UK police turn to stealing in-use iPhones from suspects on the street, bypassing encryption
U.K. law enforcement has turned to legalized "street robbery" to avail themselves of suspected criminals' iPhones, snatching them after the owner unlocks them to prevent contents from being irretrievable by forensics teams.
Metropolitan Police specializing in major fraud and organized crime online came up with the tactic, according to BBC News. A covert team obtained a warrant and trailed one suspect, Gabriel Yew, in June.
A team of officers grabbed the iPhone -- and Yew -- while he was actively using the device, and swiped through screens to prevent the phone from locking while processing the arrest.
"Officers had to seize Yew's phone from him in the street," said the leader of the operation, Detective Chief Inspector Andrew Gould. "This evidence was crucial to the prosecution."
As a result of the seizure, the phone gave up information on how Yew conducted his fake credit card business, as well as evidence leading to four convictions. Also gleaned from the phone were another 100 suspects in the ring.
In the U.S., suspects' rights are potentially protected against mandatory password sharing by the Fifth Amendment to the Constitution, but a recent court order in Virginia allowed compulsion of a fingerprint or other information for biometric identification, such as Touch ID.
Bringing law enforcement's encryption problem to light, the FBI was unable to penetrate the data on the San Bernardino shooters' county-owned iPhone 5c, and lacked the tools to perform the task itself. It attempted to force Apple to develop software to break into the phone.
After a lengthy battle mostly in the court of public opinion, the FBI dropped its legal pursuit of Apple, and hired "grey-hat hackers," rumored to be Israeli firm Cellebrite, to break into the phone. No actionable data was found.
In November, Manhattan district attorney Cyrus Vance claimed that his office held 423 uncrackable Apple devices in evidence, with the iPhone 6 being the most prevalent. As recently as Sept. 2015, the office had around 100.
Metropolitan Police specializing in major fraud and organized crime online came up with the tactic, according to BBC News. A covert team obtained a warrant and trailed one suspect, Gabriel Yew, in June.
A team of officers grabbed the iPhone -- and Yew -- while he was actively using the device, and swiped through screens to prevent the phone from locking while processing the arrest.
"Officers had to seize Yew's phone from him in the street," said the leader of the operation, Detective Chief Inspector Andrew Gould. "This evidence was crucial to the prosecution."
As a result of the seizure, the phone gave up information on how Yew conducted his fake credit card business, as well as evidence leading to four convictions. Also gleaned from the phone were another 100 suspects in the ring.
The law, and compelling decryption
Presumably the U.K. investigators assumed that the Regulation of Investigatory Powers Act of 2000 (RIPA) would fail to induce Yew to give up the password or biometric information for Apple's Touch ID. Failure to comply with RIPA allows for a sentence of up to two years in jail -- Yew was given a five-year sentence as a result of his conviction earlier in December.In the U.S., suspects' rights are potentially protected against mandatory password sharing by the Fifth Amendment to the Constitution, but a recent court order in Virginia allowed compulsion of a fingerprint or other information for biometric identification, such as Touch ID.
Law enforcement's persistent needs
iOS 8, 9, and 10 all offer full-disk encryption, making it nearly impossible for anyone --including Apple --to access data on a device without its owner supplying the passcode. On products with Touch ID the situation is even more complex --while a person can potentially be compelled to supply their fingerprint, there's a limited time window in which to do so, and physical hacks may run into problems with the Secure Enclave.Bringing law enforcement's encryption problem to light, the FBI was unable to penetrate the data on the San Bernardino shooters' county-owned iPhone 5c, and lacked the tools to perform the task itself. It attempted to force Apple to develop software to break into the phone.
After a lengthy battle mostly in the court of public opinion, the FBI dropped its legal pursuit of Apple, and hired "grey-hat hackers," rumored to be Israeli firm Cellebrite, to break into the phone. No actionable data was found.
In November, Manhattan district attorney Cyrus Vance claimed that his office held 423 uncrackable Apple devices in evidence, with the iPhone 6 being the most prevalent. As recently as Sept. 2015, the office had around 100.
Comments
#RunOverToSuspectAndCoshHimBeforeHeCanLockHisPhoneGate
1b) This is now doable with the new MacBook Pros by creating another account that will launch an app you make with Automator that will call the shell script:
2) With the number of snatch-and-grab videos of iPhones being stolen that I've seen over the years, I wish that that Apple had an option that will automatically lock your iPhone if it gets disconnected from your Watch. To wit, out of Bluetooth range.
* Redundant statement.
This is also why you should password protect Notes. Even if they had the unlocked phone they couldn't access the secured notes without a password or fingerprint.
If Trump gets his way...there will be no security on anything. Because...well thats more convenient to government and law enforcement rather than doing it by the book.
I know you can't change the password without entering the current one, but I do think you can change the duration between when it will auto-lock again. Personally, I've been wanting a passcode lock option on the Settings apps from the state (and now a passcode or Touch ID lock option).
Police are going to have fun with this one.
I was thinking an option to lock the phone if an unregistered finger touches the home button.
Could be our credit cards next.
My Honor 7 with Android 6 allows me to use different fingerprints to unlock the device and I can set a print to give 'guest' access to the unit, limiting access to certain areas but not the entire phone. The fingerprint sensor also supports gestures and is situated on the rear of the phone, making one handed use very simple.
It would be simple for criminals with this setup to avoid these police tactics by making calls in guest mode and reserving full access to when they are in 'safe' environments
Apple could take these ideas further.
:sigh: The passcode is a requirement for Touch ID. If you don't use it within a certain timeframe the passcode is required. If you have too many failed attempts with Touch ID the passcode is required. If the device is restarted the passcode is required.
Ha. Having used both systems, I can assure you that for phone use, the Huawei implementation is far more useful than Apple's. Not just a little. It is miles ahead.
I fully expect Apple to take 'hints' from it in the future.
'Sigh'
Ha again. Finger print for convenience in conjunction with a passcode for security.
Example: online banking
My online banking app gives me the option to access my account using a passcode or directly if I have used the fingerprint sensor.
Trump has had conversations with Paul Ryan expressing that the office of the presidency has unbalanced the balance of power, so I find it less likely Trump will engage in the type of stuff you imagine.