Police now routinely crack and extract all phone data from arrestees


#1

Originally published at: http://boingboing.net/2017/06/07/uninformed-consent.html


#2

Even if you don’t opt for encryption on your phone, at least put some kind of unlock code on it. This will require a some amount of due process for the police to extract data. No cop ever seems to get in trouble for improperly thumbing through your phone even if it is a routine traffic stop. Even if you don’t have anything to hide, there is no reason to allow police access to your private information. I suggest asking the police officer if he minds if you look through his phone.


#3

It seems to me to be a given that tricksy hackers would make all manner of deeply compromised “cracking” tool available on the darkweb while also taunting/phishing girandarme around the globe to put these malware packages to use as “crime fighting” toys.


#4

Shit like this is why my phone has a passcode that contains uppercase, lowercase, numbers and symbols.

Go ahead and crack it - it’ll take a very long time :slight_smile:


#5

Reminder, you want a newer iPhone if you are really concerned about this:

as there is much debate about whether these devices can crack an iPhone 6 or 7. While there were no instances of iPhone 7’s being cracked, several 6’s were tapped into by both Tulsa and Tucson PD’s

Secure enclave is essentially unbreakable.

https://gist.github.com/anonymous/9f789aabd7e8681dec0cf5781aecf664

No matter what phone you use, you need to follow some basic safety rules to protect your data and the data of the people you talk to.

  1. Set a long passcode on your phone, or, even better, a passphrase. If someone can guess your passcode, all bets are off. With a decent passphrase, even governments may not be able to open your phone without your help.

  2. Use secure messaging software. Text messages are insecure even if you use a secure phone to send them. The best secure messaging software is called Signal, and its free to use. If you can’t use Signal, you can get some security from WhatsApp and Facebook’s Messenger, which license Signal’s technology. Don’t rely on the built-in messaging application, or on email.

  3. Be careful about cloud backups. Surprising though it made seem, if you’re using an iPhone, there is probably no computer in the world that is safer for your data than your phone. “Cloud” is computer jargon for “other people’s computers”. Consider backing things up only to a computer you own. If you do this, make sure you encrypt your backups: for iPhones, that’s a check box you may have to click in iTunes.

iOS only switched to more than a 4 digit passcode (10k possibilities) in the latest versions… and even a 6 digit passcode (1m possibilities) isn’t… great?


#6

Isn’t attempting to bypass electronic security measures a violation of our law and isn’t producing and selling devices intended to bypass electronic security measures also a crime?

Do the police have a special provision under the law that allows them to break the law or are all people provided equal protection under our law?


#7

If the police are using a known package, it would be interesting to look for exploits that a program waiting for it on the phone could take advantage of.

“No I don’t know anything about the ransomware on your PCs. Can I go now?”


#8

So basically no better than those sites that would rebundle freely available software with their own installer.


#9

They also routinely check to see if you have a Facebook page…as do any journalists, who take an interest in your story…


#10

I’ve heard “_ is essentially unbreakable” about so many things over the years, most of which are now obsolete with big bold warnings that they have critical vulnerabilities and are easily broken. A more realistic view might be “not yet known to be broken and currently considered the most secure option”. :weary:


#11

I’ll show you mine if you show me yours.

If the populace aren’t willing to use the same tactics upon police that police use upon them, they don’t feel any compulsion to change their methods. Don’t give people a break and let things slide just because they are cops, hold them to at least the same standards as anyone else.


#12

Every competent security person I know recommends recent iPhones. The math is sound, as is the hardware. As for Android…


#13

This topic was automatically closed after 5 days. New replies are no longer allowed.