China “Hawkeye terminal” Claims To Extract data for any devices

Original: x.com/mirrorzk/status/1925110432420757616

Hawkeye-B: Digital review tool for border inspection ports

At several ports and border inspection sites nationwide, an electronic security screening device known as the “Hawkeye-B Terminal” is being discreetly deployed. Developed by CETC Institute 23, the device is capable of extracting Android/iOS chat records without needing to unlock devices, detecting VPN usage, and recovering remnants from apps such as Telegram. According to publicly released technical procurement lists from local law enforcement systems, this type of mobile forensic platform has been piloted at ports in Beijing, Shanghai, Shenzhen, Xiamen, Urumqi, and other locations.

In most cases without the travelers’ awareness, these devices have been integrated into border control operations. Compared to traditional manual searches, the Hawkeye-B boasts remarkable automation and intelligence: within minutes of a traveler’s phone connecting to the device, it can perform hundreds of fingerprint extractions and model matches to determine whether the device exhibits any potential risky behavior.

The powerful functions of Hawkeye-B

Even if you clear your chat history and uninstall sensitive software, it can still extract large amounts of data from the system residues, including:

• Recently installed/uninstalled apps (including Telegram, Signal, Tor, VPN tools)

• Telegram data directory remains, such as Android’s org.telegram.messenger cache file

• WiFi access record and public network IP mapping

• SIM card replacement history, binding IMEI related information

• Chat record keyword trigger (such as wall-blocking, USDT, outbound transfer)

These data will be automatically labeled with “risk” and uploaded simultaneously to the backend of the public security network security system, becoming part of your personal device behavior portrait

Background Technical System

The Hawkeye-B does not operate in isolation; it connects to the internal intelligence systems of the police or border control through local modules or dedicated network nodes:

• Behavior Profiling System: Models and compares the device’s operational habits and access records.
• Social Graph Engine: Analyzes the device’s contacts, group chats, and friend information to construct a social connection map.
• Risk Control Rules Engine: Uses AI models to determine whether the traveler triggers further screening logic.

The entire process is completed locally within minutes, with no need for a network connection, allowing it to advise on whether manual intervention is required.

Who Gets Flagged for Priority Scans?

According to some judicial documents, descriptions from field operatives, and technical tests, the following groups are more likely to be selected by the Hawkeye-B at entry:

• Individuals using a combination of a Chinese passport and a foreign phone number on a long-term basis.
• Those who frequently use communication tools such as Telegram, Signal, encrypted email, etc., prior to entry.
• Devices that have installed VPN tools (such as SS/V2Ray) — even if these tools have been uninstalled, they may still be recognized.
• People who frequently travel to and from Hong Kong, Macau, Southeast Asia, Turkey, and other specific regions.
• Cryptocurrency professionals (especially those involved with TRX, BNB, USDT).
• Users of privacy-centric systems or devices that employ the Tor network (such as GrapheneOS, Tails, Orbot).

The core principle behind these devices is based on system residue and behavioral pattern recognition, so simply clearing chat records or uninstalling VPNs is completely ineffective.

If you have already immigrated, make sure to disable cloud backups, clear photo EXIF data, and delete your browser history before traveling. High-risk cryptocurrency professionals who need to return to the country for visits should avoid installing Telegram, Signal, or associating Chinese phone numbers on their primary devices.

Summary

In this era where device detection precedes conversation and algorithmic decisions come before explanations, it’s imperative to adhere to the fundamental rules:

• Do not bypass restrictions illegally.
• Do not possess illegal applications or materials.
• Do not participate in cross-border capital transfers or money laundering with anonymous cryptocurrencies.
• And above all, don’t be complacent by trying to technically evade the law.
  Technology is advancing rapidly, but legal principles remain unchanged. Instead of gambling on not being caught, it’s better to avoid actions that you might end up regretting.

Sorry, the title may a bit exaggerated, but many overseas Chinese websites have reposted this post, this very true, I am very worried

Mirror Tang Original comment on X:

"No need to unlock. After plugging in, read the unencrypted areas under /var/mobile/Library/Caches and Logs directly. "

“iOS crash log network configuration picture thumbnails application installation list”

• Here is the solution I can think of:
  Before passing customs, close the USB port in GOS, erase all ESIMs, set duress password, or restore the default settings

About anyone who wants a details report: Considering that China is basically a huge black box, almost like North Korea, I don’t think there will be any report. As a Chinese, I can tell you that any real news about China needs to be published in media in other countries or in Chinese democrats overseas. If someone could speak Chinese or lived in China, you will noticed the original content is quite real, and even if the Chinese Communist authorities announced one day that all Chinese people were banned from going abroad, I wouldn’t be surprised. I posted the same content on the Privacy Guides not long ago, but because no detailed report deleted by the administrator, I hope this can stay here for a longer time. . . , I know this article looks a bit unbelievable, but i hope you guys can give some solutions than questioning the authenticity, pls

I don’t see anywhere where it claims they can extract data from GrapheneOS, only that they get flagged for priority scans. Did I miss something?

Considering that GOS is also an Android, This makes me very worried

Original: 具备无需解锁提取安卓/iOS聊天记录、识别VPN使用行为、还原Telegram等应用残留的能力.(the device is capable of extracting Android/iOS chat records without needing to unlock devices, detecting VPN usage, and recovering remnants from apps such as Telegram)

GrapheneOS is basically a hardened version of Android. It has proven itself to be capable of thwarting other data extraction services that claim “all Android phones” before, so it’s not unlikely that it could thwart this, other than being detected as GrapheneOS.

Considering the comments in the post say can crack the IOS (I think this refers to the latest version of IOS, because the post was posted today) I’m worried about GOS, even if GOS is a hardened version of Android

CETC Institute 23, the device is capable of extracting Android/iOS chat records without needing to unlock devices, detecting VPN usage, and recovering remnants from apps such as Telegram.

Compared to traditional manual searches, the Hawkeye-B boasts remarkable automation and intelligence: within minutes of a traveler’s phone connecting to the device,

This only works if your device is unencrypted. So AFU or a bad system or if you use an to weak password in your threat model.

If you for example use a Pixel 8a with GrapenOS it uses AES-256 which isn’t breakable. And even if there were security holes, its not breakable in minutes.
So if you are really worried about it. Use a long passphrase with 7 or 12 words (English, Latin and what every you want) and deactivate all other login methods (pin and biometrics).
Before you enter border control just restart your device.

Then the only thing they could do is try to bruteforce the device. All mobile phones have a antibruteforce mechanism, so lets say they could bypass any antibruteforce mechanism built into GraphenOS. Even than a 12 words long passphrase would take multiple hundreds of thousand of years.

Even if you clear your chat history and uninstall sensitive software, it can still extract large amounts of data from the system residues, including:

Because its not overwritten and so not gone.

It’s hard to make many hard conclusions given the lack of verifiable data. The PRC is an extremely capable cyber threat actor, but even still lower and mid-level CCP officials are prone to wild exaggerations.

We can’t know the real capability of penetrating smart phones presented by the system in question with the information available. However, regardless of the technical merits of this story some things remain true:

1. Don’t travel to mainland China if you are of interest to the PRC government

2. Assume any devices carried across a port of entry into the PRC will be searched, therefore do not bring a device that will get you in trouble. Only travel with a completely ‘clean’ device

And most importantly:

3. Technical solutions for phone search and seizure are pointless in a country with no due process where the government routinely employs extreme coercion to include torture or the imprisonment and execution of family members to ensure compliance.

Refer to the “I’ll hit him with a wrench” XKCD comic.

Does this article specify if this is BFU or AFU only? I’m also curious what erasing the eSIMs would accomplish. (I skimmed a bit, so sorry if that was blatantly addressed and I missed it).

It’s also worth noting in regards to your “set a duress password” advice that in some cases, this can be considered a criminal act. In the US it could be “tampering with evidence,” “destruction of evidence,” or “obstruction of justice.”

At Chinese border crossings, when you become suspicious, it’s only a matter of time before you reveal your password. Officials will torture you to extract a confession. In China, if your phone contains Telegram, VPN, Singal and you have criticized the government, the consequences of being discovered are more severe than a duress password, and usually depend on the mood of the official at the time. It is usually 10 years in prison or death penalty, no trial, no further evidence, no charges, usually directly detained in the local detention center and moved to prison after a few months, no chance of a re-trial. In this case, I am pretty sure a duress password is better.

I use Pixel 9a and the latest version of GOS. A random character password with more than 16 characters is the only way to unlock the phone. In addition to the default APP, there are only IronFox (keep in private mode), VPN and a banking app on the phone.

No chat history and call history, no contacts, no SMS/MMS and local files. Keep airplane mode. This is my daily configuration.

Considering that officials are likely to force passwords through torture after discovering that it’s GOS, I will delete the banking APP and turn off the USB port in the settings before entering customs, erase Esims, delete the WIFI connection record, and try to download some large files to cover the data residues in file system, then shutdown. Before passing through customs, I will put the phone in the suitcase instead of in my pocket or hand-held, and use duress password when necessary. I think that’s enough, how you think?

The US and its vassal states (UK, Germany) do this to their own dissidents. To the extent China might overstep on privacy related matters, it’s more of a protective measure against an extremely hostile, proven destructive aggressor (America) who’d love to arrange a coup to overthrow China’s government which would likely end up with millions dead.

Germany as well as the UK are completely independent and recognized countries and governments. They are not vassal states of the US, but they work pretty tight together.

At Chinese border crossings, when you become suspicious, it’s only a matter of time before you reveal your password. Officials will torture you to extract a confession. In China, if your phone contains Telegram, VPN, Singal and you have criticized the government, the consequences of being discovered are more severe than a duress password, and usually depend on the mood of the official at the time.

If you are in this situation please, and I repeat please do not bring you in danger and try to avoid any harm.
Just buy and Samsung A phone and use it a while and let the pixel stay outside the border control (e.g. don’t take it with you).
For your data that you need in China. Upload everything to Proton drive (e.g. Signal backups, telegram backups etc.) and then login on proton and download the data securely (internet café with tails or something else.

In China, all mobile phones including Samsung and Apple have a lot of spyware built in, even cars can record sound and video at any time, any software in China including the app store itself does not follow their own privacy policy at all, usually in China, we will buy US/JP/TW Apple or Google phones on Goofish (a china second-hand trading platform, but can find new products), Taobao or anywhere else, some people will buy Sony phones and install /e/OS, Anyway samsung is not a good choice in China, I know you don’t understand China, you just need to imagine that this is a large North Korea, in fact, holding a Google phone is not necessarily in danger, because it can be bought in China in many ways, I think what should be paid more attention to is whether the data in the phone is sensitive, the Proton you mentioned is a good idea, but because Proton VPN has leaked the IP address of French activists, I personally don’t trust any of Proton’s services, I use NextCloud

Just search “The Economist Democracy Index” on Wikipedia and you will find that China is much worse. To us, the US or UK or Germany and any democratic country look like heaven. You at least have a way to know what the US authorities do to dissidents, but in China, the CCP usually kills them directly or harvests their organs alive and kills them, the number is much more than you can imagine.

I think I participated in the White Paper Revolution. On Urumqi Middle Road, I was put in a detention center for 3 days just because I stood on the side of the road for half an hour. I hope that the CCP will be overthrown more than anyone else, but it is unlikely. At least I personally cannot change anything. As for the millions of deaths you mentioned, if you know history, Mao Zedong killed hundreds of millions of people during the 3-year famine, which is more than any war in history. If China can really be democratic, I don’t mind the death of only millions of people, including myself, and considering the actual situation, even if millions of people died, almost all of them were CCP soldiers. They are not innocent. On June 4, 1989, it was also them who shot at unarmed Chinese college students. They do not deserve pity, even all CCPs also

It’s fair to criticize each government that goes too far in any capacity. However you are letting your dislike for one government (the U.S.) completely blind you to a far, far worse one in the PRC.

This is not an issue of debate, but is an objective fact that the PRC is among the worstgovernments for human rights abuses on the planet to include running an active genocide campaign right now in Xinjiang, ethnic cleansing in Tibet, the use of slave labor, as well as seizing territory from its neighbors like Bhutan, Vietnam, and the Philippines.

The US is far from perfect but the level of evil committed by the PRC under the CCP in right now is a completely different category.

You have zero understanding of geopolitics and international affairs if you think Germany and the UK are sovereign, independent countries. Zero.

Confidently claiming China is some type of unique evil relative to the US and that such a view is plain “objective” is beyond delusional. China isn’t the one constantly overthrowing governments around the world, igniting wars, wrecking countries, dropping countless bombs, funding the Gaza genocide, invading countries, holding military bases and/or parking their nukes in other countries… all over the course of decades.

The total inverse of what you confidently claim is true. China is far from perfect, but the amount of evil committed by the US is in a completely different stratosphere. Love how these observations are spun as merely “my dislike blinding me”. Your entire view of China is shaped by the CIA and American/Western propaganda & warmongerers.

You are free to read the horrors inflicted by the CCP as documented by international human rights groups. Here’s one source:

But dude, get real. You can’t even post on Techlore from China. Or access Google, Reddit, Facebook, Amazon, proton, etc

All allowed forms of communication like WeChat are constantly monitored and censored by the CCP. Apples iMessage and FaceTime are banned (to say nothing of WhatsApp or signal or Session) because of the E2EE.

If you hate the U.S. government you’re free to stand in Washington DC and scream all about it with thousands of your closest friends.

Try even mentioning what happened in Tiananmen Square in 1989 in a WeChat group chat and you’ll find yourself not just censored but sent to a slave labor camp to get your mind straight.

I’ll often be first in line criticizing US foreign policy. There is plenty to complain about. American citizens fear no reprisal from their government for expressing those views. A PRC citizen has no such luxury.

Anyone defending the CCPs human rights record is either a hopeless ‘useful idiot’ in the Stalin use of the phrase or an actual paid shill of the CCP.

Okay this is enough, and I’m not letting any of this stay untouched.

You have zero understanding of geopolitics and international affairs if you think Germany and the UK are sovereign, independent countries. Zero.

This is a know conspiracy theories around.
Both the Germans and the United Kingdoms are completely independent and if you would know anything about it, you would know that your claim is completely wrong.

Confidently claiming China is some type of unique evil relative to the US and that such a view is plain “objective” is beyond delusional.

I agree with that.
China is not the worst country or a superpower superior to everyone. The US has done so many wrongs and the list of war crimes and human rights violation is so massive that it isn’t even possible to list it in one hour (tried this my self).
But China a capitalistic dictatorship, without knowing any human rights or democracy. And its fair and objective to call it a more hostile¹ country that the US.

China isn’t the one constantly overthrowing governments around the world,

Taiwan?

funding the Gaza genocide,

There was no genocide in Gaza. This is extremely wrong, and you could even call it anti-Semitic, if you spin the thought long enough.

The ICC as well as the UN have both said multiple times that there is no genocide in Gaza.
There is not a single serious authority, which has the right to say so, who claims that there is a genocide in Gaza

holding military bases and/or parking their nukes in other countries…

As long as the other country can decide if they want the bases, it’s not a problem. This is part of the NATO.

China is far from perfect, but the amount of evil committed by the US is in a completely different stratosphere.

What in the name of the living hell am I reading …
Firstly when did we start to compare the evilness of countries. Secondly the US as well as China have both violated human rights and have done war crimes. But in the last ten years they calm. While China is actively doing war crimes and human rights violation while we speak.

1: to the single individual or a group of persons (religions, Colour of skin, etc.)