This module should be short, introducing the problem with a video, and open a
discussion with students about full disk encryption and strong password protection.

Prerequisites

Threat modeling

Estimated time

20 minutes

Objectives

  • Upon successful completion of this lesson, students will be able to analyze the risks associated with device password strength, as well as full-disk encryption
  • Students will be able to identify software they can use to encrypt their devices.

Why this matters

If someone gets ahold of your device, copying its data is straightforward without proper device encryption. However, particularly when traveling overseas or attending protests where devices may be seized, it's important to recognize the potential use of forensic tools designed to crack seized hardware, and mitigation techniques.

Homework

(None)

Sample slides

Device protection (Google Slides)

Activities

Watch this short video on breaking into phones with password "brute forcing" hardware: "How did the FBI break into the San Bernardino shooter's iPhone?"

Questions for discussion

  • Do you have anyone in your life who you'd like to keep out of your phone? Who comes to mind?
  • What might you do to mitigate against this kind of attack?

    Note: This question is intended to get students to think about stronger passcodes that can make many of these attacks impractically expensive. Likewise, given their threat model, they may make a determination about how realistic it is for someone to break into their device, based on who they are and their capacity.