Physical access is the process by which an adversary physically accesses an electronic device in order to access its data or compromise it.
Notable examples of electronic devices that an adversary can physically access include:
- Computers, phones, and storage devices (e.g. hard drives, USB sticks, SD cards).
- Printers, cameras, “smart” TVs.
- Vehicles. For example, navigation systems[1] in modern vehicles can store records of the vehicle location.
If an adversary physically accesses a device, they can:
- Read the device unencrypted data, or its encrypted data if it is turned on (and therefore its encryption is not effective).
- Compromise the device with malware.
- Compromise the device with a hardware keylogger[2].
An adversary can physically access a device:
- During a house raid or a covert house visit.
- After arresting you if you have the device on you.
- During a border control.
- Through an infiltrator or informant that has access to the device.
Used in tactics: Incrimination
Mitigations
| Name | Description |
|---|---|
| Computer and mobile forensics | You can use computer and mobile forensics to detect when a device has been physically accessed by an adversary. |
| Digital best practices | You can follow digital best practices to mitigate the risk of an adversary physically accessing your digital devices. For example, if you are going to an event or demonstration and you think that you could be arrested, you should not take your phone with you. |
| Network map exercise | An adversary could physically access your digital devices through an infiltrator or informant. To mitigate this, you can conduct a network map exercise to help you decide who you trust to access your digital devices. |
| Physical intrusion detection | You can use physical intrusion detection to detect when a space has been physically accessed by an adversary. |
| Tamper-evident preparation | You can use tamper-evident preparation to detect when something has been physically accessed by an adversary. |