Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption

New perspective on FBI, Interpol demands for backdoors

Vid Police Scotland to roll out encryption bypass technology, as one publication reported this week, causing some Register readers to silently mouth: what the hell?

With all the brouhaha over the FBI, like a broken record, once again demanding Apple backdoor its iPhone security, and tech companies under pressure to weaken their cryptography, how has the Scottish plod sidestepped all this and bypassed encryption?

What magic do they possess that world powers do not, as some of you asked us.

It's pretty simple: the force is using bog-standard Cellebrite gear that, typically, plugs into smartphones via USB and attempts to forcibly unlock the handsets, allowing their encrypted contents to be decrypted and examined by investigators.

This is widely used kit – sold to cops, businesses and spies around the world – and it will be set up in various police stations across Scotland. We're told selected officers will use the gear, when possible, to leaf through physically seized devices to see if the phones' data is relevant to specific investigations, and whether it's worth sending them off to a proper lab to extract the contents.

It's a controversial move here in the UK, in that politicians, worried about the legality of it all, previously pumped the brakes on the tech deployment – which was scheduled for mid-2018 and is only now actually happening.

What's going on?

Police Scotland is set to install 41 of what it refers to as "Cyber Kiosks" in stations around the country. The computers, reportedly costing £370,000 in total, will be used to attempt to view data from locked iOS and Android handsets in the course of criminal investigations.

"The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident," the Scottish cops say of the program.

"This will allow lines of enquiry to be progressed at a much earlier stage and devices that are not relevant to an investigation to be returned quicker."

The kiosks are built by Cellebrite, an Israeli vendor that specializes in providing law enforcement agencies with gear to bypass passcode locks on handsets. You can see one in action in this promo video from Police Scotland:

Youtube Video

Unlike the more secretive phone-unlocking-hardware maker GrayShift, Cellebrite is somewhat more upfront and straightforward about its products, openly boasting about its ability to bypass lock screens on iPhone and Android handsets.

The technology works in various ways: Cellebrite says for some phone models, its equipment copies a custom bootloader to the device's RAM and runs that to bypass security mechanisms [PDF]. In some other cases, such as with Android devices, it tries to temporarily root the handset. The equipment can also attempt to exploit vulnerabilities in phone firmware, including iOS, to ultimately extract data.

It really depends on the hardware and operating system combination. Apple and Google tend to patch vulnerabilities exploited by this type of unlocking gear, in a security arms race of sorts.

Cellebrite claims its top-end gear can "bypass or determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices." Privacy International has an analysis of Cellebrite's advertised – stress, advertised – capabilities here.

According to Police Scotland, the kiosks will not store any copies of handsets' storage memory, and instead will be used to observe data on device so that officers can decide whether to return the handsets to their owners or send the phones off for further investigation by a forensics lab.

Additionally, the police claim, officers are not gaining any additional powers; rather, the equipment just speeds up the triage process that would have previously required a lab, we're told. Any searches using the kiosks will be carried out on the same legal basis [PDF] as any other search: officers are allowed to look through seized items that are suspected to be evidence of a crime.

iphone unlock

UK cops blasted over 'disproportionate' slurp of years of data from crime victims' phones


"The common law of Scotland operates no differently in relation to the seizure of a digital device by a police officer in the course of an investigation to any other item which is reasonably suspected to be evidence in a police investigation or incident," according to the force.

"Therefore, if a police officer in the execution of a lawful power seizes a digital device, the law allows for the examination of that device for information held within."

An FAQ [PDF] adds that in special cases, including those involving child abuse images, internal or disciplinary cases, and devices already known to have evidence, the kiosks will be bypassed and the phones sent directly to the forensics lab.

The roll-out of these terminals is set to begin on January 20 and completed by the end of May.

And breathe out

Unfortunately, none of this should be a surprise to you. Depending on your phone model, there are various ways for the police to potentially delve into your device.

As Forbes pointed out earlier this week, cops in the US last year tried to use a GrayShift product to read the contents of a locked and encrypted iPhone 11 Pro Max, according to a search warrant. It's not clear whether the extraction was actually successful; the police paperwork merely declares a "USB drive containing GrayKey-derived forensic analysis" of the iPhone as evidence.

Still, if all this unlocking kit is out there, one wonders why the FBI and others are demanding law-enforcement backdoors in gadgets. Is it because it doesn't always work? Or are the Feds tired of forking out wads of cash for gear made by Cellebrite, GrayShift et al, and want a cheap and easy built-in solution instead? Or both? ®

Other stories you might like

  • Why should I pay for that security option? Hijacking only happens to planes

    But if I give him my bank details, I'll be rich!

    On Call Friday is here. We'd suggest an adult beverage or two to celebrate, but only if you BYOB. While you fill your suitcase, may we present an episode of On Call in which a reader saves his boss from a dunking.

    Our tale comes from a reader Regomised as "Ed" and is set earlier this century. Ed was working as a developer in a biotech lab. He rarely spoke to the director, but did speak to the director's personal assistant a lot.

    This PA was very much a jack of all trades (and master of... well, you get the drift). HR? He was in charge of that. Ops? That too. Anything technical? Of course. Heck, even though the firm had its very own bean counter, one had to go through the PA to get anything paid or budgets approved.

    Continue reading
  • UK, Australia, to build 'network of liberty that will deter cyber attacks before they happen'

    Enhanced 'Cyber and Critical Technology Partnership' will transport crime to harsh penal regime on the other side of the world

    The United Kingdom and Australia have signed a Cyber and Critical Technology Partnership that will, among other things, transport criminals to a harsh penal regime on the other side of the world.

    Australian foreign minister Marise Payne and UK foreign secretary Liz Truss yesterday inked the document in Sydney but haven't revealed the text of the pact.

    What we do know is that the two nations have pledged to "Increase deterrence by raising the costs for hostile state activity in cyberspace – including through strategic co-ordination of our cyber sanctions regimes." That's code for both nations adopting the same deterrents and punishments for online malfeasance so that malfeasants can't shop jurisdictions to find more lenient penalties.

    Continue reading
  • Japan's Supreme Court rules cryptojacking scripts are not malware

    Coinhive-slinger wins on appeal

    A man found guilty of using the Coinhive cryptojacking script to mine Monero on users' PCs while they browsed the web has been cleared by Japan's Supreme Court on the grounds that crypto mining software is not malware.

    Tokyo High Court ruled against the defendant, 34-year-old Seiya Moroi, on charges of keeping electromagnetic records of an unjust program. That unjust program was Coinhive, a "cryptojacking" script that mines for Monero by pinching some CPU cycles when users visit a web page that includes the code. Moroi ran the code on his website.

    Coinhive has been blocked by malware and antivirus vendors as it slows down other processes, increases utility bills, and creates wear and tear on your device. But in many ways Coinhive's Javascript code acts no differently to advertisements.

    Continue reading

Biting the hand that feeds IT © 1998–2022