July 16th, 2024

It's never been easier for the cops to break into your phone

Law enforcement, including the FBI, uses advanced tools to access suspects' phones rapidly. Recent events highlight agencies' access to phone-hacking tools like Cellebrite, sparking debates on privacy versus law enforcement requirements.

Read original articleLink Icon
It's never been easier for the cops to break into your phone

Law enforcement agencies, like the FBI, are increasingly equipped with tools to access suspects' phones quickly. Following the attempted assassination at a Trump rally, the FBI swiftly gained access to the shooter's phone, although the method used remains undisclosed. Security experts note the growing effectiveness of phone-hacking tools, with agencies like the FBI having access to devices such as Cellebrite for data extraction and unlocking. Third-party mobile device extraction tools (MDTFs) are widely used by law enforcement, with some tools costing between $15,000 and $30,000. In the past, the FBI faced challenges accessing suspects' phones, leading to conflicts with tech companies like Apple over encryption. Despite such disputes, law enforcement agencies have managed to unlock devices through various means, including third-party vendors. However, concerns persist over the human rights implications of governments leveraging such technology. The evolving landscape of phone hacking underscores the ongoing debate between privacy rights and law enforcement needs.

Link Icon 7 comments
By @twojacobtwo - 5 months
Does anyone know how much of a black box these cellebrite (or competitor) systems are?

Like if we could get some into the hands of the best reverse engineers in software and hardware, how difficult might it be to figure out the methods by which they gain access (aside from standard brute force and the like)? Are these unreleased zero day software exploits? Or something that anyone with enough knowledge of of the hardware system could implement with say a few million dollars and a small team of capable people? How are updates delivered? Do we know that the devices don't provide remote access to the vendor themselves?

By @nxobject - 5 months
It's a pity that we (likely including the journalist) don't know more about how the cops got access to the iPhone beyond cloud backups: the one thing I'm taking away from this article is that passcodes can still be brute forced.
By @treebeard901 - 5 months
Along with this, the ISPs, phones and services online all have a close relationship with those requesting access from law enforcement. Rarely would most put up a fight for you or anyone else if your information was requested.

There are numerous ways for LE to view and manipulate your online experiences. Your phone can be viewed remotely like remote desktop over your cell connection without your knowledge. Defeating all end to end encryption in the process.

LE is given access to your application APIs and can control the results you get from job searches, your YouTube recommended videos and even the advertisements you are served.

Now you may think there are protections and they need a warrant. They do not in many cases. Most important to understand is that LE only has to follow the law and the rules if they want to use information they collect against you in court. Most requests do not go this far. So it is wide open for your information.

Even getting your phone and getting into it is easier than ever. However once you get here odds are it will face scrutiny in court.

I am hopeful a lot of this will continue coming out and being verified more officially. We live in a surveillance state and most people need to be educated about it.

By @filoleg - 5 months
Is there any info yet on what kind of a phone the attacker had?

I still cannot find any article about this incident explicitly mentioning not even a specific model, but just whether it was Android or iOS at all.

While most of them keep referencing that old San Bernardino story where the attackers had an iPhone with an outdated security model even for the time of the incident (it was iPhone 5c iirc).

By @BXLE_1-1-BitIs1 - 5 months
Don't know Apple, but Androids can be put into Bootloader and Recovery without password or pin. Most Recovery[s] give you access to the file system (if not, Bootloader can be used to install your own Recovery). Extract the files and run through whatever software you have for decryption.
By @ChrisArchitect - 5 months
tl;dr

The FBI made a note that they accessed the phone, shared widely etc, https://www.fbi.gov/news/press-releases/update-on-the-fbi-in... , there isn't any other information regarding the case.