The New York Times features a joint (and very one sided) opinion piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes. They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large.
Except, there is no proof that having such a backdoor would conclusively allow them to solve the case and wouldn't require actual police work.
(Score: 3, Interesting) by TheLink on Wednesday August 12 2015, @06:27AM
Don't they have an upgraded version of this?
http://www.forbes.com/sites/andygreenberg/2012/03/27/heres-how-law-enforcement-cracks-your-iphones-security-code-video/ [forbes.com]
I'm pretty sure most phone users don't use strong passphrases on their phones and most use something that can be brute-forced in a few minutes, at most a few hours. Think about how long someone is willing to take to unlock their phone and how reliable most touch phone data entry methods are. Good luck entering a 50 character passphrase correctly into your phone in under a minute.
(Score: 4, Informative) by quacking duck on Wednesday August 12 2015, @01:55PM
Any phone OS worth their salt has the option to wipe the phone after a certain number of failed attempts, and if not will still introduce longer lockout delays with every failed passcode attempt. Not long ago a flaw was discovered on iOS where you could get around this by killing power to it before it stored the number of failed attempts, but it's been long enough Apple should have fixed this already.
(Score: 5, Informative) by KilroySmith on Wednesday August 12 2015, @02:36PM
And any phone manufacturer worth their salt can have a technician desolder the FLASH from the phone motherboard, and attach it to a non-phone microcontroller as a peripheral, and run the brute force attacks on that. Two weeks at the outside if you have to have a PCB designed/built. No timeouts, no retry limits.
(Score: 2) by FatPhil on Wednesday August 12 2015, @07:08PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves