Police have tools to crack encrypted smartphones

Originally published at: https://boingboing.net/2020/10/21/police-have-tools-to-crack-encrypted-smartphones.html

Which is why my phone password is 13 digits, upper and lower case, with numbers and symbols thrown in. And if I have to travel overseas (like we did last year), I delete just about everything off of it anyway, including all email accounts. Because fuck the government, they don’t have a right to search my shit unless I’m under suspicion and they’ve obtained a proper warrant.

12 Likes

To the government we’re always under suspicion. Which is one of the reasons I support the EFF and also bought a librem.

ETA: I’m agreeing with you here, not trying to make it seem like you meant suspicion alone is enough for a search, just in case thats unclear

7 Likes

Just keep in mind there is a cheaper shortcut to crack passwords:

11 Likes

I hope it’s not a Librem USA.:grinning:

While I appreciate the effort, I think a phone for $750 with specs like a $150 Android device that doesn’t give you a simple way to connect to the social networks your family and friends are on will find a large audience.

Maybe a Pixel with graphene is a cheaper option? At least there isn’t a 6 month wait for it.

Edit: graphene, not copperhead (which is only available as enterprise deployment).

2 Likes

This kind of begs the question. If I was looking for a way to easily run social media apps and get the cheapest option of a secured android phone, obviously librem is not the way to do that. As it is, I’ve never installed a twitter, or FB, or IG, or other social media app on my phone anyway so they wouldn’t be missed. Also I’m not a fan of giving google a penny (graphene and copperhead only run on phones purchased from google).
I was one of the early funders of librem viewing it as much (or more) as a donation to inch the electronics market toward more open-source, secure hardware as a new phone purchase. (also the price and wait were not the same for the initial funders)

Here’s a list of Open Source Mobile OS alternatives to android, and here’s a few more alternatives, not all of which are open source

Device support seems best for LineageOS and /e/.

PostmarketOS just runs on a few devices for now, but the idea of using a phone for 10 years is quite nice.

3 Likes

Yeah, I should have phrased that in a different way, I see how that comes across as criticizing your choice.

I do agree it’s not a good idea to give google a penny, however one could always obtain a used Pixel. The last time I bought a new phone was 2006 or so.

As I said above, Librem or /e/ support lots of phones.

And I do think it’s important that people are aware they do have a choice, even if they are on a budget, and want or even need some Android apps.

2 Likes

Agreed. It has been a recent change in my life that my consumer choices don’t have to be dictated by what I can afford. I’ve looked into most of the open source android alternatives in your links and similarly for the past decade have been buying older android phones that were chosen for compatibility with one of the alternative FOSS OSs. That still leaves the issue of hardware being closed though. Even if you run a secure OS, if there are unknown backdoors in the hardware and firmware, there is a problem.

2 Likes

Which is why we can’t rely on technology to fix societal problems. This wouldn’t matter if police were following the Constitution with regards to evidence gathering, 4th amendment rights, warrants, etc, but they don’t. We have to fix the bad laws, have proper oversight, etc. The technology is always crackable and it won’t protect us from corruption and fascism.

6 Likes

I have full on passwords set for my phones, but it’s been a definite hassle in the COVID era since Apple just kind of assumed FaceID would always work when they designed it. My passwords aren’t simple either, but I’ve gotten pretty good at tapping it in quickly, especially when using Apple Pay.

Between TouchID and FaceID, even before COVID, I’ve had to enter my password way more often with FaceID. TouchID was annoyingly failure prone when you got sweaty or just had wet hands, but it seems like it was far less prone to registering an authentication attempt randomly and locking itself out after those erroneously detected authentication attempts failed.

In some ways I don’t mind so much that law enforcement can crack a phone for $2,000 after they mail it off to some firm. That’s a high enough bar that they can’t just do it on a whim or to harass someone. That budget needs to be allocated and approved, and the whole chain of custody needs to be well documented. It’s way too expensive and involved for a casual fishing operation. The expense makes it more difficult to abuse.

Just because the phone is open source doesn’t mean the Police will have a hard time cracking it however. It’s not like Apple is helping them out on the closed source phones. The only advantage is that the phone might be obscure enough that nobody has any experience with it.

2 Likes

I chose all numbers, because (apparently) I have fat fingers and can’t type on an iPhone for s**t.
But, it is 15 digits long and that would take close to 4 million years at 8 guesses per second to run through them all. Good enough

True. However, that comes at a certain price, too.

Sourcing exploits for a niche OS is significantly harder. Some of those distributions are even built with security in mind, so they should offer even more protection that mere obscurity.

However, cracking is not the only thing you should be worried about, but also ways of using your own tracking data against you, like geofencing warrants, any OS that doesn’t track you and send your location to Google (or Apple, they dodge questions about geofencing warrants) is an advantage here. So any of these alternatives would be a good idea for protesters for example.

2 Likes

That’s why I keep all my data in handwritten 5 year journals encrypted from one time pads and double encrypted in book code.

But I can’t read my own handwriting anymore :woman_shrugging:

5 Likes

I use a special code like that language in the ST:TNG episode “Darmok.” Anyone can read what I’ve written, but they’ll never understand it. As a warning, I put a temptingly-named file in an obvious location. That one is full of Pig Latin, so that snoops will experience the thrill of victory, followed by the agony of defeat. :imp:

2 Likes

Harbor Freight $3.99

Easy Peasy!

2 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.