US Secret Service Prefers Belt Sanders And Third-Party Vendors To Cell Phone Encryption Backdoors

from the 80-grit-backdoor dept

The Christian Science Monitor has posted an interesting article detailing some (but certainly not all) of the ways the US Secret Service can obtain data from locked phones. In all the cases discussed in the article, the data itself wasn't encrypted, but was otherwise inaccessible without the password.

In addition to using third-party forensic software and hardware (like that of recently-hacked Cellebrite), the Secret Service also engages in a lot of manual labor to recover phone data. In one instance, the Secret Service was able to pull out the phone's flash memory and grab data from it -- although this process took it nearly a week.

A Huawei phone obtained by the agency called for a very unique brute force approach.

In another case, involving a password-locked Huawei H883G phone, agents bought multiple copies of the same model and practiced carefully polishing off material from the back of the device with an automated sander.

Often, agents can apply heat to phones to open them up. But Huawei built this particular model in a way that applying too much heat could damage its memory. So, agents sanded off material from the back of the Huawei H883G device to excise sexually explicit images for a case involving a different New Hampshire man.

What's not contained in the article are complaints about encryption. Either the Secret Service doesn't encounter that much of it, or it just doesn't find it to be that much of an obstacle when it does. Dave Aitel, a former NSA research scientist, is the only person quoted in the article who says anything about encryption -- and even he believes the Secret Service's combination of hardware and software is a better approach than giving government agencies encryption backdoors.

Watering down encryption on phones is "not a good path," says Dave Aitel, a former National Security Agency research scientist who currently runs the cybersecurity firm Immunity. "The path of hacking is much nicer – from a policy perspective."

[...]

"If a device is using encryption at rest ... that could be problematic, especially if the implementation of the encryption is good,” he said.

It could be problematic, but encryption keeps bad guys out the same way it keeps the good guys out. And there's nothing covered here that suggests the Secret Service is as opposed to encryption as FBI Director James Comey is. Granted, the Secret Service probably runs into fewer encrypted phones than the FBI does, but even in its more-limited selection, it seems to be making the progress it needs without suggesting the government force companies to give them all-access backdoor keys.

One other somewhat surprising revelation contained in the piece is the fact that small phone manufacturers might (inadvertently) be making more secure phones than the Apples and Samsungs of the world. Why? Because the limited market draws less interest from government contractors who develop cell phone-cracking tools. If there are fewer government buyers interested in cracking Brand X, no company is going to expend research resources trying to find a way around the phone's built-in protections.

"A cheaper phone that might be less popular, it seems like it'd be easier for the vendors to get into it," says [James] Darnell of the Secret Service phone lab. "But it's actually quite the opposite."

What's covered here indicates James Comey's "sky is falling darkening" proclamations are pretty much his alone. Law enforcement at large isn't demanding encryption backdoors. It's just the same handful of holdouts, albeit ones with inordinately-large soapboxes.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, belt sanders, encryption, hacking, secret service


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That Anonymous Coward (profile), 13 Feb 2017 @ 3:29am

    "If there are fewer government buyers interested in cracking Brand X, no company is going to expend research resources trying to find a way around the phone's built-in protections."

    Here we thought you were in the pocket of Google, now we can see you're in the pocket of M$ pushing Windows Phones.

    link to this | view in thread ]

  2. icon
    Richard Forno (profile), 13 Feb 2017 @ 4:08am

    "Privacy Through Obscurity" maybe?

    link to this | view in thread ]

  3. identicon
    dmca, 13 Feb 2017 @ 5:07am

    dmca

    Doesnt the DMCA preclude them to do this legally as it does every other person apparently.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 13 Feb 2017 @ 5:13am

    Re: dmca

    The rules are all set up to be one way. They apply to the plebes only. The ruling class is allowed to do anything and no one ever prosecutes them for it.

    link to this | view in thread ]

  5. icon
    Richard (profile), 13 Feb 2017 @ 5:34am

    Re:

    Security through obscurity does work - but not if you are a big target.

    To be secure you just need enough security to make it not worth the while of the attacker.

    Provided you are not an important target being different from everyone else helps because it means that the effort spent on breaking your security is specific to you.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 13 Feb 2017 @ 9:41am

    Re: dmca

    You say that like the DMCA actually helps anything the majority of the time.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 13 Feb 2017 @ 4:01pm

    I think you confuse the lack of public demand for decryption or backdoors with a lack of desire. They may just not want to make it an issue when the big dogs are already leading that fight.

    link to this | view in thread ]

  8. identicon
    Lawrence D’Oliveiro, 13 Feb 2017 @ 5:48pm

    Re: M$ pushing Windows Phones

    There are no Windows Phones. Phones don’t run Windows, they run Windows Phone. So there can only be Windows Phone phones.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 13 Feb 2017 @ 6:23pm

    Re: Re:

    Security through obscurity does work - but not if you are a big target.

    So do magic spells.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 14 Feb 2017 @ 1:44pm

    Re: Re: dmca

    You say that like the DMCA actually helps anything ever.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.