JamesBrickley

Physical access to any device would result in potential exploit. If one were to hand over a device to law enforcement or especially border control and received it back, you should immediately reset the device via DFU mode and set an entirely new strong passcode.  I wouldn't even unlock it, I would shut it off and connect it to a computer in DFU mode then wipe it and re-download and install the signed operating system. Then restore backup from the computer.  Previous backups being made regularly to the computer and not iCloud as your iCloud backups are not encrypted and Apple could supply your iCloud backups to law enforcement.  

For maximum security, don't use iCloud and especially not iCloud backups. Set a very strong passcode of 20+ characters.  If handing over to someone else disable FaceID/TouchID so only the passcode is allowed.  If they give the device back, you either destroy it or DFU wipe and restore the OS and restore a local encrypted backup.  

If traveling across nation state borders either don't bring your primary device or bring a burner you can discard. They may demand you unlock the device so they can inspect / image it. Border security laws are drastically different than normal law enforcement. They may seize your device. The US, Australia and New Zealand have highly invasive demands.

But the truly paranoid will simply go off grid.  Zero electronics whatsoever.  Your smartphone is constantly broadcasting unique identifiers over cellular, wi-fi, bluetooth, or NFC and you can certainly be tracked. When you see that COVID-19 map of those cell phone users on the Daytona FL spring break beach and each device was tracked back to their homes across the country.  That should open ones eyes that metadata is extremely valuable.  Many retail stores are tracking your movement through the store by using these broadcast identifiers and if you pay with a credit card or store card or use a membership card they tie all that data together and identify you.

The encrypted data stores on an iPhone contain far more detail that never leaves the device.  But Android phones send all that data back to Google.  Notice how Google is not being hounded by the DOJ only Apple.  The most sensitive privacy data is kept on the device and as such Apple is providing the highest level of privacy at this time. 

In many cases these Grayshift articles are not explaining the details such as the latest model iPhones not being vulnerable but because there are so many older models these devices are still viable for law enforcement.  When the DOJ mentioned that latest crack against the terrorists iPhones they mentioned that the technique used already doesn't work on the latest models.  That might have been a reference to the hardware flaw that Apple fixed after the iPhone X that was the beginning stage of a jailbreak.  The Grayshift device has found some way to side-load a hidden App that breaks the rules sandboxed apps normally follow.  It's possible the device is indeed jailbroken.  Some Apps such as BlackBerry Work among others will detect the jailbreak and cease functioning as well as destroying the encrypted corporate email storage. Most MDM managed devices would also report on a jailbreak and an MDM administrator would then remotely nuke the device for security purposes.  

If a device leaves your possession you can no longer trust it.  This has always been the case.  

Pretty sure AT&T had this problem years ago with their offshore call centers.  Reps were being bribed to unlock stolen iPhones. Enormous black market for theses stolen devices. They end up overseas. 

One would think they would be monitoring the reps unlocking large numbers of iPhones.

Cellebrite's previous exploits used USB via Lightning cable to brute force the passcode (4-6 digit PIN).  Then Apple disabled USB access unless the user trusts it. Now they say they can get around that and they already got around the erase after 10 attempts restriction.  It would be possible for Apple to alter iOS 13 either during this beta cycle or with a dot release soon after.  Setting a very strong password instead of a 4-6 digit passcode is recommended.  I mean using 16-20 characters or more using upper/lower/numeric/symbols and not containing dictionary words. A really good password will cause brute force attacks to likely fail even for the fastest computers.  You can then use TouchID/FaceID most of the time.  You can also engage emergency mode and that will lock the device or turn it off/reboot it.  Going through US or Australian Customs you may be asked to unlock your devices.  The devices can be seized if you refuse and you may not get them back any time soon if ever.  So what's a savvy person to do? Well with an iPhone that is iCloud backed up using a strong iCloud password and multi-factor authentication.  Well, you wipe your iPhone and setup as new. Give it a simple PIN and perhaps text a few people, etc.  Don't login to iCloud.  Then hand it over and give them the passcode.  When you get it back, connect to wifi and restore your backup.  Yes, it is a pain in the arse but it may be necessary.  Otherwise do not travel with your laptop and smartphone.  Buy a burner.  Already do that when going to China, Russia, etc.  Just too risky.  

It is obvious that Cellebrite will continue it's pursuit and may already have many zero day exploits in it's bag of tricks waiting to be implemented only one at a time as Apple closes the loopholes.  Their entire business model depends on it.  That is also why their products are so insanely expensive and have moved into a subscription model.  One day it will all stop working, they need the money for R&D which is not cheap.  

You can thank Snowden for releasing the knowledge that pretty much all mobile phones and most computers were hackable by the NSA.  Once word got out all the manufacturers and operating system providers started patching the zero day exploits.  Not to say that ALL communications and transportation are not monitored already.  If not actual data being intercepted at the very least, metadata is being collected which is almost as valuable.  Traffic cameras, license plate readers, vehicle GPS, mobile device GPS, cellular tower connections, Internet backbones, international phone trunks, email, SMS, all digital financial transactions, etc., etc., etc.  You can go fully dark with technology and hide in the woods but then you are seen on satellite.  This is the world we live in.  Just make sure the bad guys don't abuse it. Already happening in China and Google is helping them build it.  Obama's admin opened up access to the NSA systems to multiple agencies to the point that FBI contractors were running queries and unmasking US Persons (normally redacted by the NSA).  All this is starting to be investigated because these tools were never allowed prior to 9/11.  The addition of the FISA courts was to get a warrant to allow spying on US Citizens on US soil.   Except, the NSA has been doing it for decades they just weren't allowed to use it directly.  They might know a spy was operating and they could track that person, etc.  But they would have to do something like make an anonymous tip to the FBI, etc.  But now, it's almost wide open and there is serious evidence it's been abused.  It will all hit the fan in the next year if there is any hope of actual justice in this world.

You are only paranoid if they really are not out to get you.

The event was rather lame.  But we aren't the target audience.  Hollywood and TV Networks were the target.

http://waytools.com/ is going to stomp all of these keyboards!  I have a TREG testing model and it is absolutely the bomb. It is a real product not vaporware and I've spoken with the man behind the company and he cares a great deal about getting it right.  It has been delayed a long time but all the major issues have been resolved and they are tweaking the firmware and seem close to release.  It is so dang good, it replaces all my keyboards across all devices.  It folds up much smaller, is very light weight and the battery lasts weeks on a charge.  It features their own butterfly design that uses magnets instead of springs.  Magnets hold it together and allow it to fold up.  Magnets also hold the USB charger on. There is a larger throw to the keys than any of the Apple butterfly designs with better tactile feel. It isn't as clacky either although it does make some noise.  It does require you to be a touch typist and there is a learning curve but it is very well thought out as well as having an App to completely customize it.