How Cops Get Into Locked iPhonesBy: Mike Fossum - April 4, 2012
Apple and Google are often compelled to assist law enforcement officials in the unlocking of iPhone and Android device screens, and some internal documents shed some light on the process of the password bypassing.
From training materials put together by the Sacramento sheriff’s office featured in an article by CNET, there is a sort of fill in the blanks court order with a judge’s signature, that requires Apple to “assist law enforcement agents” with “bypassing the cell phone user’s passcode so that the agents may search the iPhone.”
When attempting to gain access to a locked Android device, things are a bit more complicated. According to T-Mobile and Google, who use what they call cryptographic hash for their passwords, the only way to unlock an Android device is with a Gmail user name and password, and Google does “not have access to particular e-mail account passwords, as they are encrypted.” Law enforcement with a court order in hand can require Google to reset the password, which can have the undesired effect of tipping off an offender that his or her device has been compromised. And in situations with court orders present, Apple and Google are forced to comply with law enforcement when approached.
Apple has been helping with this sort of thing for at least 3 years, according to a police department source, adding more detail to the increasingly common practice of cops getting into phones, which are often taken from suspects during arrests. And since it was revealed last year that Apple had been storing logs of user whereabouts, a practice which the company referred to as a “bug,” it is clear that law enforcement has a lot of intel to gain through getting into mobile devices.
According to the ACLU, numerous police departments delve into “at least some cell phone tracking” without first obtaining a warrant from a judge, which the organization claims to be a violation of Americans’ Fourth Amendment privacy rights. It’s not clear if these warrantless phone searches are legal, as the U.S. Supreme court has yet to address the issue, but in 2007, the Fifth Circuit court concluded that police were allowed to get into call records and texts during an arrest, without the permission of a judge. The Obama administration and many prosecutors support this sort of search, and liken it to going through a suspect’s wallet. Still, civil libertarians have pointed out that an iPhone can hold way more information than a person’s wallet, and that a warrant should be required for search. Some courts have agreed on this.
Also, it is possible for police to get into a locked iPhone without the assistance of Apple. Below is a video from Swedish company Micro Systemation, which shows their XRY forensics software in action, that can bypass the passwords on many iOS devices:
The XRY software presently won’t work on the iPhone 4S, the iPad 2, or the new iPad, but can handle “automatic rooting and pattern lock decoding for 90 percent of supported Androids,” according to the firm.
Essentially, it might be best to leave smartphones at home when committing crimes.