A recent report from the Manhattan District Attorney's Office shows that authorities have been forcing Google to reset passcodes for older Android versions using search warrants. The company has been complying with these orders, but only for Android versions up to 5.0 (Lollipop). The reasons why Google hasn't been able to abide requests for newer versions is that it started implementing device-side encryption, and it simply does not have the decryption keys to perform the unlocks when authorities ask for it.
The report where this information was uncovered is called "On Smartphone Encryption and Public Safety," and was created as teaching material for investigators, detailing the current practices surrounding modern-day phone encryption practices.
Maybe the most interesting part revealed in the report is the fact that Google can perform this "phone unlocking" feature remotely.
"Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device," reads the report.
Phone encryption is a problem for law enforcement authorities
Full-disk encryption is also available for Android devices since version 5.0, but this is never turned on by default since it hinders phone performance.
The Manhattan District Attorney's Office expects this to go up since Android 6.0 Marshmallow comes with encryption enabled by default. Fortunately for them, Marshmallow is only used on 0.3% of all the Android phones on the market.
The official document also notes that Apple devices running iOS 8 or higher have the same built-in encryption system that prevents law enforcement agents from accessing the device.
The report also details how law enforcement uses brute-force attacks to crack passcodes on devices iOS 3 or lower. For iOS 4 to iOS 7, law enforcement sends the device to Apple, along with a hard drive, which then unlocks the device using a proprietary method.
0 comments:
Post a Comment