beanlicker
02-28-2013, 05:19 AM
Forbes Security (http://www.forbes.com/security) 2/26/2013
You may think of your iPhone as a friendly personal assistant. But once it’s alone in a room full of law enforcement officials, you might be surprised at the revealing things it will say about you.
On Tuesday the American Civil Liberties Union published a report (http://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light) it obtained from a drug investigation by the Immigration and Customs Enforcement (ICE) agency, documenting the seizure and search of a suspect’s iPhone from her bedroom. While it’s no surprise that a phone carries plenty of secrets, the document presents in stark detail a list of that personal information, including call logs, photos, videos, text messages, Web history, eight different passwords for various services, and perhaps most importantly, 659 previous locations of the phone invisibly gathered from Wifi networks and cell towers.
“We know the police have started using tools that can do this. We’ve known the iPhone retains records of the cell towers it contacts. But we’ve never before seen the huge amount of data police can obtain,” says ACLU technology lead Chris Soghoian, who found the report in a court filing. “It shouldn’t be shocking. But it’s one thing to know that they’re using it. It’s another to see exactly what they get.”
In this case, ICE was able to extract the iPhone’s details with the help of the forensics firm Cellebrite. The suspect doesn’t seem to have enabled a PIN or passcode. But even when those login safeguards are set up in other cases, law enforcement have still often been able to use tools to bypass or brute-force a phone’s security measures (http://www.forbes.com/sites/andygreenberg/2012/03/27/heres-how-law-enforcement-cracks-your-iphones-security-code-video/). Google in some cases helps law enforcement to get past Android phones’ lockscreens (http://paranoia.dubfire.net/2012/03/fbi-seeks-warrant-to-force-google-to.html), and if law enforcement can’t crack a seized iPhone, officers will in some cases mail the phone to Apple, who extract the data and return it stored on a DVD along with the locked phone (http://www.aclu.org/blog/technology-and-liberty-national-security-free-speech/keeping-government-out-your-smartphone).
The phone search and seizure described in the documented case required a warrant. But the legality of warrantless phone searches remains an open issue. At U.S. borders or when arresting a suspect, for instance, police and government officials have argued that no such warrant is required.
Failing legal protections, the ACLU’s Soghoian says those who’d like to keep prying eyes away from their handsets’ data should use long, complex passcodes and encrypt their phone’s storage disk (http://www.aclu.org/blog/technology-and-liberty-national-security-free-speech/keeping-government-out-your-smartphone). “While the law does not sufficiently protect the private data on smartphones, technology can at least provide some protection,” Soghoian writes (http://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light).
Here’s the full court document detailing the iPhone’s forensic search.
http://htmlimg4.scribdassets.com/1eevamvdq82663t1/images/1-2cac421af5.jpg (http://htmlimg4.scribdassets.com/1eevamvdq82663t1/images/1-2cac421af5.jpg)
You may think of your iPhone as a friendly personal assistant. But once it’s alone in a room full of law enforcement officials, you might be surprised at the revealing things it will say about you.
On Tuesday the American Civil Liberties Union published a report (http://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light) it obtained from a drug investigation by the Immigration and Customs Enforcement (ICE) agency, documenting the seizure and search of a suspect’s iPhone from her bedroom. While it’s no surprise that a phone carries plenty of secrets, the document presents in stark detail a list of that personal information, including call logs, photos, videos, text messages, Web history, eight different passwords for various services, and perhaps most importantly, 659 previous locations of the phone invisibly gathered from Wifi networks and cell towers.
“We know the police have started using tools that can do this. We’ve known the iPhone retains records of the cell towers it contacts. But we’ve never before seen the huge amount of data police can obtain,” says ACLU technology lead Chris Soghoian, who found the report in a court filing. “It shouldn’t be shocking. But it’s one thing to know that they’re using it. It’s another to see exactly what they get.”
In this case, ICE was able to extract the iPhone’s details with the help of the forensics firm Cellebrite. The suspect doesn’t seem to have enabled a PIN or passcode. But even when those login safeguards are set up in other cases, law enforcement have still often been able to use tools to bypass or brute-force a phone’s security measures (http://www.forbes.com/sites/andygreenberg/2012/03/27/heres-how-law-enforcement-cracks-your-iphones-security-code-video/). Google in some cases helps law enforcement to get past Android phones’ lockscreens (http://paranoia.dubfire.net/2012/03/fbi-seeks-warrant-to-force-google-to.html), and if law enforcement can’t crack a seized iPhone, officers will in some cases mail the phone to Apple, who extract the data and return it stored on a DVD along with the locked phone (http://www.aclu.org/blog/technology-and-liberty-national-security-free-speech/keeping-government-out-your-smartphone).
The phone search and seizure described in the documented case required a warrant. But the legality of warrantless phone searches remains an open issue. At U.S. borders or when arresting a suspect, for instance, police and government officials have argued that no such warrant is required.
Failing legal protections, the ACLU’s Soghoian says those who’d like to keep prying eyes away from their handsets’ data should use long, complex passcodes and encrypt their phone’s storage disk (http://www.aclu.org/blog/technology-and-liberty-national-security-free-speech/keeping-government-out-your-smartphone). “While the law does not sufficiently protect the private data on smartphones, technology can at least provide some protection,” Soghoian writes (http://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light).
Here’s the full court document detailing the iPhone’s forensic search.
http://htmlimg4.scribdassets.com/1eevamvdq82663t1/images/1-2cac421af5.jpg (http://htmlimg4.scribdassets.com/1eevamvdq82663t1/images/1-2cac421af5.jpg)