us who want
| them off have it work in a sane way.
| da_chicken wrote:
| > I hate that they don't even go through DHCP most of the
| time and just assume that last known IP is still available,
| all to "help it connect quicker".
|
| Oh, I forgot all about that.
|
| I worked at a K-12 that deployed Apple devices awhile back,
| and this behavior was a nightmare for network management.
| Especially for travelling teachers who would take their
| device to several different buildings throughout the day
| (and, therefore, different IP subnets with the same WiFi
| name).
|
| The worst part was that some of the devices would just...
| never emit a DHCPREQUEST. They'd either ignore the fact that
| there was an address collision confusing everyone else's ARP
| tables, or connect to the network but stick with an IP that
| had no route to a gateway. As I recall -- it's been awhile --
| even setting the lease duration to something very low didn't
| seem to help. Indeed, I think that made it worse.
|
| It was bad enough at one point that we had those devices with
| the worst behavior set up with reserved IPs and a hidden WiFi
| network that was a district-wide VLAN with a single subnet.
| fossuser wrote:
| If you turn it off via settings it stays off. The control
| center just disconnects for 24hrs.
| ThisIsTheWay wrote:
| I know its a minor inconvenience, but this is one of my
| biggest pet peeves with the whole OS. I wish there was a way
| to change the setting to actually control things with control
| center...
| billbrown wrote:
| Long press the Bluetooth or Wifi icons in Control Center
| and you can entirely disable either in the panel, saving
| you a trip to Settings.
| concernedctzn wrote:
| You can use the Shortcuts app to make a custom shortcut
| that permanently turns off both wifi and bluetooth, and
| then add that shortcut to your news/leftswipe menu to
| reduce the number of swipes/taps to get to it
| mixmastamyk wrote:
| Indeed, who even thought up such a misfeature? Much less
| made it default.
| fossuser wrote:
| It's one of those features that is more annoying for you
| or me, but useful for 95% of (less technical) users.
|
| My guess is accidentally disabling those services via
| control center was a common issue.
|
| I'd rather it be the other way, but that's probably why
| it's not.
| mixmastamyk wrote:
| I don't understand why it would ever be useful. Either
| you want it on, or not. Imagine if your mute button
| decided to reset every now and then. Pause button, or
| flashlight?
|
| Basically nothing else works like that.
|
| In fact figuring out how to turn off wifi with the
| combination of Airplane mode and wifi button just about
| blows my mind every time I try. So complicated.
| fossuser wrote:
| You're in a user bubble.
|
| Imagine you're not good at using computers. I've seen
| people accidentally turn on do not disturb and be unable
| to figure out why their phone isn't ringing so they think
| it's broken.
|
| We are in a small minority of 'power users' - iPhones
| have hundreds of millions (billions?) of users across the
| entire world.
| mixmastamyk wrote:
| That's happened to me. I had to google it, turns out
| there's a physical switch I never used on the side of the
| phone that enables it and pushed accidentally.
|
| IMHO, these are not good excuses to avoid a clear
| interface. If the rules are simple and clear, and
| presented clearly, even the dumbest of the dumb can learn
| them. Trying to guess and out-think the user only ends up
| in more confusion.
| fossuser wrote:
| I think we're mostly in agreement?
|
| When you disable wifi/bluetooth via the control center,
| pop-up text appears saying exactly what that means. I'm
| not sure how they could make that more clear. It still
| may not be your (or my) desired default, but I at least
| understand the reasoning.
| mixmastamyk wrote:
| Tiny, wordy, brief text after the button press is not
| what I'd describe as clear. If you need to add "comments"
| to a (now three-state) button, it's a sign that the
| interface needs work.
|
| It's extra complexity in the form of rules added to what
| was previously a simple to understand toggle button. That
| it goes against historical norms, reduces privacy, and
| wastes a bit of power is the icing.
| nojito wrote:
| You can disable it from the settings app.
|
| The icon in the swipe up control center is for temporarily
| disconnecting it...which it literally tells you when you click
| it.
| [deleted]
| jeffbee wrote:
| Surprised they go with "DO NOT" connect to wi-fi, but just
| "avoid" attaching untrusted hardware devices. That seems
| backwards.
| jvanderbot wrote:
| "Avoid jumping off cliffs" does not mean that occasionally it's
| ok to jump off cliffs.
|
| Is the surgeon general's advice "Pregnant women should avoid
| alcohol" unclear?
| jeffbee wrote:
| The U.S. Surgeon General's mandatory warning for alcohol
| states "women should not drink alcoholic beverages during
| pregnancy because of the risk of birth defects." It does not
| use the word "avoid".
| jvanderbot wrote:
| Well I asked for that.
|
| Here's a long list of scholarly articles that use "Avoid
| Alcahol" when stating or re-stating health recommendations
| from various countries.
|
| https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=wom
| e...
| bamboo2 wrote:
| Problem with this: keep your phone with you always conflicts with
| don't have secure conversations within mic range of your phone.
| You can't do both of these.
|
| But otherwise this is great and I would probably add "reset and
| replace devices often."
| annoyingnoob wrote:
| We have lockers to secure phones when you can't take them with
| you.
| sandworm101 wrote:
| The rooms where you can have secure conversations will have a
| bank of tiny lockers outside the door for phones/keys.
| wycy wrote:
| Usually, but not always. I've been to rooms that don't have
| this and there's just a pile of phones sitting outside.
| godelski wrote:
| Are lockers really that secure? Similar documents advise
| against leaving laptops in hotel rooms or cars, even if
| locked, because they are easy to get into. I imagine a locker
| is not hard to break into. Small locks can be picked in a
| second or two by people with practice, which does not look
| different than retrieving your own phone.
| sandworm101 wrote:
| The lockers are just so you have a place to put your phone.
| They are not secure in any way. Using a keyed locker just
| ensures you don't pick up someone else's phone by accident
| after the meeting. Remember that secure rooms live inside
| secure buildings, usually inside a secure facility with a
| fence and guy standing at the gate. And the guy has a gun.
| dragonwriter wrote:
| > Using a keyed locker just ensures you don't pick up
| someone else's phone by accident after the meeting
|
| It also prevents casual but intentional unauthorized
| access, just not a determined attacker.
|
| As you note, there are other layers of security for that.
| hereforphone wrote:
| It's prohibited to bring phones into places where you will have
| these kind of conversations
| nimbius wrote:
| >Use strong lock-screen pins/passwords: a 6-digit PIN is
| sufficient if the device wipes itself after 10 incorrect password
| attempts.
|
| im calling BS. NSO and others have demonstrated repeatedly they
| can (and do) bruteforce these pin based logins quickly and
| efficiently without triggering the wipe using sidechannel attacks
| on running services and software over the air and through USB.
| use a PASSPHRASE.
|
| >Consider using Biometrics (e.g., fingerprint, face)
| authentication for convenience to protect data of minimal
| sensitivity
|
| remember: the fifth amendment does not cover biometrics . if a
| DUI case can forcibly extract your blood, then you can and will
| be required to present your face to unlock a laptop. use
| passphrases.
|
| >DO NOT jailbreak or root the device.
|
| this often allows people to remove pre-installed spyware just as
| easily as it can be installed.
| spurgu wrote:
| > remember: the fifth amendment does not cover biometrics . if
| a DUI case can forcibly extract your blood, then you can and
| will be required to present your face to unlock a laptop.
|
| On the iPhone theres a neat trick: If you seem to be in a
| situation where you might be forced to hand over your phone
| (and unlock it with bio), hold down the power button for a
| second or two (secretly/inconspicuously in your pocket or
| wherever your phone is). This will disable fingerprint
| unlocking and you will be forced to enter PIN.
|
| Doesn't seem to work on Android (11 at least) though.
| dragonwriter wrote:
| Android doesn't have a stealthy way to do it without powering
| down, but you can either activate lockdown mode, reboot, or
| power down and the next access will require PIN, not
| biometrics.
| 29083011397778 wrote:
| I'd imagine it varies by OEM, as my BlackBerry KeyOne gives
| me the option to "Lock Now" when I hold the power button for
| 2 seconds. It does actually lock out biometrics, as I've
| tested it previously.
| hiq wrote:
| > Doesn't seem to work on Android (11 at least) though.
|
| I'd hold the power button a bit longer and turn off the
| device altogether. Granted, not as convenient.
| ajdecon wrote:
| I've seen most of these recommendations before, but the "mic-
| drowning case" to muffle room audio is new to me. Certainly makes
| sense, but are there any common commercial phone cases that
| advertise this feature?
| spacephysics wrote:
| I would also like to know. I've only found phone cases that
| hide the camera via a slide or flap.
|
| Ideally I'd like both the mic and camera cover
___________________________________________________________________
(page generated 2021-07-28 19:02 UTC)