FBI Can't Crack Android Pattern-Screen Lock | Threat Level | Wired.com
Pattern-screen locks on Android phones are secure, apparently so much so that they have stumped the Federal Bureau of Investigation.
The bureau claims in federal court documents that forensics experts performed “multiple attempts” to access the contents of a Samsung Exhibit II handset, but failed to unlock the phone.
An Android device requires the handset’s Google e-mail address and its accompanying password to unlock the handset once too many wrong swipes are made. The bureau is seeking that information via a court-approved warrant to Google in order to unlock a suspected San Diego-area prostitution pimp’s mobile phone. (For details on the pimp investigation, check out Ars Technica‘s story on the case.)
Locking down a phone is even more important today than ever because smart phones store so much personal information.
What’s more, many states, including California, grant authorities the right to access a suspect’s mobile phone, without a warrant, upon arrest for any crime.
Forensic experts and companies in the phone-cracking space agreed that the Android passcode locks can defeat unauthorized intrusions.
“It’s not unreasonable they don’t have the capability to bypass that on a live device,” said Dan Rosenberg, a consultant at Boston-based Virtual Security Research.
A San Diego federal judge days ago approved the warrant upon a request by FBI Special Agent Jonathan Cupina. The warrant was disclosed Wednesday by security researcher Christopher Soghoian, In a court filing, Cupina wrote: (.pdf)
Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone. A pattern lock is a modern type of password installed on electronic devices, typically cellular telephones. To unlock the device, a user must move a finger or stylus over the keypad touch screen in a precise pattern so as to trigger the previously coded un-locking mechanism. Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.
Rosenberg, in a telephone interview, suggested the authorities could “dismantle a phone and extract data from the physical components inside if you’re looking to get access.” However, that runs the risk of damaging the phone’s innards, and preventing any data recovery.
Linda Davis, a spokeswoman for forensics-solutions company Logicube of suburban Los Angeles, said law enforcement is a customer of its CellXtract technology, which it advertises as a means to “fast and thorough forensic data extraction from mobile devices.” But that software, she said in a telephone interview, “is not going to work” on a locked device.
All of which is another way of saying those Android screen locks are a lot stronger than one might suspect.
It was not immediately clear whether the iPhone’s locking system is as powerful as its Android counterpart. But the iPhone’s passcode has been defeated with simple hacks, the latest of which was revealed in October 2010.
Clearly, the bureau is none too happy about having to call in Google for help. The warrant requires Google to turn over Samsung’s “default code” in “verbal” or “written instructions for overriding the ‘pattern lock’ installed on the Samsung model SGH-T679.” Google spokesman Chris Gaither would not say if Google would challenge any aspect of the warrant. Google, he said, does not comment on “specific cases.” “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying,” he said in an e-mail. “If we believe a request is overly broad, we will seek to narrow it.” Photo: Mike Dent/Flickr
He knows when you are sleeping...
NEW YORK (CNNMoney) -- Attention holiday shoppers: your cell phone may be tracked this year.
Starting on Black Friday and running through New Year's Day, two U.S. malls -- Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. -- will track guests' movements by monitoring the signals from their cell phones.
While the data that's collected is anonymous, it can follow shoppers' paths from store to store.
The goal is for stores to answer questions like: How many Nordstrom shoppers also stop at Starbucks? How long do most customers linger in Victoria's Secret? Are there unpopular spots in the mall that aren't being visited?
While U.S. malls have long tracked how crowds move throughout their stores, this is the first time they've used cell phones.
But obtaining that information comes with privacy concerns.
The management company of both malls, Forest City Commercial Management, says personal data is not being tracked.
"We won't be looking at singular shoppers," said Stephanie Shriver-Engdahl, vice president of digital strategy for Forest City. "The system monitors patterns of movement. We can see, like migrating birds, where people are going to."
Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.
First, I AM NOT a fanboy. My phone is an Android. Even when the iPhone was introduced, I steadfastly held onto my WindowsMobile phone, waiting for Palm to introduce something better. I have a Windows7 PC, laptop, AND netbook. When the iPad was first released, I thought it was gorgeous, but lacking. And, it was. Apple introduced an improved model a few months later, and a thinner, even more improved model less than a year later. Admittedly, I bought that one. And I love it. But I owned two Windows tablets well before the iPad was even a twinkle in Steve Jobs' eye. So I was predisposed, even before Jobs said it was the Next Big Thing.
Today at E3 in Los Angeles Nintendo showed the world the Wii U. Which looks and sounds like the birth-child of an Apple iPad and a LeapFrog LeapPad. (Yes, we own a LeapPad.) This, on the heels of Apple's WWDC where they emphasized major changes to Game Center that make it more XBox Live than Yahoo Games. At the same time, quietly and without any significant emphasis, Apple announced AirPlay Mirroring. Which, at first blush, sounds like someone accidentally left a slide in the Keynote deck from last year's WWDC. But, in reality, mated to a $99 Apple TV 2, it turns the iPad, iPhone or iPod Touch into an accelerometer-equipped wireless TV gaming console (minus the console).
But, I'm not buying each of my kids a $499 iPad, when I already spent $249 on the Wii 4 years ago. And then I spent $179 each for two DSi's a couple years later. Plus, each one of the Wii game disks cost me between $30-$50, and then each one of my kids' DSi cartridges cost me another $20-30. And, if they want to play each other, I have to buy two of the same game! Worse yet, once they've conquered a particular game, it's useless.
Do the math. If I'm lucky, I'm only into it for a grand, or so. Now Apple's going to try to get in on the game? Apple has been focusing more recently on price, but their products are not what I'd call the "budget option."
Even if I just bought each of the kids the cheapest iPod Touch, that would still be $210 a piece. Plus every game is going to be another $0.99 to $5.99. And then there's the Apple TV 2 for another $99. That would be close to $500, just to replace what they already have.
On the other hand, that is half what I spent on Nintendo products. And it means that every game they purchased could be played on or off the TV. Going forward, they could purchase anywhere from as little as 3 to as many as 40 times the number of games for the same money as a single cartridge or disk. Of course, the AppStore only has a little over 60,000 to choose from, compared to around 2000 total Wii and DSi titles. And, there's another 35,000 or so iOS educational apps. Each of which could never be lost or damaged -- even if the whole device was lost or damaged. And, by purchasing the apps from the same account, everyone in the house can play the same game, at the same time, together or apart, for just one single purchase. It doesn't hurt either that the iTouch does more than play games. My son, for instance, could use the calendar for scheduling. And both my kids would love to have an MP3 player. Which, again, would allow them to share music under the same account. There are dictionary and thesaurus, flash cards, SAT prep, and other good apps. Plus, the Apple TV 2 also has a few tricks, other than being a slave to iPad, iTouch, and iPhone. It's certainly a competent media player and Netflix tuner (even before jailbreaking).
Until yesterday, I might have been worried that they'd fight over a computer to sync. But, come Fall, not only will that be unnecessary, but -- with the addition of a Bluetooth keyboard and the Apple TV -- each practically becomes its OWN computer, portable and home video and MP3 player (also capable of wirelessly streaming from my iTunes library), handheld game machine, gaming console, PDA, and videoconferencing device. To do it up right: $210 iTouch, $99 ATV, add a nice screen for less than $200, and a $69 Bluetooth keyboard. Effectively, the same price as purchasing each of them a desktop computer, but one that fits in their pockets. Even the Apple TV 2 is pocket-sized.
Fine! I take back what I said about the "budget option."
Similar Blog & News Articles
- Nintendo's Wii U takes its cues from the iPad :: GigaOM — Tech News, Analysis and Trends
- New features could make iPad 2, iOS 5 a contender against game consoles (Appolicious) :: Yahoo! News: Technology News
Similar Wikipedia Articles
ACLU seeks information on Michigan program that allows cops to download information from smart phones belonging to stopped motorists.
The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program.
ACLU learned that the police had acquired the cell phone scanning devices and in August 2008 filed an official request for records on the program, including logs of how the devices were used. The state police responded by saying they would provide the information only in return for a payment of $544,680. The ACLU found the charge outrageous.
"Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide," ACLU staff attorney Mark P. Fancher wrote. "No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure."
A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.
"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."
The ACLU is concerned that these powerful capabilities are being quietly used to bypass Fourth Amendment protections against unreasonable searches.
"With certain exceptions that do not apply here, a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity," Fancher wrote. "A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched."
The national ACLU is currently suing the Department of Homeland Security for its policy of warrantless electronic searches of laptops and cell phones belonging to people entering the country who are not suspected of committing any crime.
I confess, though I consider myself a spiritual person, I'm not very religious. People born of a particular faith have all kinds of excuses for their lack of observance. But, usually, it just boils down to a matter of convenience. That's not my problem. I take my kids to religious school every week. I Facebook with a rabbi, a minister, a Jogye, a couple Hasidim, and members of an entire profession that most modern religions have determined to be Satan's disciples. I have plenty of opportunity, and ample reason, to pray and ask for forgiveness.
But, for those of you still searching for excuses, here's one less: If you happen to be Catholic, you no longer have to schlep your tuchas to the confessional. Now the "Jesus Phone" will bring the power of the confessional to the palm of your hand. What's more, this app not only received the coveted blessing of St. Jobs himself, but it even got the Pope's blessing for goodness sake. Which is impressive and shows great benevolence on the part of the church, considering that this app clearly duplicates existing ecclesiastical functionality.
I'm impressed that the Vatican is willing to embrace technology with open arms. Science, after all, is not their strong subject. The only question I have is, should one's iPhone become an item of evidence in a legal context, is it possible that this app will confess your sins to the police as well?
Similar Blog & News Articles
- New app helps Catholics confess on the go :: CNN.com Recently Published/Updated
- Need to confess your sins? We've got an iPhone app for that - The Guardian :: Sci/Tech - Google News
- Confession: There's an iPhone App For That :: Slashdot: Apple
- Need To Confess? There's A Catholic App For That :: NPR Topics: Business
Verizon’s iPhone Commercials Are So Snarky, You’d Think They’ve Been Stuck on AT&T For the Last 4 Years
Once again, Verizon isn't pulling any punches. I caught this commercial during the SuperBowl. Though there are actual differences between the iPhones sold on At&T and Verizon networks -- some favoring Verizon, and at least one, that I know of, favoring AT&T -- Verizon has chosen to make it all about The Network.
Similar Blog & News Articles
- Verizon iPhone 4 Commercial Out! So It's Very Real Indeed :: Startup Meme
- Verizon iPhone Commercial: "Yes, I can hear you now" :: OS X Daily
- Verizon takes aim at AT&T, releases "Yes, I can hear you now" iPhone commercial :: Gadgetell
- New AT&T iPhone Commercial "Talk & Surf" Fires Back at Verizon :: OS X Daily
- 7 Reasons to Stick with the AT&T iPhone :: Livescience.com - Technology
Where do I begin? Even before (maybe especially before) storage devices were portable, they were still vulnerable to theft, due more to their high resale value than the questionable value of their contents. Today, the market value of even a brand-new desktop computer may not be worth the potential consequences of being caught. But, the lucrative identity theft trade has given rise to an entirely different motive for computer, tablet, and cellphone theft. In this case, the device is simply a means to an end.
But theft and the obvious concern over losing such easily and commonly misplaced devices as thumb drives are far from the only reason to encrypt hard drive data. Today, for instance, international travelers may be subject to the copy and search of their hard drives, as authorized by the Department of Homeland Security's U.S. Customs and Border Enforcement's "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allows Customs Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Regardless of your motivation, encrypting mobile data storage should be high on your list of priorities. Like my AmericanExpress card, I never leave home with out it.
Note to attorneys, medical professionals, or anyone with a fiduciary responsibility: Unlike most professionals, you may have a legal, if not ethical, responsibility to protect your clients' data. Even if a standard for "reasonableness" has previously been applied to "locks" and other 20th century security practices, it may not apply to devices removed from a secure space. Check with your respective associations and/or licensing boards for more information. ... CONTINUE READING »
A byproduct of life in the 21st Century is that many of the perks of a post-centennial lifestyle require the abdication of a fair bit of privacy to cyberspace. That means that the paper records that once required a search warrant to read (and maybe the forceful extraction from your cold-dead-hands), are now in the possession of companies who don't. Of course there's Facebook and Twitter. Those didn't exist in the 20th. Century. But, what about your phone records and email? While your phone company has long been subject to a warrant or subpoena, in the 21st. Century new "self-service" tools have been developed to help telcos manage the onslaught of requests made particularly attractive by the fact that most of us carry what amounts to a homing-beacon in our pockets. Similarly, while email has always been an attractive source of discovery, until recently most of it resided on each correspondent's physical, and virtual, desktop waiting to get written-over by something more current. Today, it's more likely been put out to pasture in a seemingly-endless "server farm", waiting to be picked by a custodian of records.
Even our personal computers, which have always required a search warrant, and often require a cascading series of search warrants covering various regions of storage space and categories of searches, are rapidly being replaced by windows to the web -- sleek sheets of glass and sculpted-aluminum that act as a portal to your virtual existence. Like a supermodel, these tablets are thin and beautiful, but two-dimensional, with very little substance inside. What makes these devices a reality today is a combination of near-ubiquitous Internet connectivity and access to your personal online data once it's established. Even the notion of "backing up" is becoming a thing of the past, because the data you see, isn't really here. It's somewhere else, presumably safe from destruction, but not necessarily from dissemination. Like many things in life, it's a trade-off.
But, not when it comes to fighting crime. The shift of discovery from physical space to cyberspace is a decided advantage for law enforcement. In fact, Google reports that it responded to more than 4200 discovery requests in the first-half of 2010 alone. One of the reasons these requests have become so popular is that online data is easier seize than a laptop, and often much more useful. Much of what can be had requires no search warrant at all, and thanks to online tools, can be had without even so much as contacting the service provider. Why? Because, unlike the data on your hard drive, you don't necessarily own your data when it's stored in cyberspace.
The Electronic Communications Privacy Act was enacted by Congress in 1986 -- long before most people had access to the Internet, email, or a cellphone. When Mark Zuckerberg's only friends were his stuffed animals. Mind you, it was revolutionary for it's time -- enacted to extend government restrictions on wire taps from telephone calls to also include transmissions of electronic data by computer. But, it doesn't address current evolution. Today, far more can be gleaned from a historical records search than any telephone wiretap. Perhaps that's why last year the Department of Justice argued in favor of warantless email searches. Or why in the same year the DOJ argued that cellphone users had abdicated any expectation of privacy by using a service that stores location data.
Similar Blog & News Articles
- Cloud Users and Providers Win Big Privacy Victory - U.S. v. Warshak :: Technology Liberation Front
- Court: No warrant needed to search cell phone :: digg.com: Top News
- Court Holds there is a Reasonable Expectation of Privacy in the Contents of Emails :: Electronic Discovery Law
- Why Your Cell Phone Is More Private in Ohio than in California :: Forbes.com: News
- No Facebook, You May Not Share My Address and Phone Number With Developers :: Wired: Epicenter
Similar Wikipedia Articles
If security firm McAfee is right, 2011 may be the tablet computer takes over corporate America. Or more specifically, the year the tablet takes over corporate networks. McAfee predicts that the onslaught of consumer-owned and lent smartphone and tablet devices entering and exiting the office space may pose a new unanticipated threat to corporate security. Their concern is that, not only is the consumer largely ill-prepared to secure devices that may amount to a hole in the Trojan wall big enough to drive a wooden horse into, but that the lack of comprehensive security tools designed around the likes of iPhones, iPads and Android devices, leaves them ill-equipped, even if they were prepared. Potentially, this could mean that personal gadgetry may become the host du jour for new infectious computer viruses, malware, and most alarmingly, remote access to the network the form of "Trojan horses".
While McAfee, one of the world's largest anti-virus software manufacturers, is understandably concerned about the interconnection of consumer-maintained -- and largely unsecured -- devices to more secure corporate networks, I think they may be missing an even bigger threat. While for years USB "thumb drives" have been cheap and affordable, and available in sizes small enough to swallow, they still required the physical removal of data from the premises. This meant exhaustively copying and then walking data out of the building. (See "sneakernet".) And, while every year these storage devices hold more and more data, so does the average corporate server. It's unlikely that portable media will ever quite catchup.
On the other hand, the prevalence of high-powered personal computing devices (yes, I'm talking about your average smartphone) connected to the corporate network allows, not only for the immediate transmission of data off-the-premises, but potentially even the cheapest, least sophisticated, pre-paid Android phone, left "cradled" overnight to a desktop computer, (the same cradle used to charge the battery, and synchronize contacts and calendar events,) could allow for unrestricted unauthorized remote network access over a hard-to-trace personal cellular data connection. Not only is this possible today, but it doesn't require a sophisticated computer virus to accomplish.
Read more at http://www.technewsworld.com/story/71541.html
Similar Blog & News Articles
- Malware infected apps threatening Android devices (Digital Trends) :: Yahoo! News: Most Viewed
- Who's Keeping Tabs on Tablet Security? :: TechNewsWorld
- 5 Cyberthreats to Watch For in 2011 :: Livescience.com - Technology