Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Tries To Force Google To Unlock User's Android Phone

samzenpus posted more than 2 years ago | from the open-says-me dept.

Privacy 385

Trailrunner7 writes "Those multi-gesture passcode locks on Android phones that give users (and their spouses) fits apparently present quite a challenge for the FBI as well. Frustrated by a swipe passcode on the seized phone of an alleged gang leader, FBI officials have requested a search warrant that would force Google to 'provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code ("PUK"), in order to obtain the complete contents of the memory of cellular telephone.' The request is part of a case involving an alleged gang leader and human trafficker named Dante Dears in California. Dears served several years in prison for his role in founding a gang in California called PhD, and upon his release he went back to his activities with the gang, according to the FBI's affidavit."

cancel ×

385 comments

Are you telling me? (4, Funny)

Jeremiah Cornelius (137) | more than 2 years ago | (#39359765)

Are you telling me that you can't unlock one of these phones, without a PhD?

Re:Are you telling me? (3, Funny)

Trecares (416205) | more than 2 years ago | (#39360063)

Well the police does hold a PhD.....

Plausible deniability... (4, Insightful)

Anonymous Coward | more than 2 years ago | (#39359347)

is becoming ever more important. In fact, it will soon replace the constitution as the thing you can always depend upon.

H.

Re:Plausible deniability... (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#39359657)

Let'ssee. Blacks are 8 times more likely than whites to commit the crime of robbery. FACT. Facts don't care how you feel about them.

Blacks are 3 times more likely than whites to use a gun during a crime. 2 times more likely to use a knife. FACT. Facts don't care if you think they are racist - they are true anyway.

I could go on but you get the point. Blacks are much more likely to be violent and criminal. FACT. Check all crime stats.

So this pimp-gangbanger dude. Wonder what color he is? If he is black .. you liberal bed-wetters will act surprised then? Got to maintain appearances and all that.

Equal opportunity is a great wonderful thing. I hope it never goes away. But it will not and should not guarantee equal results. That's a different matter entirely.

Re:Plausible deniability... (0, Troll)

stanlyb (1839382) | more than 2 years ago | (#39359869)

You, man, are full of bullshit. What you cite as a fact is actually STATISTIC. You do know what is the difference, right? Oh, never-mind, the fact is that your are an idiot.

Re:Plausible deniability... (4, Insightful)

black3d (1648913) | more than 2 years ago | (#39359997)

I'm not sure you're arguing against the correct aspect of his post. He's stating the facts of the statistics - he even mentions himself that those are the statistics. It *is* a fact that for a random robbery, it's 8 times more likely to have been committed by a black than a white. (And likewise, the individual mentioned is more *likely* to be black than white purely on a statistical basis). What's wrong with his post is that he doesn't take into account causation, and the causation is not that they're black, but other socio-economic factors, of which race is merely a correlation. That's not to say each individual isn't responsible for his crimes, but that race isn't the determining factor of why the crime occurrs.

For about a year at one point, I lived in a small island chain populated almost entirely by blacks - around 60,000 to 200 whites. However, the only murder in the last 20 years, had been committed by a white. Is it because he was white? No. And the statistics OP used to make his case are equally flawed simply in that respect.

Re:Plausible deniability... (0)

Pieroxy (222434) | more than 2 years ago | (#39360065)

Your post is appalling. But I'm sure you know that.

So, black people commit more crime than white. The real question is why? Genetics? Don't think so. Can you think of another reason?

Ah, you are AC, therefore you do not think. I forgot.

Have a nice day.

Just another reason... (1, Troll)

registrations_suck (1075251) | more than 2 years ago | (#39359349)

...to avoid dependence on "free" information services.

Re:Just another reason... (0)

Anonymous Coward | more than 2 years ago | (#39359469)

Yeah, you're just so much better off when you pay to let the government be privy to all of your data. [techfruit.com]

FBI (-1)

GmExtremacy (2579091) | more than 2 years ago | (#39359511)

Why aren't tricked into use Gamemaker.

Re:Just another reason... (1)

registrations_suck (1075251) | more than 2 years ago | (#39359689)

....my point was that you're better off running your OWN information services (for example, your own mail server, etc.), rather than trust it to someone 3rd party who will happily hand over whatever info may be found there.

Re:Just another reason... (1)

PNutts (199112) | more than 2 years ago | (#39359801)

So you're saying that if you are served a subpoena you won't comply? Better lawyer up!

Re:Just another reason... (0)

Anonymous Coward | more than 2 years ago | (#39360037)

If I am served a subpoena to provide information for a case in which I am a defendant, you bet your ass I "won't comply", by which I mean I will be exercising my 5th amendment rights.

Re:Just another reason... (0)

Anonymous Coward | more than 2 years ago | (#39360137)

That's really not how it works at all. If the police have evidence that the gun you used in a murder is your home instead of a storage unit and the police come with a warrant you're either going to open the door for them or they're going to break it down.

Wha??? (0)

Anonymous Coward | more than 2 years ago | (#39359351)

...but it's SO easy to hack into an android phone???!!!

Ars Technica Lnk (5, Informative)

DarkHelmet (120004) | more than 2 years ago | (#39359355)

http://arstechnica.com/tech-policy/news/2012/03/fbi-stumped-by-pimps-androids-pattern-lock-serves-warrant-on-google.ars [arstechnica.com]

The one thing I found amusing about the whole thing is that PhD supposedly stood for "Pimpin' Hoes Daily". Then I read this:

Her $500 a night went straight to Dears, though, who "took care of her" in his own special way. As San Diego's Union Tribune reported, Dears found out the woman had spoken to a man who wanted to help her get off the streets. So Dears "beat her up in the back seat of his Cadillac and then forced her to get into the car's trunk, she testified. While in the trunk, she was driven from East Main Street in El Cajon to Hotel Circle in Mission Valley, she testified."

Major league asshole. I hope he gets the book thrown at him.

Re:Ars Technica Lnk (-1, Troll)

Anonymous Coward | more than 2 years ago | (#39359381)

treat 'em rough if you want the muff.

Re:Ars Technica Lnk (-1, Troll)

joebagodonuts (561066) | more than 2 years ago | (#39359567)

You're a pussy for posting that AC.

Re:Ars Technica Lnk (-1)

Anonymous Coward | more than 2 years ago | (#39359739)

Fuck off you whiny kike. I'm more of a man than you'll ever be, coward.

Re:Ars Technica Lnk (-1)

Anonymous Coward | more than 2 years ago | (#39359841)

You sound like either a spic or a nigger. Both of y'all love to beat up women when you're not stealing whitey's TVs, don't you?

Re:Ars Technica Lnk (0)

bryanp (160522) | more than 2 years ago | (#39359859)

Sadly, no one will ever know as you are too frightened of your own shadow to post under your real name. Pathetic little troll.

Re:Ars Technica Lnk (-1)

Anonymous Coward | more than 2 years ago | (#39359943)

Let's get serious here - This is the City of San Diego. It's not some barrio in Jalisco, or some favela in Rio.

I live here. This is a safe city with TONS of opportunity for anybody who wants it, where "escaping the ghetto" means only a 10-minute bus ride. Any woman who is stupid enough to get tricked into ho'in, or addicted to meth for that matter, deserves what they get plus a Darwin award. And no, I did not write the troll to which you responded.

-- Ethanol-fueled

Re:Ars Technica Lnk (5, Interesting)

yurtinus (1590157) | more than 2 years ago | (#39359437)

I wonder how much rage we'll see in the discussion on this article... Now, not that I'm a lawyer or anything, but it looks like a properly served warrant for access to a specific device. Pretty much exactly what I would expect (and want!!) law enforcement to do while investigating a crime. I suppose it remains to be seen if the information they get allows them to unlock an arbitrary Android device or just this one.

Re:Ars Technica Lnk (5, Informative)

oakgrove (845019) | more than 2 years ago | (#39359493)

When you try and fail to unlock an Android device enough times and fail it just asks for your gmail password. I doubt Google will do anything more than give them that which would be pretty worthless against any other Android phone.

Re:Ars Technica Lnk (5, Interesting)

Anonymous Coward | more than 2 years ago | (#39359577)

I would hope that Google doesn't know my gmail password. I hope they use some security system that is similar to a salted one way hash. For example with Windows, the password is not known by the domain controller and it cannot be retrieved (short of doing dictionary hacks against the hashing function). I'd expect Google to be even more secure there and not have access to my password. Now, they could absolutely RESET my password. That's a different ball game than being able to produce my existing password on demand. One is scary. The other is just inevitable.

Re:Ars Technica Lnk (3, Informative)

Anonymous Coward | more than 2 years ago | (#39359845)

Resetting the gmail password won't help if the phone is locked. The phone still needs the old password to unlock it.

Re:Ars Technica Lnk (2, Informative)

Anonymous Coward | more than 2 years ago | (#39359889)

To use google (ldap) directory sync with google apps, you need to use unsalted SHA1, or cleartext passwords in the directory you wish to sync.

So, maybe? maybe not.

BTW, windows does _not_ use salted passwords, that is why it is so fast/easy to crack windows passwords-- since you _can_ use precomputed hashes in a rainbow table, unlike pretty much any other OS.

Also, windows has an option to use reversible passwords in AD.

Re:Ars Technica Lnk (5, Insightful)

russotto (537200) | more than 2 years ago | (#39359499)

Now, not that I'm a lawyer or anything, but it looks like a properly served warrant for access to a specific device.

Well, first of all, it's a rubber stamped warrant. Literally.

Second, Google is unlikely to have some of the information requested; the PUK of the SIM would be known by the SIM manufacturer, not the maker of the phone's operating system. Same goes for text messaging; it goes through the carrier, not Google.

Third, the records are unlikely to be physically at Google Legal Investigations Support.

Fourth, some of the "items requested" amount to a fishing expedition -- so much for "particular" descriptions of the places to be searched or items seized.

Re:Ars Technica Lnk (5, Informative)

EdIII (1114411) | more than 2 years ago | (#39359561)

It should not be that much of a problem for Google then.

There lawyers could just have fun with it. A nice lunch with some IT guys and a hour or so later you have a well written response with supporting documentation on why the FBI are complete technology retards.

They could have a few pages on how PUK and SIM actually work, and even being helpful, list contact information for the manufacturers.

Judge would just love reading that the FBI was wasting the courts time because they could not even figure out who to serve a warrant to. :)

Re:Ars Technica Lnk (0)

the eric conspiracy (20178) | more than 2 years ago | (#39359683)

IMHO the case as such is sufficiently egregious so as to justify an extremely broad warrant without much consideration by a judge.

Re:Ars Technica Lnk (4, Insightful)

russotto (537200) | more than 2 years ago | (#39360085)

IMHO the case as such is sufficiently egregious so as to justify an extremely broad warrant without much consideration by a judge.

First of all, the Constitution doesn't allow warrants which don't particularly describe places to be searched and things to be seized, no matter how egregious the circumstances. The Supreme Court has ruled that the judges do have to exercise judgement when approving them (though this is honored more in the breach than the observance).

Second, law enforcement is very good at painting defendants in a bad light. Look up the Kevin Mitnick case; whatever Mitnick did, it is NOT true that he could have started a nuclear war by whistling into a pay phone. In this case, they use "human trafficking" as a scare term; it appears he's actually a run of the mill pimp.

Re:Ars Technica Lnk (5, Informative)

Anonymous Coward | more than 2 years ago | (#39359693)

The PUK is also unnecessary since it's only used to unlock the phone's SIM card (and hence it's contacts.) If you fail too many times it self-destructs.

The Wireless provider knows the PUK as it's based on the serial number of the sim card, so Google certainly wouldn't have it.

Text messages are bit of a "maybe yes", while they are transmitted through the carrier, for billing purposes, the carrier has no way of reading them unless they've been stored. Having worked for AT&T, their customer service software, and all the support software doesn't let you read text messages, but it does let you send text messages anonymously to phones. If you're a technical staffer who can manually provision phones, you may have access to the SMS in-transit, but I don't think they're stored unless the FBI has been requiring it.

The actual storage of SMS messages are on the phone/SIM if not deleted. It largely depends on what the phone's software is setup to do. On early Motorola and Nokia phones, all the contacts were stored on the SIM card, but on later models (post 2005) they are stored in the phone memory by default.

So there's no need to get the SIM card PUK, It's just the easiest way to bypass the PIN password. If you remove the sim card and replace it with another one without a PIN, it will give you access to the phone and all it's data anyway. Depending on the device, you may have better luck simply syncing the device to a computer.

As for what you can do with a stolen/lost phone, not a hell of a lot. If you're looking to wipe it so you can keep it, it's much easier to do that, than to use it for identity theft. As a golden rule, I never "save my password" on any device. I'd rather a lost device be wiped than someone using the data for nefarious purposes.

Re:Ars Technica Lnk (2)

sg_oneill (159032) | more than 2 years ago | (#39359933)

Its a bit more complicated than that with SMS. SMS isn't a point-to-point protocol, if the reciever isn't available, it stores somewhere and waits its turn. Its then up to the implementation as to whether its filed away in some database or deleted. SMS's are tiny little messages so its not certain that it would be delted. On the other hand theres no overwhelming reason not to delete either , unless some sort of data retention mandate is in place.

I do not believe any of the current generation of smart-phones by default store contacts on the card.

Re:Ars Technica Lnk (1)

msobkow (48369) | more than 2 years ago | (#39359819)

The defendant will always claim a warrant was "rubber stamped."

But at least it's some sort of oversight on the process, and beats the heck out of the "security first" fanatics who keep wanting to remove the "obstruction" of a warrant completely.

Re:Ars Technica Lnk (0)

Anonymous Coward | more than 2 years ago | (#39360133)

First and fourth you take up with the judge or rethink the system, but not expect Google to fix.

Re:Ars Technica Lnk (5, Insightful)

amiga3D (567632) | more than 2 years ago | (#39359543)

Exactly! This is how law enforcement is supposed to act. They have a suspect, they provide reasons to a judge, get a warrant and Google opens the device. If you're involved in crime don't keep anything incriminating on your phone. I mean really, these are the kinds of assholes law enforcement should be locking up.

Re:Ars Technica Lnk (2)

grainofsand (548591) | more than 2 years ago | (#39359907)

"Asshole"? Really? My limited understanding is that he is an innocent person until found otherwise, no?

It is all too easy to cast allegations around. At this stage he is not an "asshole" but instead a wholly innocent person accused of serious crimes.

Re:Ars Technica Lnk (0)

Anonymous Coward | more than 2 years ago | (#39359965)

He was already in prison after being convicted for similar crimes. Sounds like he deserves the asshole title even if he's innocent of these specific ones.

Re:Ars Technica Lnk (0)

Anonymous Coward | more than 2 years ago | (#39359983)

He has already been convicted of crimes which qualify him for lifetime "Asshole" status.

Re:Ars Technica Lnk (3, Informative)

Obfuscant (592200) | more than 2 years ago | (#39360025)

"Asshole"? Really? My limited understanding is that he is an innocent person until found otherwise, no?

No. He's either guilty or not. He cannot be innocent today and then guilty tomorrow for something he did last week.

The legal system is required to treat him as not until proven otherwise. That, however, does NOT mean that the legal system cannot get a search warrant to obtain evidence that can be used in a court to allow the court to make that determination, so even the claim "innocent until proven guilty" doesn't apply here.

As for how the rest of the world treats him, we have no limits on calling him guilty because we aren't the legal system.

Re:Ars Technica Lnk (1)

martin-boundary (547041) | more than 2 years ago | (#39359919)

I don't care. If the police's whole case stands or falls on a single cellphone password, then they're not doing their job properly. They should have several leads and avenues to explore, and they should not rely on getting special treatment.

It's a slippery slope, regardless. We're encouraged to trust Google with our data, and yet it's "ok" if the government gets to walk all over that trust. It's sloppy thinking, and I don't like it.

Re:Ars Technica Lnk (4, Informative)

cpu6502 (1960974) | more than 2 years ago | (#39359655)

It doesn't look like the warrant was issued yet. The judge may turn it down, or severely limit its scope (only require Google to provide the passgesture, if they have it).

Re:Ars Technica Lnk (2, Interesting)

billcopc (196330) | more than 2 years ago | (#39359471)

Yes, but the problem I see is: they already had him behind bars. He was released, and he went back to being a parasitic sack of shit. This is a failure of the penal system to rehabilitate convicts, a failure of the legal system to legalize prostition, creating this black market where thugs thrive, and finally a failure of the economy for creating an environment where crime pays way better than any proper career this Dears twit could ever possibly sustain. Heck, $500 a night is more than I make as an I.T. contractor.

Re:Ars Technica Lnk (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39359553)

Silly me - here I was thinking it was a failure of Mr. Dears to behave in a socially responsible adult manner, instead of engaging in petty crime and preying on the weak.

Society doesn't owe him a $500 a night job. Society doesn't owe him a cushy life free of any bad luck.

Re:Ars Technica Lnk (4, Insightful)

Jah-Wren Ryel (80510) | more than 2 years ago | (#39360105)

Silly me - here I was thinking it was a failure of Mr. Dears to behave in a socially responsible adult manner, instead of engaging in petty crime and preying on the weak.

Silly you indeed. We are society so we can change it. We are not Dears so we can't change him. That you equate fixing systemic problems with giving criminals "a cushy life" indicates that you don't really give a damn about society.

Re:Ars Technica Lnk (1)

joebagodonuts (561066) | more than 2 years ago | (#39359573)

"Rehabilitation" isn't the goal.

Re:Ars Technica Lnk (3, Insightful)

bmo (77928) | more than 2 years ago | (#39359711)

It's not the goal because nobody ever thinks of the long term effects of the system we have versus the system we could have.

And we, as a society, pay through the nose for it. If you think corrections costs too much, look in the mirror.

--
BMO

Re:Ars Technica Lnk (1)

marcello_dl (667940) | more than 2 years ago | (#39360039)

Putting criminals together in the same place and not monitoring them 24h (aren't we monitoring the ordinary citizens more than criminals?) means: jail is an academy for criminals.
A sane society would be damaging itself by not fighting crime, but another kind of society may need criminals to do the dirty jobs in exchange for money, a society based on money may need crime to strip people of excess money and keep them thinking about getting to the end of the month instead of having their needs satisfied and them wondering how things work in politics, economy, arts. Does this happen to us?
Then cops keep criminals under control so they don't get too powerful, laws keep cops under control, corruption keeps laws under control.

Here in Italy they are discussing amnesty, mere years after one was granted, for the same reasons: it's obvious that a remedy that lands you back at square one is a failure, but not obvious to politicians. Now, we can believe that people able to change things do not understand cause and effect, ok. But I'll take ANY crackpot theory over the theory that idiots rule the world, I see the latter not happening in the small so it can't be happening at the top, the ladder that is based on nothing can't stand. The idiots are there on top, but they are not the rulers.

Re:Ars Technica Lnk (1)

Obfuscant (592200) | more than 2 years ago | (#39360057)

It's not the goal because nobody ever thinks of the long term effects of the system we have versus the system we could have.

Actually having that system is, unfortunately, not a unilateral decision on the part of society. What that means is that the criminal has to want to rehabilitate before we can have a system that rehabilitates people.

You can't force someone to rehabilitate who doesn't want to, just like you can't force someone who doesn't want to "wage peace" to do so.

Re:Ars Technica Lnk (2, Interesting)

Anonymous Coward | more than 2 years ago | (#39359779)

Actually, yes, it is. The whole point of the prison system as it stands today is to rehabilitate criminals and release them back into society as free men. If that weren't the case, they'd never be released, and we would probably just kill them instead to save money.

As for actually rehabilitating people, it's pretty obvious the system has failed miserably. But hey, that's just what the government does. War on drugs, war on terror, apparent war on the economy; total failure has never stopped them before and it won't stop them now.

Re:Ars Technica Lnk (5, Interesting)

Kalriath (849904) | more than 2 years ago | (#39359877)

One question: are your private prison operators paid on a per capita basis per incarcerated person, or on a performance basis per rehabilitated person? Ours are paid per rehabilitated person. Et tu?

Re:Ars Technica Lnk (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39359707)

Right - because if prostitution were legal, non thugs would be signing up all over the place to run brothels, just like strip clubs.

I hear you on legalizing, but really, it would still be run by thugs. its prostitution. it's never going to be legitimate even if its not illegal.

Re:Ars Technica Lnk (0)

Anonymous Coward | more than 2 years ago | (#39359839)

Heck, $500 a night is more than I make as an I.T. contractor.

Not a good way to make a point. As a contractor everyone expects you to make less than that.

Re:Ars Technica Lnk (1)

rrohbeck (944847) | more than 2 years ago | (#39360043)

Rehabilitate?
I think this is the first time I've heard that term used in relation to the US penal system. Isn't it just about putting people away and using them for cheap labor?

Re:Ars Technica Lnk (1)

Anonymous Coward | more than 2 years ago | (#39359479)

Me too, but... is it right if he causes the FBI to take any slim protections we might still seem to enjoy with him?

Methinks they can figure out other ways to get the information they need to nail his dick to the cross. They're just being government-lazy.

Re:Ars Technica Lnk (1)

Anonymous Coward | more than 2 years ago | (#39359503)

Major league asshole. I hope he gets the book thrown at him.

Sure, but once it becomes known how to take personal data off a locked Android phone, this will be used millions of times per year on people like you who don't remotely qualify for the "end justifies the means" treatment that we assume is OK in this case.

Re:Ars Technica Lnk (3, Interesting)

interkin3tic (1469267) | more than 2 years ago | (#39359687)

So not only does he deal in human sex slavery, he also is acting as a catalyst for the FBI to erode our right to privacy a little bit more.

And both are eroding a little more of my faith in humanity.

FBI, instead of trying to get a skeleton key to all our phones, including me who has never made a woman sell herself for money, how about you just pass a law that people convicted of pimping can't have phones? No objections from me on that one... anyone else?

As part of a case, okay sure, why not (4, Insightful)

sandytaru (1158959) | more than 2 years ago | (#39359359)

If they have enough probable cause to suspect there's even more evidence on the phone and are going through the proper procedures of obtaining a warrant, then I don't have a problem with this. If they were not in the middle of a trial case, however, I'd think this would fall under "unreasonable searches and seizures."

Re:As part of a case, okay sure, why not (4, Insightful)

artfulshrapnel (1893096) | more than 2 years ago | (#39359419)

Yeah, seems reasonable to me.

Your cellphone is not some magical box of protected data. If you've been committing crimes, and you get arrested for it, everything you've ever recorded is going to get looked at during that case. That includes the contents of your cellphone, and the police have the legal right to force entry to just about anything once they have probable cause.

I mean, it's not like they randomly pulled this guy out of line at an airport and demanded he unlock his phone. They've got witness testimony, previous convictions, and I'm assuming some more concrete evidence that he is a criminal. They're just trying to figure out if he's done anything ELSE, and corroborate their evidence wherever possible.

Re:As part of a case, okay sure, why not (1, Interesting)

Anonymous Coward | more than 2 years ago | (#39359485)

Former prosecuting attorney here. (Did it long enough to turn it into private sector bank). If the DA wants to drag you in court for bullshit reasons, you will be in court for bullshit reasons. I saw a guy brought up on some pretty serious drug dealing charges. The right judge signed off on everything put in front of him (had a pretty noticeable case of alzheimer's), the grand jury only sees what you want them to see. At the last minute the charges were dismissed (without prejudice) after he spent at least 6 figures on attorneys. Not one piece of evidence, but he was allegedly fucking the wife of somebody important (didn't find any evidence of that, either)

tl;dr -- you and all your fish eating friends can go fuck yourselves,

This should be interesting (5, Funny)

amginenigma (1495491) | more than 2 years ago | (#39359369)

Can you say whoops.... "The FBI special agent who wrote the affidavit also requested that Dears not be told about the information request, however the search warrant and affidavit were not sealed." Pretty sure the whole planet knows now dood...

PhD (1)

owenferguson (521762) | more than 2 years ago | (#39359371)

Push here, Dummy.

Hashes (3, Informative)

hilather (1079603) | more than 2 years ago | (#39359421)

If his credentials are being properly stored as SHA2 hashes, I don't think Google could comply with this anyways. This is the whole point in using hashes over encryption.

Re:Hashes (4, Interesting)

anilg (961244) | more than 2 years ago | (#39359451)

If this is the 9-dot pattern they are talking about, even a hash would be easy to brute force,. the worst case being 9!, but the average case being 4-6! as these are the sizes commonly chosen for phones.

However, the limitation could be the delay/lock after some unsuccessful tries. If they need to see that phone's memory, they need to maybe use a 0-day exploit that google knows of, but has not yet been fixed for that phone?

Re:Hashes (4, Insightful)

kenshin33 (1694322) | more than 2 years ago | (#39359509)

depending on phone it is easy, samsung usually have an unlocked bootloader ... you can flash whatever recovery image you want, if the phone is not encrypted ... well you get access to any data you want (using adb, CWM recovery has adb enabled with root access by default).
if it is the nexus S there's an easy way to unlock the bootloader without wiping the device (found on xda). for the see previous paragraph.

Re:Hashes (4, Informative)

Americano (920576) | more than 2 years ago | (#39359583)

However, the limitation could be the delay/lock after some unsuccessful tries

That's exactly what happened [arstechnica.com] :

Technicians apparently mis-entered the pattern enough times to lock the phone, which could only be unlocked using the phone owner's Google account credentials.

Re:Hashes (0)

Anonymous Coward | more than 2 years ago | (#39359609)

Disassemble the phone and access the chip directly.

Thought there was a cop device to just read phones (2)

jbeach (852844) | more than 2 years ago | (#39359447)

Called Celebrite. I thought it was supposed to be able to read all data off of SIMS and such. http://ebongeek.com/2011/04/20/the-cellebrite-ufed-allows-law-enforcement-to-download-all-your-smart-phone-data/ [ebongeek.com] I would think that a search warrant covering the phone would be enough for the FBI to run such a program - am I missing something here? Or is this due to some possibly technology-ignorant FBI possible boomer crying that Google doesn't automatically hand them everything they want through the magical power of the interwebs?

Re:Thought there was a cop device to just read pho (1)

Anonymous Coward | more than 2 years ago | (#39359533)

It works only on selected handsets and I believe it still depends on user compliance. I read as much data as I could find on the topic and I'm under the impression it works on a phone which is not currently locked. In other words, if you hand over your phone and comply with their request to unlock it they can then access pretty much everything on a supported model. Including stuff you deleted. If you refuse to unlock it, I don't think that device will do much.

Re:Thought there was a cop device to just read pho (3, Interesting)

silas_moeckel (234313) | more than 2 years ago | (#39359589)

Assuming you can get all that through the usb port. Having dealt with the FBI they are in general technology challenged. My favorite was the computer forensics expert they could not get a .tgz open.

Re:Thought there was a cop device to just read pho (1)

Lehk228 (705449) | more than 2 years ago | (#39359605)

it can only read what is stored on the sim, if the data is encrypted on the phone reading even the RAM module will just get you an encrypted block, that reader works on blackberry phones too as long as you don't need to be able to READ the data, just copy the block

Brute force? (4, Informative)

subreality (157447) | more than 2 years ago | (#39359539)

I'm surprised the FBI can't just dump the flash and brute force it. There are only about 100,000 possible patterns.

Re:Brute force? (3, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#39359581)

I am not even sure why they would need to brute force anything -- if they can dump the contents of the phone's memory, why not just inspect the contents? Unless I am mistaken, those lock screens are not being used to encrypt the contents of the phone.

Re:Brute force? (1)

Anonymous Coward | more than 2 years ago | (#39359631)

Newer versions let you encrypt the phone, but my recollection is you can't use the pattern to do it :)

Re:Brute force? (2)

subreality (157447) | more than 2 years ago | (#39359661)

Numeric lock codes can be used to encrypt; there's no reason the pattern locks couldn't be used that way as well, though I haven't tried it.

If it's not encrypted, I'm REALLY surprised the FBI can't figure it out. Flash chips are very easy to dump.

Re:Brute force? (0)

Anonymous Coward | more than 2 years ago | (#39359991)

Pattern-lock encryption is disabled ON PURPOSE because it would be trivial to decrypt (i.e. the keyspace is only 9! = 362,880)

Re:Brute force? (0)

ehiris (214677) | more than 2 years ago | (#39359867)

You are right. No encryption. Same with the iPhone. Total bullshit "security"

Re:Brute force? (1)

Overzeetop (214511) | more than 2 years ago | (#39360135)

The security is in line with the cargo value. While you may be carrying the nuclear codes on your iPhone, the average consumer is not, and the most important thing being protected is having their facebook status pranked by a roommate. Security and convenience are mutually exclusive, and I'll give you three guesses which one matters the most to consumers.

Re:Brute force? (1)

artor3 (1344997) | more than 2 years ago | (#39359917)

My Android (a Motorola Droid X2) uses encryption based on the screen lock pattern. At least I assume it's based on the lock pattern, since you need to use a lock pattern for encryption to be enabled.

Re:Brute force? (1)

betterunixthanunix (980855) | more than 2 years ago | (#39360097)

As numerous other people have pointed out, the key space for that pattern is tiny -- less than a million keys. Even if it were the case that the phone was encrypted using the screen lock pattern as a key, it would be essentially trivial to crack.

Re:Brute force? (1)

Anonymous Coward | more than 2 years ago | (#39360119)

Boot to the recovery rom, use adb or fastboot to access the filesystem. You can usually read from the phone without rooting.

Re:Brute force? (1)

silas_moeckel (234313) | more than 2 years ago | (#39359959)

Not allways that easy, not all phones have jtag headers or even a way to get to the exposed leads. Chip lapping seems rather excessive.

Legal system (-1)

Anonymous Coward | more than 2 years ago | (#39359541)

It's called Get a warrant assholes. If you can't get a warrant clap your hands, if you can't get a warrant clap your hands, if you really want a warrant and the judge won't give you one...... uhh than you really have a shit for evidence don't you? maybe eat less donuts and do some fucking work.

Re:Legal system (0)

Anonymous Coward | more than 2 years ago | (#39359615)

They were given a warrant. Moron.

Re:Legal system (1)

nedlohs (1335013) | more than 2 years ago | (#39359629)

Which part of " FBI officials have requested a search warrant" do you think isn't about getting a warrant?

Re:Legal system (1)

Black Parrot (19622) | more than 2 years ago | (#39359871)

Which part of " FBI officials have requested a search warrant" do you think isn't about getting a warrant?

Which brings up the question... WTF is this newsworthy?

Re:Legal system (1)

Beelzebud (1361137) | more than 2 years ago | (#39359699)

It's also called RTFA, or in this case, RTFS...

Fingerprint trail (0)

Anonymous Coward | more than 2 years ago | (#39359695)

They could probably get some good ideas by looking at the fingerprint trail on the phone.

Just ask them for access (0)

Anonymous Coward | more than 2 years ago | (#39359715)

The gang I mean. The PhDs are surely smart enough to reveal the secrets of few Androids.

The OP could at least have (0)

Anonymous Coward | more than 2 years ago | (#39359723)

linked to the original article [threatpost.com]

But that is no fun... (1)

NotQuiteReal (608241) | more than 2 years ago | (#39359971)

THAT article basically changes it from "google, unlock this phone!" to "google, please tell us what you about this account". Being specific is good when you are doing improv comedy, but not when you want to provoke discussion.

Passwords are stupid (2)

ehiris (214677) | more than 2 years ago | (#39359847)

Passwords are a stupid way of securing a device. The "password" on the device should be a passphrase for a key on the phone's encryption system. Both Apple and Google are making the same security mistake. iTunes could be a million times safer if they used public key authentication instead of their awful password system.

Re:Passwords are stupid (2)

jtownatpunk.net (245670) | more than 2 years ago | (#39359927)

Yeah. I should have to provide a fresh DNA sample to unlock my phone. Giggity.

Why don't they ask Apple - they own swipe 2 unlock (4, Funny)

hashish (62254) | more than 2 years ago | (#39359891)

Why don't they ask Apple - they own swipe to unlock

Weak Investigation (2)

xxMSAxx (648692) | more than 2 years ago | (#39359987)

It seems to be pretty weak investigative work if the stone of truth depends solely on a cell phone record. Sure the guy is a scum ball, but if its so evident then there has to be a way to prove it that doesn't involve hacking into a computer device. As smartphones become databanks of personal information here also comes the advent of lazy detective work which would rather usurp expected privacy as the norm instead of hitting the streets to get their gumshoes dirty.

Asshole Gang Leader (0)

Anonymous Coward | more than 2 years ago | (#39360013)

First they came for the human trafficking gangleaders,
and I did not complain
because I wasn't a human trafficking gangleader
...

External mind storage (1)

unlocked (305145) | more than 2 years ago | (#39360033)

With all the talk of not keeping things on phones. Maybe it is time to debate if these devices could fall under an external human memory that should have the same considerations to the contents of your mind. They can't just request the content's of your brain. 5th amendment. As more technology invades our lives the more these devices are turned into surveilance sources. Should they not be totaly encrypted and carry the same protections as or your brain. Just a thought, maybe wrong about it.

FBI wants Google to provide user's SSN? (1)

schwit1 (797399) | more than 2 years ago | (#39360059)

Why would Google have his SSN?

Catch 22 for Google.... (1)

Above (100351) | more than 2 years ago | (#39360101)

Unlock the phone, and prove to all Android users that Android's "security" is weak and/or has a back door.

Tell Law Enforcement they can't help with their warrant, and piss off Law Enforcement for future requests against google.

I'm glad I'm not Google.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...