Thursday, 29 March 2012

How the police crack smart phones

It is easy for law enforcement and security services to pull data from a PC, unless the owner has taken some fairly advanced privacy measures. The same is not the case for smart phones.

Smart phones, such as Android handsets and Apple's iPhone, run operating systems that work in a fairly secure way. The user is unable to gain low-level access to the system, which also makes it hard for hackers and malware to gain a foothold.

This in-built security poses a significant challenge to the police, who have legitimate reasons for cracking open phones belonging to criminals. So how do the instruments of law gain access to phones? By hacking them, of course.

Hacking a phone, by which I mean using one or more tools to exploit a security hole (vulnerability) in the operating system or other low-level software, can be tricky. To make life easier some businesses have made automatic tools available.

Both Micro Systemation and Elcomsoft offer tools to law enforcement that achieve the same goal. They work in essentially the same way, which is to exploit a security hole in order to gain full access to the system. They then dump information down to a computer for analysis.

Micro Systemation published a very clear video that demonstrated its slick system but today (29/03/2012) the video was no longer available. You could try the original link to see if it has been put up again.

Elcomsoft has published a video demonstration that shows its system to be more command-line based. This video is also available below.


[This week there were reports in the mainstream media that new rules proposed by the EU would outlaw hacking tools. Cue security experts complaining that this will prevent legitimate security work.

This argument emerges every time the law changes to catch up with modern crime and terror techniques. I remember unsuccessful predictions being made in 2006 when the Computer Misuse Act was revamped.

My prediction is that penetration testing will not be outlawed, security research will continue unabated and companies like Micro Systemation and Elcomsoft will continue to sell their services to the police.

And the criminals will also continue with their activities too.]