Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption

New perspective on FBI, Interpol demands for backdoors

133 Reg comments Got Tips?

Vid Police Scotland to roll out encryption bypass technology, as one publication reported this week, causing some Register readers to silently mouth: what the hell?

With all the brouhaha over the FBI, like a broken record, once again demanding Apple backdoor its iPhone security, and tech companies under pressure to weaken their cryptography, how has the Scottish plod sidestepped all this and bypassed encryption?

What magic do they possess that world powers do not, as some of you asked us.

It's pretty simple: the force is using bog-standard Cellebrite gear that, typically, plugs into smartphones via USB and attempts to forcibly unlock the handsets, allowing their encrypted contents to be decrypted and examined by investigators.

This is widely used kit – sold to cops, businesses and spies around the world – and it will be set up in various police stations across Scotland. We're told selected officers will use the gear, when possible, to leaf through physically seized devices to see if the phones' data is relevant to specific investigations, and whether it's worth sending them off to a proper lab to extract the contents.

It's a controversial move here in the UK, in that politicians, worried about the legality of it all, previously pumped the brakes on the tech deployment – which was scheduled for mid-2018 and is only now actually happening.

What's going on?

Police Scotland is set to install 41 of what it refers to as "Cyber Kiosks" in stations around the country. The computers, reportedly costing £370,000 in total, will be used to attempt to view data from locked iOS and Android handsets in the course of criminal investigations.

"The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident," the Scottish cops say of the program.

"This will allow lines of enquiry to be progressed at a much earlier stage and devices that are not relevant to an investigation to be returned quicker."

The kiosks are built by Cellebrite, an Israeli vendor that specializes in providing law enforcement agencies with gear to bypass passcode locks on handsets. You can see one in action in this promo video from Police Scotland:

Youtube Video

Unlike the more secretive phone-unlocking-hardware maker GrayShift, Cellebrite is somewhat more upfront and straightforward about its products, openly boasting about its ability to bypass lock screens on iPhone and Android handsets.

The technology works in various ways: Cellebrite says for some phone models, its equipment copies a custom bootloader to the device's RAM and runs that to bypass security mechanisms [PDF]. In some other cases, such as with Android devices, it tries to temporarily root the handset. The equipment can also attempt to exploit vulnerabilities in phone firmware, including iOS, to ultimately extract data.

It really depends on the hardware and operating system combination. Apple and Google tend to patch vulnerabilities exploited by this type of unlocking gear, in a security arms race of sorts.

Cellebrite claims its top-end gear can "bypass or determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices." Privacy International has an analysis of Cellebrite's advertised – stress, advertised – capabilities here.

According to Police Scotland, the kiosks will not store any copies of handsets' storage memory, and instead will be used to observe data on device so that officers can decide whether to return the handsets to their owners or send the phones off for further investigation by a forensics lab.

Additionally, the police claim, officers are not gaining any additional powers; rather, the equipment just speeds up the triage process that would have previously required a lab, we're told. Any searches using the kiosks will be carried out on the same legal basis [PDF] as any other search: officers are allowed to look through seized items that are suspected to be evidence of a crime.

iphone unlock

UK cops blasted over 'disproportionate' slurp of years of data from crime victims' phones

READ MORE

"The common law of Scotland operates no differently in relation to the seizure of a digital device by a police officer in the course of an investigation to any other item which is reasonably suspected to be evidence in a police investigation or incident," according to the force.

"Therefore, if a police officer in the execution of a lawful power seizes a digital device, the law allows for the examination of that device for information held within."

An FAQ [PDF] adds that in special cases, including those involving child abuse images, internal or disciplinary cases, and devices already known to have evidence, the kiosks will be bypassed and the phones sent directly to the forensics lab.

The roll-out of these terminals is set to begin on January 20 and completed by the end of May.

And breathe out

Unfortunately, none of this should be a surprise to you. Depending on your phone model, there are various ways for the police to potentially delve into your device.

As Forbes pointed out earlier this week, cops in the US last year tried to use a GrayShift product to read the contents of a locked and encrypted iPhone 11 Pro Max, according to a search warrant. It's not clear whether the extraction was actually successful; the police paperwork merely declares a "USB drive containing GrayKey-derived forensic analysis" of the iPhone as evidence.

Still, if all this unlocking kit is out there, one wonders why the FBI and others are demanding law-enforcement backdoors in gadgets. Is it because it doesn't always work? Or are the Feds tired of forking out wads of cash for gear made by Cellebrite, GrayShift et al, and want a cheap and easy built-in solution instead? Or both? ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

$2.07bn? That's one Dell of a deal to offload infosec biz RSA

Texan tech giant hacks off part of security real estate, sells to consortium

Will Police Scotland use real-time discrimination-happy face-recog tech? Senior cop tells us: We won't... for now

After panel urges halt to live matching, top brass says it would only be 'used in an intelligence-led, targeted way'

Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'

Updated Who will join the IT giant in staying away from San Francisco?

RSA Conference loses one more abbreviated tech giant after AT&T disconnects over novel coronavirus fears

RSA Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering

'I give fusion power a higher chance of succeeding than quantum computing' says the R in the RSA crypto-algorithm

RSA Expert panel sesh turns heated on infosec conference's opening day

Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA

RSA Before you remove the mote from thy hacker's eye, remove the beam from the eyes of your, er, Teams

'iOS security is f**ked' says exploit broker Zerodium: Prices crash for taking a bite out of Apple's core tech

Million-dollar payouts zero out as hackers follow the money en masse

You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too

Patch Thursday is for you, Patch Tuesday is for everyone else

Biting the hand that feeds IT © 1998–2020