Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption
New perspective on FBI, Interpol demands for backdoors
Vid Police Scotland to roll out encryption bypass technology, as one publication reported this week, causing some Register readers to silently mouth: what the hell?
With all the brouhaha over the FBI, like a broken record, once again demanding Apple backdoor its iPhone security, and tech companies under pressure to weaken their cryptography, how has the Scottish plod sidestepped all this and bypassed encryption?
What magic do they possess that world powers do not, as some of you asked us.
It's pretty simple: the force is using bog-standard Cellebrite gear that, typically, plugs into smartphones via USB and attempts to forcibly unlock the handsets, allowing their encrypted contents to be decrypted and examined by investigators.
This is widely used kit – sold to cops, businesses and spies around the world – and it will be set up in various police stations across Scotland. We're told selected officers will use the gear, when possible, to leaf through physically seized devices to see if the phones' data is relevant to specific investigations, and whether it's worth sending them off to a proper lab to extract the contents.
It's a controversial move here in the UK, in that politicians, worried about the legality of it all, previously pumped the brakes on the tech deployment – which was scheduled for mid-2018 and is only now actually happening.
What's going on?
Police Scotland is set to install 41 of what it refers to as "Cyber Kiosks" in stations around the country. The computers, reportedly costing £370,000 in total, will be used to attempt to view data from locked iOS and Android handsets in the course of criminal investigations.
"The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident," the Scottish cops say of the program.
"This will allow lines of enquiry to be progressed at a much earlier stage and devices that are not relevant to an investigation to be returned quicker."
The kiosks are built by Cellebrite, an Israeli vendor that specializes in providing law enforcement agencies with gear to bypass passcode locks on handsets. You can see one in action in this promo video from Police Scotland:
Unlike the more secretive phone-unlocking-hardware maker GrayShift, Cellebrite is somewhat more upfront and straightforward about its products, openly boasting about its ability to bypass lock screens on iPhone and Android handsets.
The technology works in various ways: Cellebrite says for some phone models, its equipment copies a custom bootloader to the device's RAM and runs that to bypass security mechanisms [PDF]. In some other cases, such as with Android devices, it tries to temporarily root the handset. The equipment can also attempt to exploit vulnerabilities in phone firmware, including iOS, to ultimately extract data.
It really depends on the hardware and operating system combination. Apple and Google tend to patch vulnerabilities exploited by this type of unlocking gear, in a security arms race of sorts.
Cellebrite claims its top-end gear can "bypass or determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices." Privacy International has an analysis of Cellebrite's advertised – stress, advertised – capabilities here.
According to Police Scotland, the kiosks will not store any copies of handsets' storage memory, and instead will be used to observe data on device so that officers can decide whether to return the handsets to their owners or send the phones off for further investigation by a forensics lab.
Additionally, the police claim, officers are not gaining any additional powers; rather, the equipment just speeds up the triage process that would have previously required a lab, we're told. Any searches using the kiosks will be carried out on the same legal basis [PDF] as any other search: officers are allowed to look through seized items that are suspected to be evidence of a crime.
UK cops blasted over 'disproportionate' slurp of years of data from crime victims' phonesREAD MORE
"The common law of Scotland operates no differently in relation to the seizure of a digital device by a police officer in the course of an investigation to any other item which is reasonably suspected to be evidence in a police investigation or incident," according to the force.
"Therefore, if a police officer in the execution of a lawful power seizes a digital device, the law allows for the examination of that device for information held within."
An FAQ [PDF] adds that in special cases, including those involving child abuse images, internal or disciplinary cases, and devices already known to have evidence, the kiosks will be bypassed and the phones sent directly to the forensics lab.
The roll-out of these terminals is set to begin on January 20 and completed by the end of May.
And breathe out
Unfortunately, none of this should be a surprise to you. Depending on your phone model, there are various ways for the police to potentially delve into your device.
As Forbes pointed out earlier this week, cops in the US last year tried to use a GrayShift product to read the contents of a locked and encrypted iPhone 11 Pro Max, according to a search warrant. It's not clear whether the extraction was actually successful; the police paperwork merely declares a "USB drive containing GrayKey-derived forensic analysis" of the iPhone as evidence.
Still, if all this unlocking kit is out there, one wonders why the FBI and others are demanding law-enforcement backdoors in gadgets. Is it because it doesn't always work? Or are the Feds tired of forking out wads of cash for gear made by Cellebrite, GrayShift et al, and want a cheap and easy built-in solution instead? Or both? ®