Android screen lock bests FBI

A court filing from an FBI Special Agent reports that the Bureau's forensics teams can't crack the pattern-lock utility on Android devices' screens. This is moderately comforting, given the courts' recent findings that mobile phones can be searched without warrants. David Kravets writes on Wired:

A San Diego federal judge days ago approved the warrant upon a request by FBI Special Agent Jonathan Cupina. The warrant was disclosed Wednesday by security researcher Christopher Soghoian,
In a court filing, Cupina wrote: (.pdf)
Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone. A pattern lock is a modern type of password installed on electronic devices, typically cellular telephones. To unlock the device, a user must move a finger or stylus over the keypad touch screen in a precise pattern so as to trigger the previously coded un-locking mechanism. Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.
Rosenberg, in a telephone interview, suggested the authorities could “dismantle a phone and extract data from the physical components inside if you’re looking to get access.”
However, that runs the risk of damaging the phone’s innards, and preventing any data recovery.

FBI Can’t Crack Android Pattern-Screen Lock

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: android • law • law enforcement • mobile • privacy • security

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

haineux

Even if they are, technically, “Security by obscurity,” sufficiently difficult computer security schemes rapidly cause people to switch to another attack mode, in this case, judicial.
- http://daniel.friesen.name/ Daniel Friesen
  
  Every security system relies on some form of obscurity. Passwords, keys, and patterns are not security by obscurity.
  
  That said… the real downside to pattern unlock is sometimes you can find out the pattern just by looking at the grease smudges on the phone.
  - digi_owl
    
    reminds me of the old trick about the worn out buttons on a keypad. Sure, your missing the sequence. But you have strongly reduced the number of combinations.
- Shashwath T.R.
  
  No, that’s not security by obscurity – a password is a secret, but the method by which it works is not obscure by any means.
  
  Using (say) RSA keys is not security by obscurity, but using your own made up cryptographic system would be…
Douglas Gardner

Couldn’t they just look at the grease smears invariably left on the phone?
- MelSkunk
  
  This is exactly why I clean my phone screen often.
- jhoosier
  
  Only if you hadn’t done anything after unlocking it. It’s easily solved by wiping it on your pants, shirt, palm, whatever.
elix

I guess they haven’t heard of the crescent wrench cipher…
http://twitter.com/steve_mayne Steve Mayne

Not to mention that modern Android phones have the option to encrypt their entire storage – so dismantling the phone wouldn’t get them any closer to their goal.
- phisrow
  
  The key to the encrypted blob is still on the phone somewhere(the swipe-unlock doesn’t provide enough entropy for a crypto key, so most or all of the key has to be stored somewhere).
  Now, depending on implementation, the stored key might be in tamper resistant memory of some kind, and liable to nuke itself if you start poking around where you don’t belong…
  - conor rynne
    
    could it possibly be hosted at Google?
http://gplus.to/rn3aoh Eugene Medvedev

I don’t understand how exactly did they manage not to open it, am I missing something?…
Encrypted storage or not, all Android phones can boot into recovery mode. While in recovery mode, a custom recovery image, usually used when rooting and customizing, can be installed. That custom recovery image allows one to back up the entire internal memory onto the SD card, and it also allows you to mount the SD card and get that backup off it without ever booting far enough to get the pattern lock. And you usually can just remove the SD card and read it separately.Even without replacing the recovery image, with most models you should be able to backup all the data with ADB once you boot into recovery mode and unlock debug functions with the ADK, why couldn’t they do that?
- failquail
  
  I was about to post something similar myself.
  
  It’s quite easy to dump image files of the internal storage to sdcard.
  Of course then it’s a bit more involved getting the data you want from that, but certainly not impossible.
  - http://gplus.to/rn3aoh Eugene Medvedev
    
    From the digital forensics POV this should be the preferred method in the first place, since software can’t decide the phone is compromised and wipe everything if you imaged the whole thing.
jackie31337

Really, FBI? My daughter was able to defeat the screen lock on my husband’s tablet when she was 7. She just watched him unlock it and copied the pattern. His finger grease on the screen probably helped, too.
- SamSam
  
  Yeah… that’s totally like that movie, where the FBI didn’t know the guy’s password and I was like “Really FBI? I saw the guy type “swordfish” in the first five minutes of the movie!!! Weren’t you guys paying attention?”
lyd

The lockout after 5 attempts prompts you to reset the lock by entering your google account creds. Why wouldn’t the FBI just subpoena google to surrender the account info?
- wysinwyg
  
  RTFA.
  
  Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.
Mattias Björkas

I have always wondered why the Android phone lock is designed the way it is. Even if you catch an unintentional glimpse of the screen when it’s being unlocked by someone, the colourful, graphichal representation of the swipe pattern simply becomes etched into your retina, after which you can easily replicate the swipe. This is a fun feature if the person unlocking is a friend, but if not, I only feel uncomfortably tempted to move into the world crime.
liveTexas

Why is everyone pointing out Their “unlocking strategy”?
Write an App & use AdWords or something !
http://www.facebook.com/people/Deep-Thought-Lab/100003635090067 Deep Thought Lab

Hey, we found a simple way to gain unlimited attempts at gesture unlocking an Android phone and shot a video walk-though. If the FBI had done this, they would not have to have subpoenaed Google for the phone owner’s credentials. Here’s our write-up: http://blog.deepthoughtlab.com/2012/03/how-to-gain-unlimited-android-gesture.html
OoerictoO

or they could have just compelled the user to reveal their password/pattern. recent precedents show this does not fall under 5th amendment protection. which is a farce, IMO. and yeah, what others said about recovery mode backup…

didn’t we have this conversation last week?