SoylentNews is people
SoylentNews
from the prosecutors-want-access-to-everything dept.
The New York Times features a joint (and very one sided) opinion piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes. They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large.
Except, there is no proof that having such a backdoor would conclusively allow them to solve the case and wouldn't require actual police work.
(Score: 2) by KilroySmith on Wednesday August 12 2015, @04:18AM
Oh, my god.
Have they considered hiring someone who's capable of downloading a password cracker from the internet, looking at the Android code to see how the decryption key is generated from the passcode, and start brute forcing passcodes from the internet databases of most common passwords?
Is it really much more difficult than that?
(Score: 2, Funny) by Anonymous Coward on Wednesday August 12 2015, @04:25AM
They could even outsource the job to Hacking Team
(Score: 0, Troll) by Anonymous Coward on Wednesday August 12 2015, @04:44AM
Hey, maybe America is improving after all. Still evil, but the idiots in charge are so incredibly stupid they they've completely forgotten how to do evil things, like waterboard random suspects until someone confesses to the murder.
(Score: 3, Interesting) by TheLink on Wednesday August 12 2015, @06:27AM
Don't they have an upgraded version of this?
http://www.forbes.com/sites/andygreenberg/2012/03/27/heres-how-law-enforcement-cracks-your-iphones-security-code-video/ [forbes.com]
I'm pretty sure most phone users don't use strong passphrases on their phones and most use something that can be brute-forced in a few minutes, at most a few hours. Think about how long someone is willing to take to unlock their phone and how reliable most touch phone data entry methods are. Good luck entering a 50 character passphrase correctly into your phone in under a minute.
(Score: 4, Informative) by quacking duck on Wednesday August 12 2015, @01:55PM
Any phone OS worth their salt has the option to wipe the phone after a certain number of failed attempts, and if not will still introduce longer lockout delays with every failed passcode attempt. Not long ago a flaw was discovered on iOS where you could get around this by killing power to it before it stored the number of failed attempts, but it's been long enough Apple should have fixed this already.
(Score: 5, Informative) by KilroySmith on Wednesday August 12 2015, @02:36PM
And any phone manufacturer worth their salt can have a technician desolder the FLASH from the phone motherboard, and attach it to a non-phone microcontroller as a peripheral, and run the brute force attacks on that. Two weeks at the outside if you have to have a PCB designed/built. No timeouts, no retry limits.
(Score: 2) by FatPhil on Wednesday August 12 2015, @07:08PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by kurenai.tsubasa on Wednesday August 12 2015, @02:17PM
I have been wondering this as well. If whatever's on the cell phone is so absolutely crucial to the investigation, why don't they buy some CPU time from, say, the NSA and spin up a cluster of a few thousand John the Ripper [wikipedia.org] nodes?
Of course, doing that, obtaining the password in a few days or so (assuming it's not “password” or one of the children's names or birthdates), and bringing a murderer to justice wouldn't move forward the narrative that only terrorists need strong encryption!
Strong encryption is magick! Dark magick of the House of Slythryn! Voldem^#24j57T89$23+++NO CARRIER