Monday, January 3, 2011

Court OKs searches of cell phones without warrant

The California Supreme Court allowed police Monday to search arrestees' cell phones without a warrant, saying defendants lose their privacy rights for any items they're carrying when taken into custody.

Under U.S. Supreme Court precedents, "this loss of privacy allows police not only to seize anything of importance they find on the arrestee's body ... but also to open and examine what they find," the state court said in a 5-2 ruling.

The majority, led by Justice Ming Chin, relied on decisions in the 1970s by the nation's high court upholding searches of cigarette packages and clothing that officers seized during an arrest and examined later without seeking a warrant from a judge.

The dissenting justices said those rulings shouldn't be extended to modern cell phones that can store huge amounts of data.

Monday's decision allows police "to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee's person," said Justice Kathryn Mickle Werdegar, joined in dissent by Justice Carlos Moreno.

They argued that police should obtain a warrant - by persuading a judge that they will probably find incriminating evidence - before searching a cell phone.

The issue has divided other courts. U.S. District Judge Susan Illston of San Francisco ruled in May 2007 that police had violated drug defendants' rights by searching their cell phones after their arrests. The Ohio Supreme Court reached a similar conclusion in a December 2009 ruling in which the state unsuccessfully sought U.S. Supreme Court review.

The Ohio-California split could prompt the nation's high court to take up the issue, said Deputy Attorney General Victoria Wilson, who represented the prosecution in Monday's case.

"This has an impact on the day-to-day jobs of police officers, what kind of searches they can conduct without a warrant when they arrest someone," she said. "It takes it into the realm of new technology." ...

via Court OKs searches of cell phones without warrant.

And yes, they can get past your password. See iPhone forensics.
... With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:

  • Determine what type of data is stored on the device

  • Break v1.x and v2.x passcode-protected iPhones to gain access to the device

  • Build a custom recovery toolkit for the iPhone

  • Interrupt iPhone 3G's "secure wipe" process

  • Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition

  • Recover deleted voicemail, images, email, and other personal data, using data carving techniques

  • Recover geotagged metadata from camera photos

  • Discover Google map lookups, typing cache, and other data stored on the live file system

  • Extract contact information from the iPhone's database

  • Use different recovery strategies based on case needs

And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide, and is a must-have for any corporate compliance and disaster recovery plan. ..

- oh really, no sir, oreilly.

This is absurd and, I believe, unconstitutional.  Due to the way cell phones are used, this  gives access to the banking accounts of anyone arrested, even those falsely arrested.  This is way more information than should be... unless the person was arrested while robbing a bank using a cell phone as a weapon. This is not Nazi Germany, and so, here are a few notes on iPhone remote wipe:
erase or reset iphone, step 3... after wiping three or four devices, I noticed something that Apple doesn’t tell you in the Find My iPhone/Remote Wipe documentation: The time it takes to “wipe” an iPhone or iPod touch varies greatly depending on the model. When I sent the wipe command to an iPhone 3GS, it took a minute or less for the process to complete. But when I sent the command to an older iPhone or to any iPod touch, it took more than two hours.

Why the difference? If you followed our WWDC keynote coverage last month, or watched the keynote later in iTunes, you may recall that the iPhone 3GS includes hardware encryption, so all data is encrypted on the fly. This means that for the iPhone 3GS, Remote Wipe doesn’t need to actually wipe the phone’s entire contents; it simply needs to delete—securely—the encryption key, a process that’s nearly instantaneous. Without the encryption key, your data is as good as wiped.

With older iPhones and both iPod touch models, however, your data isn’t encrypted, so a Remote Wipe really does need to securely delete every last bit. ...

As Jonathan Zdziarsky, the author of iPhone Forensics, points out, someone can force-reboot the iPhone or iPod touch at any point during this lengthy wipe process, put the device into recovery mode, and restore the device's OS in iTunes. This leaves any not-yet-wiped personal files and data accessible to forensic-recovery tools. ...

Another issue is that, as mentioned above, in order for your iPhone or iPod touch to receive a Remote Wipe command, the device must be connected to the Internet. If a thief is more interested in your data than the hardware, removing an iPhone’s SIM card takes the phone off the grid with the exception of Wi-Fi connections. If the thief can access the Settings app, he or she can also disable Wi-Fi to prevent an iPhone or iPod touch from automatically connecting to nearby WiFi networks. (Again, this emphasizes the importance of setting a screen-lock password.)

In other words, you shouldn’t feel completely safe just because you have Find My iPhone enabled. But at least now know how it works—and why some wipes are quicker than others.

So, if you care about your privacy, get a 3GS (or iPhone 4 I assume?) and learn how to wipe it: Settings > General > Reset > Erase All Contents and Settings.

Thanks to Greg who tells us how to restore it after you do.  (I haven't tested this, but I will soon... as soon as I get all of my contacts backed case this trashes my phone.)
"Having used the MobileMe Remote Wipe feature on my original iPhone, I was left with a phone that would only show the apple logo for a few seconds at power on and then do nothing. Resetting did not work and trying to recover from iTunes as I had expected seemed impossible as the iPhone was not even showing up in iTunes.

  1. Wake your iphone up so you see the apple logo.

  2. Hold down the power button (the one on top) and the home button until the screen goes black.

  3. This turns the phone off, don’t keep holding the button or the phone will restart.

  4. Now that the phone is off, press and hold the home button.

  5. While holding the home button connect your phone back to your computer, continue to hold the home button until itunes says it has found a phone that needs to be restored.

  6. restore phone.”

So, if you wipe the encryption key for your hardware encrypted 3GS... is there a law enforcement back door encryption key? I haven't found anything about that yet, but Apple does have remote access to your iPhone before it is wiped:
"Though Apple has declined to comment on iPhone security issues, the company has more or less admitted iPhones are vulnerable to security threats, because an emergency measure exists. In August 2008, Apple CEO Steve Jobs acknowledged the existence of a remote kill switch for iPhone apps, meaning if a malicious app made its way onto iPhones, Apple could trigger a command to delete the app from users’ devices. There is no evidence that the kill switch has ever been used."

Not sure if there IS a back door key after a wipe, but they do want access while you are using your phone.  It is likely that everything you do every minute is recorded and captured. Your calls, your photos, everything. I bet the NSA loves FaceTime. This is about the FBI from Wired:
Ryan Singel - ... The FBI now wants to require all encrypted communications systems to have back doors for surveillance, according to a New York Times report, and to the nation’s top crypto experts it sounds like a battle they’ve fought before.

Back in the 1990s, in what’s remembered as the crypto wars, the FBI and NSA argued that national security would be endangered if they did not have a way to spy on encrypted e-mails, IMs and phone calls. After a long protracted battle, the security community prevailed after mustering detailed technical studies and research that concluded that national security was actually strengthened by wide use of encryption to secure computers and sensitive business and government communications.

Now the FBI is proposing a similar requirement that would require online service providers, perhaps even software makers, to only offer encrypted communication unless the companies have a way to unlock the communications.

In the New York Timesstory that unveiled the drive, the FBI cited a case where a mobster was using encrypted communication, and the FBI had to sneak into his office to plant a bug. One of the named problems was RIM, the maker of BlackBerrys, which provides encrypted e-mail communications for companies and governments, and which has come under pressure from India and the United Arab Emirates to locate its severs in its countries.

According to the proposal, any company doing business in the States could not create an encrypted communication system without having a way for the government to order the company to decrypt it, and those who currently do offer that service would have to re-tool it. It’s the equivalent of outlawing whispering in real life.

Cryptographers have long argued that back doors aren’t a feature — they are just a security hole that will inevitably be abused by hackers or adversarial governments.

The proposal also contradicts a congressionally-ordered 1996 National Research Council report that found that requiring back doors was not a sensible policy for the government.

You are already wiretapped by the government if you have an iPhone according to this post on infowars:
An alarming white paper concludes that the Apple iPhone contains a backdoor spyware module that allows hackers or the government to conduct secret surveillance of the user, part of an established trend of corporations and the state working hand in hand to eavesdrop on citizens via widely-used software and hardware products.

Earlier this week, a technology group in Russia released the results of their attempts to reverse engineer the iPhone, concluding that the product has "A built-in function which sends all data from an iPhone to a specified web-server. Contacts from a phonebook, SMS, recent calls, history of Safari browser - all your personal information can be stolen."

The module could act as a backdoor for trojan developers or AT & T, said the report, adding that "government structures" would have access to the information.

Since AT & T displayed no hesitation in handing over information about their subscribers to the U.S. government as part of the controversial and illegal NSA wiretapping scandal , it would be no surprise to learn that included in the trendy new must-have gadget is a spyware module that allows the government to listen in to your conversations.

AT & T were chosen by Apple as the exclusive service provider for the iPhone, at present all other cellphone companies are blocked from offering any kind of service compatible with the iPhone.

Just thought you should know.

Luckily, there is hope. This guy has found a way to make your iPhone 100% secure from everyone:


Patrick said...

I'm no techie but my guess is that if you jailbreak your iPhone you have a lot more options in terms of encrypting your data.

Ann said...

Feudalism has improved since the Middle Ages.

Before the "storming of the Bastille"

- tax rates were inordinately high for the poorest of citizens

- people couldn't even afford to make a reasonable life for themselves

- tax money went to create palaces like Versailles for the Kings of France who lived in ostentatious splendor

Well, now -

- Obama recently extended Bush's tax cuts for the wealthy with the excuse that now is not time to change the tax system

- people can get by to some extent, but poverty in the U.S. is the highest its been in decades

- a lot of the tax money is sent over seas to support a war, which now about decade old - a war by way, the most polls indicate is NOT popular among the majority Americans.

And -

We have an extended propaganda campaign of a presumably "democratic" (i.e peoples') government that keeps telling the population, in so many words, "we're on your side."

We have largest prison system in the world with more people incarcerated than anywhere else.

We have an ongoing surveillance system that is presumably seeking out terrorists, which happens to be us, if we get out of line

We have the richest sector of the country cashing in literally billions of dollars, avoiding taxes in numerous ways (e.g. off shore tax havens), besides the extensive tax cuts, that couldn't care less about the conditions of the general population, the environment or, for that matter, anything else much than profits.