FBI failed to access 7,000 encrypted mobile devices
Agents at the US Federal Bureau of Investigation (FBI) have been unable to extract data from nearly 7,000 mobile devices they have tried to access, the agency's director has said.
Christopher Wray said encryption on devices was "a huge, huge problem" for FBI investigations. The agency had failed to access more than half of the devices it targeted in an 11-month period, he said.
One cyber-security expert said such encryption was now a "fact of life". Many smartphones encrypt their contents when locked, as standard - a security feature that often prevents even the phones' manufacturers from accessing data. Such encryption is different to end-to-end encryption, which prevents interception of communications on a large scale.
Cyber-security expert Prof Alan Woodward at the University of Surrey said device encryption was clearly frustrating criminal investigations but it would be impractical and insecure to develop "back doors" or weakened security.
In a time when the government is committing criminal acts, is it not advisable for citizens to do what they can to protect themselves from that crime?
(Score: 5, Insightful) by edIII on Monday October 23 2017, @10:29PM (3 children)
Part of me is very skeptical. The NSA did have a bunch of their top secret tools stolen, but I suspect they have more. Or other governments do.
Maybe the FBI wants us to think our whole device/drive encryption is secure? There was a recent article about how some TPM was compromised. That's all it takes, and side channel attacks are a bitch. I'm reminded of the security concept that once you've lost physical security, you've lost all security. There is only one exception, and that is data at rest, and that is only as long as the encryption keys are irretrievable or not present in the device hardware at any level we can adequately measure and process.
It's wonderful news, but sounds too good to be true.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday October 24 2017, @12:41AM (2 children)
I knew someone would say something like that. Do you have any actual evidence that stories like these are just an attempt to give people a false sense of security, or is this just mostly baseless speculation?
(Score: 5, Informative) by takyon on Tuesday October 24 2017, @01:02AM (1 child)
The FBI doesn't want their methods to be known [zdnet.com]. So I would not expect them to tell the whole story when complaining about encryption.
They have been complaining about this stuff for years [vox.com] but have demonstrated a willingness to use spyware and vulnerabilities to infiltrate systems, especially those of Tor users. And they have used vulnerabilities to bypass phone encryption before.
Is there evidence that they have a vulnerability good enough for them to get past recently developed encrypted phones with lock screens? No. And that's the point. By lying and using shady methods, the FBI, NSA, and other agencies have eroded all trust in them. You won't know what they are exploiting until years later when it leaks or they are forced to acknowledge it. But you do know the policy: they break into systems using unreleased vulnerabilities, and believe that Congress and the courts give them the power to do so legally.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Insightful) by urza9814 on Wednesday October 25 2017, @01:30PM
Not telling the whole story is exactly what I was thinking. They don't even have to be lying -- they're only saying they couldn't get into the phones, they aren't saying how hard they tried. "Tried to access" could be an agent hitting the unlock button and seeing if they get a password prompt.
Are these phones that couldn't be accessed by their top IT security experts, or are these phones that couldn't be accessed by the field agent making the arrest? It's not like every single agent is an expert in cryptography. So how many do they bother to send for analysis? Probably not 100%. Maybe the 50% that get unlocked? Maybe only 1%, and 49% just have no security at all? Without that information this headline means nothing.