Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police In Oklahoma Have Cracked Hundreds of People's Cell Phones (vice.com)

Posted by BeauHD on from the screen-replacement dept.

An anonymous reader shares an excerpt from a report via Motherboard: Mobile phone forensic extraction devices have been a law enforcement tool for years now, and the number of agencies using them is only rising. As part of an ongoing investigation, we have finally been able to turn up some usage logs of this equipment, from Tulsa Police Department, and Tucson Police Department. While the logs do not list the cause of the crime or any other notes about why the phone was being searched, it does list the make of the phone, the date, and the type of extraction. First, let's go over what extraction devices are being used here. Tucson PD opted for the brand that is arguably the worldwide leader in mobile device forensics, the Israeli company Cellebrite. Tulsa Police Department however opted for a few different models -- they purchased two different password breakers from Teel Technologies in 2015, and in March 2016 gave about $1,500 to Susteen for their SecureView extraction device (SecureView was the product Susteen created when the FBI requested they create a more advanced extraction device for them). It does its work instantly, and has an incredible reach into a phone's data. They renewed this contract in 2017. In August 2016 they also purchased the Detective extraction device from Oxygen Forensics. Oxygen is much less common than Cellebrite, from what we have found. The kicker really is how often these are being used -- it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone's data. Even for the 316 times Tucson PD used theirs in the last year, it is still a real stretch to think that some low-level non-violent offenders weren't on the receiving end. There are some days where the devices were used multiple times -- Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren't even able to understand the why.

73 comments

  1. I agree, this is unnecessary by Anonymous Coward · · Score: 1

    I agree, this is unnecessary. There are better ways to protect us from terror than cracking people's phones after they commit violent acts. Let's implement a real Muslim ban, unlike the watered down stuff to try to get through the courts. Once we do that, it won't be necessary to crack phones. And the recent terror attacks in the UK prove that a Muslim ban is, indeed, necessary.

    1. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 4, Funny

      Yes, a Muslim ban would be a good start - but it should be quickly followed by a ban on Christians and Jews entering the country. In fact, the only people we should be allowing into the country are Atheists. Lesbian Atheists. And not the butch ones, just the "lipstick" ones. It's the only way to be sure.

    2. Re:I agree, this is unnecessary by tsqr · · Score: 2

      I doubt if more than a paltry few (if any) of these extractions were connected in any way with terrorism-related cases. Much more likely your garden-variety domestic felonies such as homicide and drug trafficking.

    3. Re:I agree, this is unnecessary by NoNonAlphaCharsHere · · Score: 1

      The fallacy here is "protect us from terror". Maybe we should also be protected from lightning strikes and slipping in the tub.

    4. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 0, Troll

      I agree, this is unnecessary. There are better ways to protect us from terror than cracking people's phones after they commit violent acts. Let's implement a real Muslim ban, unlike the watered down stuff to try to get through the courts. Once we do that, it won't be necessary to crack phones. And the recent terror attacks in the UK prove that a Muslim ban is, indeed, necessary.

      And the rise in domestic terrorism committed by white males prove that deporting all white males is, indeed, necessary.

    5. Re:I agree, this is unnecessary by mrclevesque · · Score: 1

      "Let's implement a real Muslim ban, unlike the watered down stuff to try to get through the courts."

      Religious bans are illegal

    6. Re:I agree, this is unnecessary by NoNonAlphaCharsHere · · Score: 1

      And please don't mention that the Manchester bombing "suspect" was a British national from ... Manchester.

    7. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 0

      can i at least watch?

    8. Re:I agree, this is unnecessary by zlives · · Score: 4, Insightful

      or pretty girls phone.

    9. Re:I agree, this is unnecessary by Gr8Apes · · Score: 1

      Maybe we should also be protected from lightning strikes and slipping in the tub.

      And papercuts! Don't forget the notorious papercuts!

      --
      The cesspool just got a check and balance.
    10. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 0

      We have kids, younger generations in charge of us, kids who blindly follow orders and obey. They are people in power, how scary is this. Cellphones are/have been made a necessity for the powers that be. What was once tin foil hat territory has been shown to be true. Snowden is a world wide hero.

    11. Re:I agree, this is unnecessary by Scarletdown · · Score: 1

      Maybe we should also be protected from lightning strikes and slipping in the tub.

      And papercuts! Don't forget the notorious papercuts!

      And don't forget the TSA's mandate; protecting us from accidentally sitting down on a toilet that had its lid left up.

      --
      This space unintentionally left blank.
    12. Re:I agree, this is unnecessary by Sparowl · · Score: 2

      You can, but if we suspect you of filming it covertly on your phone, it will be subject to seizure and data mining.

    13. Re: I agree, this is unnecessary by Anonymous Coward · · Score: 0

      You're right. We should instead enforce a culinary ban... if you don't eat pork, you're not allowed in the country (unless you also can't eat shellfish). If this ban keeps Muslim terrorists out of the country as a side effect, it's clearly Allah's will.

    14. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 0

      Who said these phones that were hacked had anything to do with terror investigations? Tulsa and Tucson are not exactly known as a terrorist hotspot.

      And I say lets dial back all the things related to security after 9/11 and take or chances. Especially at he airports because it is a big pain in the ass having to take off my damn shoes going through airport security. Instead we can replace all the security related measures by adopting the Israeli method. Strong border control and the unwavering commitment to killing anyone or blowing up anything they deem a threat without apology or asking anyone for permission.

    15. Re:I agree, this is unnecessary by Motherfucking+Shit · · Score: 1

      Or that the London Bridge attackers came from Morocco, Pakistan, and Italy, none of which Trump proposes to ban.

      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    16. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 0

      The attacker's religion is completely immaterial. You missed this fundamental truth: A ban on travel into a country cannot possibly be effective if the attacker is already in that country....

    17. Re: I agree, this is unnecessary by KGIII · · Score: 1

      I am not sure, but it looks like the OP was referring to something bigger than a travel ban. It looked like they wanted to just ban them, perhaps as some sort of solution meant to be final. That was my reading, anyway.

      --
      "So long and thanks for all the fish."
    18. Re:I agree, this is unnecessary by Anonymous Coward · · Score: 0

      Religious bans are illegal

      In some places. But 'laws' can be changed anyway. So can constitutions if need be.

      And please don't mention that the Manchester bombing "suspect" was a British national

      So? A country wanting to expel religious nuts can expel their own citiziens if they want to. It is only a matter of law, after all. Or they can revoke citizenship, like Norway did upon discovering that some people had lied about their origins in order to get refugee status - and gotten citizenship after the usual 5 year period. Being 'a national' didn't help when the lie was discovered 10 years later and their nationality simply got revoked. Out they went.

    19. Re: I agree, this is unnecessary by Anonymous Coward · · Score: 0

      You, being a deliberate idiot, refuse to recognize that preventing the parents who allow this to happen also prevents the second generation immigrants, which prevents the remainder of the terror incidents.

  2. Actual link to TFA by aneroid · · Score: 1

    The motherboard report: https://motherboard.vice.com/e...

    (2nd last link in an article with 11 links. Really?!)

    1. Re:Actual link to TFA by phantomfive · · Score: 2

      Now that I've read the article, it looks like the phone searches either were done with consent or with a warrant, and in most cases, a warrant was used. Hard to feel outraged about that.

      It is eye-opening to see the nice tools the police have to search through phones, though. A pretty UI, it's more than just grep.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Actual link to TFA by Anonymous Coward · · Score: 0

      10 of those links were to muckrock whatever that is. i assume the submitter wants views for that site, so i didn't oblige and the submitter can suck my DAMN balls

    3. Re:Actual link to TFA by Anonymous Coward · · Score: 0

      I haven't gone to muckrock either, but if you read the article at Motherboard, muckrock was the origin of the story and Motherboard syndicated it.

    4. Re:Actual link to TFA by Holi · · Score: 1

      I don't get how consent would require the use of a device to crack the phone, wouldn't they just tell them the password?

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    5. Re:Actual link to TFA by Holi · · Score: 2

      They state: "One "preview sheet" we received from Tucson had a column for whether they received a warrant to crack into the phone", that hardly supports the claim of "most cases". That "preview sheet" lists 14 uses.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    6. Re:Actual link to TFA by currently_awake · · Score: 1

      Searching the phone takes time and effort and skill. Plugging in a box is easy.

    7. Re:Actual link to TFA by phantomfive · · Score: 1

      If they're doing it without a warrant, then maybe we have something to worry about.

      --
      "First they came for the slanderers and i said nothing."
    8. Re:Actual link to TFA by Major+Blud · · Score: 1

      They state: "One "preview sheet" we received from Tucson had a column for whether they received a warrant to crack into the phone", that hardly supports the claim of "most cases". That "preview sheet" lists 14 uses.

      Tucson used it 316 times. I would consider 302 out of 316 "most cases".

      If they're doing it without a warrant, then maybe we have something to worry about.

      Didn't you say that it was with a warrant or consent? If they were given consent, that could explain the 14 part.

      --
      If you post as Anonymous Coward, don't expect a reply.
  3. Anyone else care about tech news? by OffTheLip · · Score: 1, Offtopic

    I'd even settle for why Microsoft is good at this point. Give it a rest SlashOverlords.

    1. Re: Anyone else care about tech news? by Anonymous Coward · · Score: 0

      Slashdot is such a negative place now. There have always been some YRO stories, but they were more than balanced out by open source news and interesting nerdy projects that people were doing. Aside from the occasional science article, it's mostly negative stuff about how our rights are being taken away and we have no privacy. While that may be accurate, it doesn't make for an interesting read.

    2. Re: Anyone else care about tech news? by Anonymous Coward · · Score: 0

      last time I checked /. was community-based. So don't complain about the lack of stories when you are welcome to submit them...

    3. Re: Anyone else care about tech news? by Cmdln+Daco · · Score: 1

      Slashdot is operated as a clickbait site, by a team that purchased Slashdot to support it with clickbait articles. Probably they were the high bidders when dice.com put it up for sale.

      It isn't Rob Malda's hobby anymore.

  4. (Phone forensics expert AMA) by GrEp · · Score: 3, Interesting

    Not surprising. Police still need a warrant.

    Androids have become a lot more secure. IPhones are crackable but it takes a special rig, https://arxiv.org/abs/1609.043... .

    --

    bash-2.04$
    bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
    1. Re:(Phone forensics expert AMA) by Anonymous Coward · · Score: 0

      Thank you for that link.
      For some reason arxiv/chrome isn't letting me download the PDF, but the summary is fascinating.

      This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c. Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection. Also some reliability issues related to the NAND memory allocation in iPhone 5c are revealed. Some future research directions are outlined in this paper and several possible countermeasures are suggested. We show that claims that iPhone 5c NAND mirroring was infeasible were ill-advised.

      Without access to the full paper however, the summary implies a few things that are pretty scary.

      Once they did their work on their sample phone, does that mean they can now do the same process on other phones purely over the bus protocol? Or is desoldering the NAND still required?

      The later would mean they could only get data off an iPhone they intend to destroy in the process.
      Seems a bit extreme for those arrested for nothing more than the crime of not becoming a police officer
      (As they say, if you aren't one of us, you're a criminal that we just haven't found evidence of your crimes yet)

      The above process, plus the specific "iPhone 5c" reference also implies that process won't work on newer iPhones that use full "disk" encryption, since the decryption key is stored within the SoC itself and not on the NAND flash.

      It almost sound like they are not intercepting the data between the SoC and NAND, so much as just making a backup of the NAND so they can restore it after too many bad password attempts are made and have another go.
      That case would also mean the iPhone 6 and newer wouldn't be vulnerable, since it is the SoC doing the counting and after too many failed attempts, it just wipes the internal decryption key.
      It doesn't use or need the data in NAND flash for that, it just renders it impossible to decrypt through normal means.

    2. Re:(Phone forensics expert AMA) by Anonymous Coward · · Score: 0

      The phone is not destroyed in the process, but there is some risk.

      Initial results led to many crashes and figuring out distinct issues such as direct copying not working correctly due to the CPU reading unexpected memory addresses.

      Additional work is possible to make the process better.

      The totality of the process is what you would expect in cloning NAND with some special hangups and is likely the same process some security vendors have been pedaling for some time at great expense. The method and some of its pitfalls is in the open now.

      No mention of FDE. The newer iphones have some measure of protection by default, but to prevent this attack from working requires additional steps.

    3. Re:(Phone forensics expert AMA) by dbIII · · Score: 1

      Yet another reason for me to hold onto the N900. Not getting it's data copied if I get a speeding ticket.

  5. Lack of iPhones by Anonymous Coward · · Score: 0

    Interesting. A quick scan of the 39 pages of the Tulsa report shows just 2 iPhones, both iPhone 5c. The rest are all mostly flavors of Android.

    1. Re:Lack of iPhones by tsqr · · Score: 1

      Interesting. A quick scan of the 39 pages of the Tulsa report shows just 2 iPhones, both iPhone 5c. The rest are all mostly flavors of Android.

      Look again, more carefully. There were a handful of 6 and 6s models as well.

    2. Re:Lack of iPhones by pr0fessor · · Score: 2

      My son has cracked more than a couple iphones... he won't take them out of his pocket before he get's on the skateboard. I just quit buying them for him.

  6. Re:The Jews by NoNonAlphaCharsHere · · Score: 1

    Donald, shouldn't you be running the country or golfing or something?

  7. Christians by Anonymous Coward · · Score: 0

    should be boiled in oil.

  8. No it's not by jon3k · · Score: 1

    - it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone's data.

    No it's not. It's very simple. It's 2017 how do you think drug deals work? Smoke signals?

  9. Israel shouldn't be invading privacy by Anonymous Coward · · Score: 0

    You know who else invaded privacy?

  10. Yes it is. by DrYak · · Score: 1

    No it's not. It's very simple. It's 2017 how do you think drug deals work? Smoke signals?

    No.
    SMS.
    Which basically have the same level of privacy/intrusion prevention as post-cards. Or smoke signals.

    There's a reason why your low-ranking street-trotting drug dealer is exactly that.
    If he had a little bit more brain and could understand all the intricacies of cryptography and data security,
    he would have enough brain to actually land a better paying job.

    Lots of the information critical to investigate small fry drug dealer can easily be eavesdropped without even needed access to the culprit's phone.

    Of course, there's going to be a few of them a tiny bit more tech savvy that will try to use some app to communicate...
    but given the above mentioned brain deficiency, they'll probably end-up discussing it on Facebook. On somebody's public wall.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Yes it is. by jon3k · · Score: 1
      That's exactly my point. How do you think they get the contents of those SMS?

      Lots of the information critical to investigate small fry drug dealer can easily be eavesdropped without even needed access to the culprit's phone.

      That's far more complex. Much easier to just catch him with drugs, unlock his phone, read his texts.

    2. Re:Yes it is. by networkBoy · · Score: 1

      That's exactly my point. How do you think they get the contents of those SMS?

      Lots of the information critical to investigate small fry drug dealer can easily be eavesdropped without even needed access to the culprit's phone.

      That's far more complex. Much easier to just catch him with drugs, unlock his phone, read his texts.

      In fact to intercept those cleartext SMS's still requires a wiretap auth IIRC, while once part of a search pursuant to arrest for cause the phone search is relatively simple to justify.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    3. Re:Yes it is. by Anonymous Coward · · Score: 0

      Uh, they just sniff the SMS content from the ether. Neither difficult nor protected against, really. That or they ask the TelCo to supply the info (maybe they get a warrant, lol). You thought they needed the actual device? LOL indeed.

    4. Re:Yes it is. by dbIII · · Score: 1

      What I found really funny a few months back is the drug dealer who would stand out in the middle of a park in the middle of the night with multiple phones, all turned on and on the network, setting up his deals. I think it was six phones, and nobody else within 200 yards. The location data did him in because one of the phones was in his real name with his real address. He didn't use that phone for his deals, but it was in his pocket telling the network where he was when he was doing the deals.
      There was plenty of other evidence and that wasn't his only fuckup but it was the most amusing one.

    5. Re:Yes it is. by dbIII · · Score: 1

      exactly my point. How do you think they get the contents of those SMS?

      See a Judge and then the phone company - it happens a lot every day.

    6. Re: Yes it is. by Anonymous Coward · · Score: 0

      How do you get the warrant for that without evidence. Judges aren't stupid. The police aren't stupid, and don't want to piss off judges by asking for bogus dragnet warrants. However, you catch a guy selling, it's reasonable to search his phone, and then it's reasonable to get a wiretap for his contacts.

    7. Re:Yes it is. by DarkOx · · Score: 1

      I suspect one of the problems drug dealers face they guys actually selling to the public anyway is the same every other business has: customers.

      The same reason your still does a lot of business over e-mail, plain old telephone, easily tampered paper letters, that they probably should not is simple. Its because a significant number of the clients insist on doing business that way, can't be arsed to learn anything more secure, and practically start shouting 'lalalalala' if you try to educate them as to why they should.

      Even if your dealer/pusher could use a secure app, or some kind of actually strong cipher code over plain SMS etc, Little Johny Methhead and Bobby Dopefiend won't be able to figure that out. They will go someplace else where they can get their fix without a 'computer lesson'.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  11. Warrants? by Holi · · Score: 1

    How many times were these done without a warrant?

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    1. Re:Warrants? by Holi · · Score: 1

      Guess I should read the article

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    2. Re:Warrants? by HornWumpus · · Score: 1

      We don't like your kind at /.

      GTFOut FA Reader.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  12. This is a good thing actually by onyxruby · · Score: 1

    Think of it this way, if they are cracking phones than chances are they are doing so via warrants.

    The privacy issue isn't cops using warrants, the issue is cops performing surveillance without warrants via IMSI catchers (AKA stingrays). One of these involves a singular target with a warrant, the other inevitably gathers data on people where the is no warrant.

    Sounds like they are doing the right thing.

  13. Free space wipe by Anonymous Coward · · Score: 0

    Is needed for your phones.

  14. Supporting Homelessness in SF... by Anna+Merikin · · Score: 1

    Supporting each of approximately 8,000 homeless persons in San Francisco costs about $30,000 or $250 million total; presumably other cities' costs are similar. (Source: homeless censuses and San Francisco budgetary estimates, not including emergency medical services.)

    Either government human services are not cheap -- or Harvard is.

    1. Re:Supporting Homelessness in SF... by Anna+Merikin · · Score: 1

      Sorry -- mistakenly posted to wrong article...:(

  15. Cost per case by AHuxley · · Score: 1

    How many believed the many stories that some of the older bands had really powerful protection that always worked and that was beyond the funding any city, state or federal contractor could work with per case?
    It was like Enigma, quick, easy and connected.
    The face database is also interesting https://www.muckrock.com/news/...
    ".... larger database of between one million, twenty million, or potentially a billion faces to instantly identify in the field"

    --
    Domestic spying is now "Benign Information Gathering"
  16. I live in Tulsa by l0n3s0m3phr34k · · Score: 1

    and can guarantee that TPD has no idea why their actually doing it either. But one poster hit it on the head; this is most likely in relationship to busting drug dealers. SWIM once told me that even though many dealers use burners, those burners are still filled with people's numbers, texts, etc that can be used to create a web of information. Motherboard mentions "protesters and activists"; as a Red state we really don't have much of either and it hasn't escalated to the point of arrest in many years. I've had to deal with the TPD Cybercrimes unit before, they totally screwed up my requests by transposing the submitted the IPs. That pic on that page shows how "advanced" they are; I doubt they are really using this data much. However, they most likely are passing it all up to the FBI.

    1. Re: I live in Tulsa by Anonymous Coward · · Score: 0

      You lost me at their.

    2. Re: I live in Tulsa by Anonymous Coward · · Score: 0

      SWIM is where I got off. Not sure how that even works in this case. OP is essentially telling us that he thought this up himself; or, he's using the term in a way that differs from how I normally see it used.

  17. Police have cracked hundreds of cell phones by DontBeAMoran · · Score: 0

    What the hell is so impressive about that? I cracked my own phone last week. It was extremely easy to do and I even did it by mistake.

    I dropped it on the sidewalk and the screen cracked in about three places.

    --
    #DeleteFacebook
  18. Sure! by nospam007 · · Score: 1

    It's all those old discarded iphones 3 and 3+ lying in the junk boxes of stoned teenagers that they use as an excuse for calling them 'dealers'.

  19. Re:The Jews by currently_awake · · Score: 1

    In my opinion a non functional American federal government is preferred. Their "Work" mostly looks (to me) to be passing bad laws or making the federal debt larger.

  20. There's nothing to "crack" by n6kuy · · Score: 1

    ... on my $20 BLU Tank-II T193 cheapie.

    --
    If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.