Just how secure is your iPhone/Moto X/Galaxy S6,456,789? As it turns out, pretty damn secure… provided you’re not concerned with law enforcement’s access to your data. Law Enforcement does not need your permission, your passwords or even your name to see everything in every corner of your mobile life. All they need is your phone.
Got your attention? Good. It should.
As I oftentimes do, I found myself in a rathole in the last week and half through a rather random moment; I’d found three decrepit Droid X’s that my wife and I had used until about 2011. With a gaggle of kids and a penchant for doing a ton of mobile work, there were undoubtedly treasures to find across the phones, but the question was, “How?”
After a few minutes of tinkering, I was able to get the devices to power on, and even was able to access one of the three phones–without knowing the lockscreens, associated Google accounts or even having WiFi access (remember, all phones were deactivated, so none were operable on their carrier’s network)… but only because I’d rooted and re-imaged the device once upon a time and had a penchant for leaving USB debugging enabled. (“What’s ‘rooted’ mean?”)
So, how hard can it be to unlock the other two time capsules? I thought, “Okay, let’s be logical here–the technology is over three years old, and we live in an age of access. Motorola and LEO’s (law enforcement officers) gain access to effectively all devices these days, how hard would it be to crack a marooned Gingerbread (2.2.1) phone?”
As it turns out, pretty damn hard for a civilian, depending on your scenario.
My scenario was thusly:
1) No PIN/pattern known
2) No WiFi—No WiFi means no Google synchronization. No Google synchronization means the trick of downloading a “unlock” app, letting it sync to your device and waiting for it to work was not going to work for me.
2) No root access—The remaining phones had never been rooted. An unlocked bootloader was irrelevant to this issue because Motorola only recently began to broadly support this concept (mid-2012) and did not roll it back to the Droid X. Root access was always obtained through code exploits.
So what does that rule out? ClockWorkMod and TWRP, for one, along with any other custom bootloaders.
3) No USB Debugging enabled—so no ADB or SDK options.
So what’s a guy to do?
I dug… and dug… and dug. It was becoming less about the actual data and more about the challenge. Cracking was a pasttime I loved as a kid—growing up on WarGames and Hackers and workstations abound in the 80’s and 90’s, it becomes an honestly-found way to pass the late Friday nights and summer days. Surely I wasn’t going to let some tiny little obsolete device beat me.
What I found was fairly black-and-white—a lot can be done to get at a phone, IF the conditions above are met in some singular or combinatory manner. However, if all options are off the table, civilians are SOL.
There are no less than a half-dozen hardware solutions (either dongle/software or full-size appliance/software combinations) that are able to either brute-force or otherwise exploit nearly every phone… and law enforcement agencies have access to every single one. Only law enforcement.
White-hat guys who aren’t willing to associate themselves directly to an agency are unable to purchase the devices—so professional recovery services for damaged devices are somewhat crippled. Not the Law, though.
Local, state and federal agencies can purchase these devices (see UFED for the leader of the pack) at a discounted rate, and now, a significant number of states have precedent to allow for phone search in any arrest.
Buckle down, folks. You don’t have the means to search your phone devices, but if you get arrested, hey, make sure you have that old device handy—they can always search it for you!
Disclaimer: The opinions expressed herein are solely those of Jamie Watt, and not of any parties, groups or employers to which he is associated.