Slashdot Mirror
FBI Tries To Force Google To Unlock User's Android Phone
Trailrunner7 writes "Those multi-gesture passcode locks on Android phones that give users (and their spouses) fits apparently present quite a challenge for the FBI as well. Frustrated by a swipe passcode on the seized phone of an alleged gang leader, FBI officials have requested a search warrant that would force Google to 'provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code ("PUK"), in order to obtain the complete contents of the memory of cellular telephone.' The request is part of a case involving an alleged gang leader and human trafficker named Dante Dears in California. Dears served several years in prison for his role in founding a gang in California called PhD, and upon his release he went back to his activities with the gang, according to the FBI's affidavit."
is becoming ever more important. In fact, it will soon replace the constitution as the thing you can always depend upon.
H.
...to avoid dependence on "free" information services.
...but it's SO easy to hack into an android phone???!!!
http://arstechnica.com/tech-policy/news/2012/03/fbi-stumped-by-pimps-androids-pattern-lock-serves-warrant-on-google.ars
The one thing I found amusing about the whole thing is that PhD supposedly stood for "Pimpin' Hoes Daily". Then I read this:
Major league asshole. I hope he gets the book thrown at him.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
If they have enough probable cause to suspect there's even more evidence on the phone and are going through the proper procedures of obtaining a warrant, then I don't have a problem with this. If they were not in the middle of a trial case, however, I'd think this would fall under "unreasonable searches and seizures."
Occasionally living proof of the Ballmer peak.
Can you say whoops.... "The FBI special agent who wrote the affidavit also requested that Dears not be told about the information request, however the search warrant and affidavit were not sealed." Pretty sure the whole planet knows now dood...
Push here, Dummy.
If his credentials are being properly stored as SHA2 hashes, I don't think Google could comply with this anyways. This is the whole point in using hashes over encryption.
Called Celebrite. I thought it was supposed to be able to read all data off of SIMS and such. http://ebongeek.com/2011/04/20/the-cellebrite-ufed-allows-law-enforcement-to-download-all-your-smart-phone-data/ I would think that a search warrant covering the phone would be enough for the FBI to run such a program - am I missing something here? Or is this due to some possibly technology-ignorant FBI possible boomer crying that Google doesn't automatically hand them everything they want through the magical power of the interwebs?
The Invisible Hand of the Free Market is what punches workers in the nuts.
It works only on selected handsets and I believe it still depends on user compliance. I read as much data as I could find on the topic and I'm under the impression it works on a phone which is not currently locked. In other words, if you hand over your phone and comply with their request to unlock it they can then access pretty much everything on a supported model. Including stuff you deleted. If you refuse to unlock it, I don't think that device will do much.
I'm surprised the FBI can't just dump the flash and brute force it. There are only about 100,000 possible patterns.
Assuming you can get all that through the usb port. Having dealt with the FBI they are in general technology challenged. My favorite was the computer forensics expert they could not get a .tgz open.
No sir I dont like it.
it can only read what is stored on the sim, if the data is encrypted on the phone reading even the RAM module will just get you an encrypted block, that reader works on blackberry phones too as long as you don't need to be able to READ the data, just copy the block
Snowden and Manning are heroes.
They were given a warrant. Moron.
Which part of " FBI officials have requested a search warrant" do you think isn't about getting a warrant?
They could probably get some good ideas by looking at the fingerprint trail on the phone.
It's also called RTFA, or in this case, RTFS...
The gang I mean. The PhDs are surely smart enough to reveal the secrets of few Androids.
linked to the original article
Are you telling me that you can't unlock one of these phones, without a PhD?
"Flyin' in just a sweet place,
Never been known to fail..."
Passwords are a stupid way of securing a device. The "password" on the device should be a passphrase for a key on the phone's encryption system. Both Apple and Google are making the same security mistake. iTunes could be a million times safer if they used public key authentication instead of their awful password system.
Which part of " FBI officials have requested a search warrant" do you think isn't about getting a warrant?
Which brings up the question... WTF is this newsworthy?
Sheesh, evil *and* a jerk. -- Jade
Why don't they ask Apple - they own swipe to unlock
THAT article basically changes it from "google, unlock this phone!" to "google, please tell us what you about this account". Being specific is good when you are doing improv comedy, but not when you want to provoke discussion.
This issue is a bit more complicated than you think.
It seems to be pretty weak investigative work if the stone of truth depends solely on a cell phone record. Sure the guy is a scum ball, but if its so evident then there has to be a way to prove it that doesn't involve hacking into a computer device. As smartphones become databanks of personal information here also comes the advent of lazy detective work which would rather usurp expected privacy as the norm instead of hitting the streets to get their gumshoes dirty.
Work for Pay and Pay for Freedom
First they came for the human trafficking gangleaders,
...
and I did not complain
because I wasn't a human trafficking gangleader
With all the talk of not keeping things on phones. Maybe it is time to debate if these devices could fall under an external human memory that should have the same considerations to the contents of your mind. They can't just request the content's of your brain. 5th amendment. As more technology invades our lives the more these devices are turned into surveilance sources. Should they not be totaly encrypted and carry the same protections as or your brain. Just a thought, maybe wrong about it.
Why would Google have his SSN?
Unlock the phone, and prove to all Android users that Android's "security" is weak and/or has a back door.
Tell Law Enforcement they can't help with their warrant, and piss off Law Enforcement for future requests against google.
I'm glad I'm not Google.
What they will get out of it is any information on the perpetrator that Google has in their control - so Gmail, Picasa, anything on their servers. This is what a warrant does, and any content provider such as Google will have this in their TOS.
What they *might* get is a replacement account password to access the phone. That's unclear to me. It's in that respect that I don't know how Google will proceed.
What they will NOT get, however, are unlocks, text messages (unless he backs those up into his Gmail account), device passwords, device unlock patterns, or anything that would be used to unlock the device. That's all up to the mobile carrier or (possibly) the device manufacturer - not Google.
And for those who think Google made the device, no, they didn't. Somebody else did. May have been Motorola, LG, HTC, or Samsung, just to name the big four phone makers who put out Android off the top of my head. Google's support ends at the operating system development level, and whatever they have on their network. Demanding of Google whatever's on the mobile network or the device unto itself is like demanding an Amtrak schedule of Pepsico.
This sig no verb.
That the warrant is being served potentially on someone with no interest in the case.
It's an end-run around the password issue to serve google. It sidesteps the issues of the password case that was of recent concern, but raises new ones, thus is interesting.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
If they truly want any information on the guy, just have FBI officials disguse themselves as reps from an advertising firm. Google would gladly sell every piece of information available on the suspect.
Setting aside the serious legal implications of this case, I'm amused that the authorities are stymied by a gesture code, because those are ridiculously insecure. They're even easier to pick up than PINs via over-the-shoulder observation (even watching someone do it with the screen away from hem, an observer can narrow it down to a feasible number of alternatives to try), and furthermore the gestures leave telltale smudges that can often be observed after taking the device from the user. I do front-line tech support, and I've had people hand me their phones after unlocking them, and on several occasions I was able to guess their gesture code just from those clues.
http://alternatives.rzero.com/
on your phone, in your house, on your computer, on physical media, on your person, in your car, in your work place....damn it...where should we keep our incriminating stuff?
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
If you make less than $500 a night as an IT Contractor...you should try working days....much easier on the soul.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
If Google really wanted to comply, and the FBI were allow them to connect to the phone over a network, then the could most likely do it. They would make an update for the phone to some google package. Then they would have to sign the update using their private developer key. The OS components have very broad permissions, so they could then reset the passcode, or log what the old passcode was or whateever. They could also even patch the routine that accepts passcodes so that it accepts any passcode.
They may not actually have access to the platform sigining key, however. That may be something that the carier or maybe the phone manufacturer has.
Human trafficker, this is such a loaded misleading phrase.
Lets call it what it is: "you brought these people from that cheap country to my rich country and now they're working as cheap foreign labour and I don't like it, but I don't want to appear racist, so I'll pretend it was the 'smuggling' part that was bad and not the 'cheap foreign labour' part that is bad.
See? Not a racist, man I hate these Human Traffickers! Not the foreigners they bring in, no sir, not racist.
You know the FBI on your tv shows aren't real, right?
The Kruger Dunning explains most post on
Probably why he had mentioned the expert he knew couldn't even execute a simple tar command properly
I got nuthin
Which brings up the question... WTF is this newsworthy?
It means that the FBI isn't able to crack the encryption on this Android phone, and isn't aware of any backdoors.
That IS newsworthy.
If the only way they can bust a "human trafficker" is by getting into his cellular phone, maybe they need to do a little more police work.
The criminal justice system allows a hell of a lot of latitude to law enforcement. Legal wire taps, surveillance, search warrants. Informants, RICO, DNA evidence, even tax evasion investigations.
I've seen The Wire and The Shield, Kojak, Columbo and even Mannix. There are plenty of ways to take down a perp, and if all else fails, you put a couple in his noggin, drop a throw-down piece on him and say he drew down on you. Then you go home and sleep like a baby.
But they tell us the only way they can lock up a gang leader involved in human trafficking is by checking his Angry Birds high score.
Just sayin'...
You are welcome on my lawn.
The original article says Google may not have the tools to force the phone to unlock.
That's extremely unlikely. And if it's true, it's inexplicable. What company wouldn't build a foolproof mechanism to unlock its operating system if it gets into a bad state?
FSB android locks-up user!
This sig is not paradoxical or ironic.
"Dears served several years in prison for his role in founding a gang in California called PhD, and upon his release he realized his felony conviction prevented him from everything from gainful employment to food stamps and voting.
Upon applying to several minimum wage jobs only to be turned down, he also realized that credit and felony checks performed by apartments and landlords would also preclude him from securing affordable housing without a large security deposit.
defeated, frustrated, and with little prospect of ever reintegrating into society, he went back to his activities with the gang.
perhaps he learned the value of human life in jail, perhaps a newfound respect for his fellow human,
but he would never know life outside of the only institution to provide for him, the gang.
Good people go to bed earlier.
just give the phone to the CSI guys.. those guys on TV can hack anything in less than 44 minutes.
Why can't they use jtag or flash a tiny spy rom that does nothing but download contents of flash? Heck I would bet there is a diagnostic tool that already does that.
Asking google seems foolish. If they can do it and they use the capability that capability is degraded.
To be fair, .tgz is super obscure. I mean, not even WinZip is able to handle tgz.
They could have a few pages on how ...
The FBI doesn't want excuses. Your failure (to perform) is not an option. Good 'management' is having a scapegoat.
The correct answer is do demand the FBI provide X as the key for decoding the SIM and Y for decoding the SMS texts.
1) Flash a rooted kernel and CWM recovery with ODIN (all Samsung phones allow this)
2) boot into recovery
3) connect to the phone using ADB
4) Using sqlite, update the settings database and disable security
You're welcome.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
.....he does say he's dealt with them, which implies that he worked with them on a case in real life not a TV show.
Does anybody need any more proof of how secure android is :)
So is it encrypted? If not, I'm sure the techies can work around it without Google's help. If it is, then Google can't help anyway
is everybody offering legitimate ideas here to help the feds? sure the suspect may be scum, but still. come on. it's us (the people) vs them (the government).
The unbelievably complex, indecipherable URL = yet another example of Google's late recurrent stupidity.
Is it really necessary, Google, to have a 250 byte long (I'm guessing??) URL just to point to a search result?
Does it not occur to a company of this size and supposed innovation, and supposed expertise and vision, that the perceived need to have such an enormously complex URL is really nothing more than a signal that the web is fundamentally broken? Let's face it.....HTML and HTTP are technologies which are going to look increasingly creaky and outmoded in this century, simply due to the fact that we are asking them to do things which they are not and were never designed to do. HTML5 is not a solution, it's a bandaid.
I hope the above URL is a clear and shining example to all--just one of many--to get people thinking about the future of the Internet and how it will differ in key ways from some of the ridiculousness we're seeing today, and well as highlight the continued ineptitude of this company (Google) to bring us in the right direction.
I guess the main thing they're doing wrong is, instead of bringing together their vast resources and brainpower and people and putting them towards some kind of big worthwhile vision, like reforming the Internet and creating vast new markets, they just let all their scattered people keep to themselves and work on their own half assed visions, with no clear and coherent direction. This of course results in near zero real innovation and just perpetuates the status quo of rehashing old shit.
This is why I say Google is stupid and not to be trusted. They have run out of ideas. They did come out with some really good and useful stuff, but at this point they are entering the all too common point in the business lifecycle where they are focusing too hard on "refining" and "improving" their existing services, and in the process pissing off and driving away their customers by changing features which drew people to the service in the first place. It's usually all downhill from here. I hope I'm wrong about Google, but I'm not betting on it.
Interesting rant but maybe a little off key. The key sentence is"perceived need". Since in fact it is not needed - "https://www.google.com/search?q=warterboard" works just fine, it's that other story about your privacy being worth 60 cents.
I'm tend to think all that junk in there is tracking junk.
More to the point you want "refine and improve", it works for cars, just less nicely for information.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
It's a pain, but you have to go to the bottom of the page and click the "Check for New Comments" button until all comments are loaded, at least if there are over 250 comments (with my settings, which I'm unable to improve). It will only give you 250 new comments at a time, too, so if you want to load all of 501+ comments you need to click it multiple times, waiting in between each time.
Waiiii!!!!!! I have bad karma!
The guy has a lock up and is arrested and accused of human trafficking, drug dealing and so on, or indeed anything else.
The FBI find out about it.
Don't you think they'd get a search warrant? I don't see why a locked phone or PC is any different. Your right to privacy is severely restricted as soon as you are arrested or even under investigation, because a jury needs to have all of the facts of the case.
In fact if they serve you with a subpoena you pretty much have to comply with it or risk being found in contempt of court. Even Nixon had to hand over his tapes when he was hit with a subpoena and he was POTUS at the time. In the physical lock up case I think they could subpoena the key or combination to a lock, assuming they couldn't just get a search warrant and pay someone to break in.
And if you destroyed evidence in response to a search warrant or subpoena that would itself be illegal.
I think if you're relying on the fact that you've got 4096 bit encryption and/or self destruct mechanisms to nuke data to get out of criminal charges you're doing it wrong.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
"Plausible Deniability" only matters when you're guilty, or when you are railroaded. There's been no accusation of railroading here. "alleged human trafficker" usually means "human trafficker." Which means "slave trader."
And human traffickers are just about the lowest form of life known to man. It is often about a thousand times worse even than the *production* of child pornography, if it is possible to compare things that bad on a moral level. The production of child pornography only happens to a child once. When a child is sold into slavery, that slavery is ongoing.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Isn't there a bug in that you can call the phone, answer the call, while on the call, hit the home key, which takes you to the home screen, and you can then look at info all you want? may be fixed in ICS and newer, but older android phones that used to work.
They could always use the cheap, efficient pipewrench decryption algorithm. Works every time.
I mean, how can FBI maintain any plausibility in the hypothesis that they are theoretically "the good guys" against someone who can waive his constitutional rights. That would be pretty easy in a Guanatanamo situation like ok the prisoner is dead but look he waived his Geneva convention rights we have his signature here so we tortured him every day from 9 -15, but actually died from sleep deprivation because he waived his rights to sleep during night we have his signature here and here.
Yea work in hosting for awhile you will get to talk to the FBI etc, so far the secret service have been the most technically competent.
And yes IRL not on TV.
No sir I dont like it.