Mobile device and account security is a puzzle for many people. There are endless resources out there, but almost all of them fail to ask that all important first question: What Hunts You? A month or so ago I had a conversation with an American who goes back and forth to Ukraine. I think you guys would benefit from seeing how this is done in fine grained detail.

Initial Inventory:

The first step is finding out what equipment and services are in use. The physical gear is typical of a road warrior. The iPhone 8 was acquired with an eye on compartmentalization.

• Older Intel Mac

• iPhone 13

• iPhone 8

Service wise they are using a large cellular carrier, which we’ll refer to as Brand X. The user had already made some purchases for the sake of compartmentalization.

• Long term post paid Brand X account funded via debit card.

• Cellular number is not concealed with Google Voice.

• Two new SIMs from Brand X’s prepaid offering funded via same debit card.

• Two one month Brand X refill cards funded via same debit card.

• Signal in use but bound to cellular number.

• No 2FA in use other than some services emailing login codes.

Threat Model:

This person is a U.S. national with no criminal history, no military or law enforcement service, and nothing else remarkable prior to their interest in Ukraine’s struggle. The nature of what they do means trips to areas just outside the combat zone.

Among their associates we find European NGOs providing service in Ukraine, U.S. and Ukrainian mil/intel contacts, contacts with one of the international legions, and some reporters.

Some possible hazards include:

• Device seizure at border crossing.

• Loss or theft of device in country.

• Geolocation based on phone number.

• SIM swap attack.

• High caliber intruders such as NSO or Gamma Group.

• Cellular number is entangled with family, friends, previous coworkers.

Suggestions:

People use their physical phone and cellular number as their digital identity, treating this information in a similar fashion to a social security number or driver’s license ID. The ONLY reason I share an actual cellular number is with services that demand it, such as financial services, ride sharing, etc. Google Voice is a hazard if one is up to no good, but if you’re not subject to a potential FISA warrant, it’s dramatically more secure than a carrier number.

Here is what I suggested.

• Obtain Google Voice for all three cellular numbers.

• Start working to replace long term carrier number with associated Google Voice.

• Obtain Google Voice immediately for the burners, never let those numbers out.

• Create Authy account using GV tied to main number, then lock all the things.

• Only test with the debit card funded burner SIMs.

• Obtain new SIMs and prepaid card using cash.

The Big Issue:

The worst problem I see here is that the Signal account is associated with the carrier number. Signal has to remain on the long term post paid iPhone 13 until that number can be retired, so that means using the iPhone 8 to host the new Signal number. We want Authy bound to Google Voice, so that goes on the iPhone 8, too. Both phones are going to be “identity devices” for some time to come. There’s no way to get the compartmentalization moving without acquiring a third phone.

Withdrawing the carrier number is going to be incremental and that means months of carrying both devices. Crossing a border with two phones is more likely to garner attention than just one. Having three devices ups the ante. Also keep in mind that iPhones have recently been subject to zero click attacks.

The immediate big improvement will be getting accounts shifted to using Authy for 2FA, that’s the beginning of a proper perimeter. Having a carrier number on an iPhone that is exposed makes me twitch a little and there isn’t an easy way to transition out of it given the scenario.

Dual SIM Solutions:

Apple supports Dual SIM with eSIM. This requires an iPhone XS or later, so it’s out of reach for the subject and I - we both have the iPhone 8. An XS or XR is about $200 refurbished. Eventually I will swap my 8 for a newer model, but not until I get a Google Pixel 8 so I can get going on GrapheneOS. I see that the Pixel 8 supports dual SIM, too.

I can see I have some reading to do in this area. Dual SIM is common internationally, but fairly rare in the U.S. from what I know of such things.

Conclusion:

Perfect is the enemy of good. Anything you can do to raise the bar for a would-be intruder is worth doing. You will need to accept that doing these things securely takes both money and time. If you have a theory on how something works, like a backup procedure, but you’ve never tested it … all you have is a theory.

And on that note, I’m going to get back to work, because that $550 Pixel 8 isn’t going to just fall out of the sky and land on my desk.