back to article PhD pimp's mobe lock screen outwits Feds - Google told to help

A judge has backed a request from the FBI from Google for assistance in obtaining the secrets held on the Android smartphone of a hustler described as a founding member of the "Pimpin' Hoes Daily" (PhD) gang in San Diego. The FBI is seeking information that includes tips on how to get past a pattern lock. Dante Dears was …

COMMENTS

This topic is closed for new posts.
  1. Lamont Cranston
    Unhappy

    Sounds about right.

    Shows the inherent danger with touchscreen interfaces, too - when my LG Cookie packed up, there was no way to get anything off the damn thing, which is why I now make a point of buying phones with keyboards (and making regular backups, obviously).

    Still, I'm slightly upset that law enforcement don't really have that cable that they use on CSI - you know, the one that fits any phone and gives instant access to everything on it? You'll be telling me that they can't really enhance 2 pixels of CCTV footage into a high-res picture of someone's face, next.

    1. big_D Silver badge
      FAIL

      Re: Sounds about right.

      And I was upset, when I was told a DNA test would take weeks to complete. What is CSI's number? They can do it in a metter of seconds! :-D

      1. James Cooke

        Re: Sounds about right.

        Depends on what you want to find out, if it's just whether two samples are from the same person that could easily be done in a day.

    2. Tom 35
      Joke

      Well

      That's the way the Cookie crumbles.

  2. AdamT

    Surprising

    I'd assumed that if you had physical access to the phone then a bit of dissassembly and poking around the internal sd/flash/whatever would reveal everything. Similar to the situation before drive encryption was common where sufficient physical access to the PC to remove the drives was all you needed to get round windows passwords, etc. Perhaps that level of intrusiveness into the phone compromises the evidence?

  3. fLaMePrOoF
    FAIL

    Brain dead feds...

    "Frustrated in its attempts to get at the secrets on the phone, the FBI filed a warrant on in order to compel Google to assist it."

    If the FBI, one of the largest law enforcement agencies in the world, had to resort to this route rather than breaking into the phone themselves (something which most reasonably intelligent / IT literate human beings should be able to do in no more than a few hours / Google searches) then frankly they are morons.

    1. Tom 13
      WTF?

      Re: Brain dead feds...

      If they break into it themselves instead of going this route, they lose admissibility of all data to future court cases. I for one am happy to see them following proper procedures in this case.

      1. fLaMePrOoF
        Boffin

        Re: Brain dead feds...

        This is simply wrong.

        Look to another recent case where encryption keys were refused; the feds eventually broke the encryption thus negating the need to enforce the court order demanding they keys be revealed.

        In this case as there they have reasonable grounds to suspect incriminating material is held on the phone and they have the same right to search it as they would to search a house or a car.

        13 thumbs down? Maybe 13 people who read your comment and didn't stop to consider that it might be complete and utter bollocks..?

    2. Field Marshal Von Krakenfart
      Holmes

      Re: Brain dead feds... & Supprised AdamT

      Normal forensic practice when working with hardware is copy the device and work on that leaving the original piece of hardware untouched. That way if you trigger any logic bombs that deletes data they can copy the original devoice again and start over.

      Maybe the Feeble Brained Inbreds have already extracted everything from the 'phone but thet don't want anyone to know they can, now all they are going is through the motions to show that the evidence chain has not been contaminated.

      1. dssf

        Re: Brain dead feds... & Supprised AdamT

        LOL! I thought the story would be about a dirty pimp or spy posing as a PhD at a Uni...

        Exactly my thoughts... even if they don't win the court order, they can still keep tabs, and hence label people as "persons of interest"...

        Plus, if they couldn't crack it, they'd be incompetent.

        When I locked my android phone, after 3 or 4 failed attempts, a screen popped up offering me an unlock if I properly entered my registered gmail e-mail address and my password.

        Now, if the FBI had had proper warrants still standing to tap his communications, it is possible that they only needed to enter an email and password. Now, if the offender was paranoid or "efficient", he probably had other tougher-to-monitor ways of changing his password. Then, maybe (if this part is real/factual) the Agent entering the password (alone or under observation of a partner to reduce entry messups) the Agent handling the entry simply persisted in using the wrong password, which they thought was current.

        But, "locking the phone", does that also connote "bricking"? Not sure given the story's writing.

        But, I've ALWAYS been of the mind that warrants are just "a going-through-the-motions" thing so that the public doesn't collectively get hip and slyly thwarts investigations or that the public doesn't open, virulently, violently lashes back.

        In that case -- ESPECIALLY if MI4 and MI5 have the same skills/powers -- then, imprisoning someone for refusal to provide one's password is just specious retaliation to "show who's the boss". OTOH, purportedly, we here in the USA have the right to not self-incriminate. A mighty fine right if you're innocent, or truly/factually guilty. Especially it can be might fine in the case one is clean, but was abused by law enforcement, and a judge actually sides with the accused. Doesn't *always* work out, but when it does, some judges actually have the balls (or counterpart parts) to jam Enforcement up against a wall when it is blatant abuse of a subject of investigation.

        Personally, I'd rather the sleight of hand and gamesmanship be dispensed with and they just make a copy, step around any logic bombs as best as they can, and leave people (at least those who have businesses or schooling that would collapse in the face of a confiscated/stolen hard drive) with their systems so they can work or study. After all, FBI/CIA/MI4/MI5 supposedly have various and very capable monitoring powers. But, some would argue that it isn't the FBI you have to fear trashing your data only to find out you're not in possession of what they were after, it's the local police who wreck your media. Fortunately, I don't do things that would subject me to having to find out the hard way, hehehe....

        Besides, I suspect that only the WORST of the worst get a physical visit and physical confiscation in addition to the remote observation.

    3. fLaMePrOoF
      Boffin

      Re: Brain dead feds...

      There are a lot of idiots about today I see - contrary to the comment below the FBI are perfectly entitled to use any method they wish to bypass the security on the phone, just as they could obtain a warrant to search the guys car or house, this is a task which in this case would be very straight forward indeed; the Android pattern lock screen offers minimal real security and is easily bypassed in a number of ways.

      But wait, aren't they asking Google to help them do exactly that? The court request is not for permission to beak into the phone, simply to try to force Google to help them do it, they obviously already have that right.

      7 thumbs down? C'mon ppl, did you all just read the stupid comment below and forget to engage your brains?

  4. Jop
    Alert

    Suspect

    One would assume the FBI had a department where phones could be sent and tricks used to put the phone into debug mod with a usb cable...and do anything they want.

    Although that would give them much less info than they are requesting from google.

    Seems they had a legal right to search his home but have managed to extend their rights to further...

  5. Anonymous Coward
    Anonymous Coward

    genius Feds....

    "as well as instructions for overriding the pattern lock and the pass-number reset (PUK) number"

    My son did this the other week. 5 minutes on the telco website and it was unlocked.

    Did the FBI not ask the telco for the PUK?

    1. Roger Stenning

      Re: genius Feds....

      Because to make the evidence on the [hone admissible in a US court, they need a warrant granting them first. US Privacy rights (through the US Constitution) tends to trump more normal common sense in the majority of situations.

      1. Anonymous Coward
        Anonymous Coward

        Re: genius Feds....

        simple solution, claim it all happened here in the UK and our courts will give the US anything they want and even courier it back to them, no proof required.

      2. Hud Dunlap
        FAIL

        Re: genius Feds....

        As a convicted felon and parolee he doesn't have the same rights as anyone else. As a condition of parole the police have the right to search him or his possessions at any time. The article even states that.

        My problem is why someone involved in human trafficking is getting such light sentences?

        1. Steven Roper
          WTF?

          @ Hud Dunlap

          "My problem is why someone involved in human trafficking is getting such light sentences?"

          That had me stunned too. This guy was charged with kidnapping and underage sex slavery and he only got four years? I'd wager that anybody who actually paid for sex with one of his underage sex slaves would be doing 15-20 and life on the SOR, yet this guy abducts and enslaves multiple kids for that purpose and only does four?

          It raises the question: Who the fuck was he paying off?

          1. Tom 13

            Re: @ Hud Dunlap

            It's California. They just swing that way. The rest of us on this side of the pond don't understand it either, but there's not much we can do about it.

            Addendum: This is part of why we Tea Partiers get labeled neanderthals in your press. We want laws like this changed, while our opponents play it up as increasing sentences for drug use/distribution. Or worse, they play it off as us being unnecessarily inhibited about sex, which is a private matter.

  6. Dr. Mouse

    WTF?

    I am currently working on securing a phone against this, and finding it is much more difficult than I at first thought (to secure, not to break into, that's easy).

    The only possible reason I can see for doing this is procudure, whereby the evidence may be seen as being tampered with. But getting data from an Android device when you physically have access to it, "secured" or not, is fairly trivial, and in the case of the FBI direct access to the flash chip, as a final resort, should be feasible.

  7. big_D Silver badge
    Stop

    Hang on...

    "requested that Google turn over subscription and billing information, contact lists, emails, web and GPS history as well as instructions for overriding the pattern lock and the pass-number reset (PUK) number."

    The PUK number is provided by the carrier, not Google. The same goes for billing information, that is the provider, Google *should* have no knowledge of that!

    E-Mails - again, if the person in question is not using Google Mail, Google shouldn't be able to provide any information on this matter.

    GPS history? Again, this is something Google should not be storing, unless I am using Google's own location tracking service (Latitude?).

    As to the Lock, if Google have designed it properly, there should be no way around it. Period.

  8. Danny Roberts 1
    FAIL

    Android Bug

    It appears Google can't help anyway;

    http://www.google.co.uk/support/forum/p/Google+Mobile/thread?tid=627eed11de37ecba&hl=en

  9. JamieL
    Black Helicopters

    Lucky he's not in the UK

    If he'd been in the UK, then under RIP he'd have had to disclose his passwords or go to jail anyway...

    1. Rodus
      Facepalm

      Re: Lucky he's not in the UK

      @ JamieL:

      If you read the article he claimed it was his sister's phone, so how is he to be compelled to give a password that he wouldn't know?

      1. Kit-Fox
        Unhappy

        Re: Lucky he's not in the UK

        That doesnt tend to matter anymore in the UK, the esteemed police of UK plc seem to make the assumption that if you have possession to a device you have the necessary credentials to use those devices

        So it would be assumed you know the unlock pattern and were deliberately withholding that information, ego breaking our utterly retarded laws

  10. 4HiMarks
    Joke

    the FBI needs help

    decrypting sophisticated alphanumeric codes, too:

    http://www.bbspot.com/News/2000/8/l33t_code.html

  11. Rob Crawford

    Excuse me

    but when my wife forgot her lock code and seemingly locked the phone all I had to do was to enter the details of her google account to gain access again.

    I can't image that a HTC desire is so different to any other Android phone

    Therefore at worst all the feds have to go is get access his google account

  12. SiempreTuna
    Thumb Down

    Security PATTERN?

    You mean "The Worst Security in the History of Man" (trademark Google) defeated the Feds?

    WTF?!

    Unless the screen had been thoroughly cleaned, just tipping the phone so you can see the screen smears better lets anyone defeat the pattern security in about 30 seconds flat - I used to do it as a party trick. Basically, worst case, you pick the wrong end of the smear to start and it takes two tries.

  13. James 100

    If the pattern smears form a loop - for example a rectangle - it could start at any of the four corners, or indeed potentially part-way along an edge, although that might be visible in the smear pattern.

    Opening the case and hooking the flash storage up to an external reader should hold up in court - it's essentially what they've been doing for years with regular computers - but the storage may well be encrypted, as it is with the iPhone 3gs and later (though any computer it syncs with will happen to have a copy of the key, which could be handy): I presume Androids will do the same, which is why a little help is needed. (Part of the spec for connecting to MS Exchange using ActiveSync, isn't it?)

  14. Anonymous Coward
    Anonymous Coward

    Another triumpth of another alphabet soup agency

    I've unlocked a number of android patterns by looking at the smears. Even if it is a loop there is normally a defined end, since you can't go over one more than once, and even if you can't find the start there are only nine squares and ten attempts. If the FBI can't work this out, or just directly access the flash chipset inside then they are even more useless than I thought. (And I already thought they were complete retards) Anon for obvious reasons.

  15. NozeDive

    PhotoShop

    I recall reading an article (I believe it was on The Register) about a PhotoShop plugin that analyses a photo of a smartphone's screen to reveal hidden patterns in the smudges left on the screen — and supposedly this is impervious to wiping or cleaning the screen.

    But I'm sure the federallies have already thought of that, though.

  16. Gannon (J.) Dick
    Go

    Expert Witness ?

    Has it occurred to anyone that the request for assistance might be completely unrelated to phone equipment ?

    Nobody knows Pimpin' Like Google, or as they often put it: "don't be evil".

  17. JaitcH
    Happy

    Every time I hear about the hassles smartphones can get you into ...

    my 7year-old Mitsubishi handset endears itself a little more.

    No SMS, no GPS and no hassles.

    It only receives and makes calls to one number, our office electronic communications switch - special low rates apply - and no mouse trails to follow. Pagers work well, too, and the cops hate them.

  18. MacGyver
    Facepalm

    What?

    Shouldn't it be:

    Power off phone.

    Power on while holding volume down. (USB recovery mode)

    Make backup of flash.

    Read flash data, or load flash data into a simulator, read memory of simulator while attempting to unlock to get code.

    Unlock phone.

    Profit???

    Or give it to some scientist types and have them look at the screen under a microscope for scratch "tracks" from the guy using the unlock pattern.

    ( •_•) The law states I have to give them the unlock key,

    ( •_•)>¬■-■ good thing it didn't say...

    (¬■_■) pattern...

  19. andy 45
    Thumb Down

    @fLaMePrOoF

    fLaMePrOoF -- "to another recent case where encryption keys were refused; the feds eventually broke the encryption thus negating the need to enforce the court order demanding they keys be revealed."

    In that recent case I think it was determined that the feds were either provided the password by the ex-husband or ot was a really easy, guessable passphrase...

  20. JeffyPooh
    Pint

    Pattern Codes are a very small subset of Codes

    Mr. Tuna is fundamentally correct.

    A five digit lift-and-press code can be any of 100,000 equally-likely values.

    A five digit pattern swipe probably comes in one of several dozen variations, with a thin tail of about a few hundred more. The practical address space is tiny. E.g. 9, 1, 3, 7, 6 is probably almost impossible as a swipe code. 1, 4, 7, 5, 3 is probably a significant fraction of them.

This topic is closed for new posts.

Other stories you might like