Law Enforcement Can Get Past Your Phone's Defenses - Saul Roth

Image Credit: Pixabay

By Saul Roth

While you’re busy trying to protect yourself with encryption on your smartphone, law enforcement may be able get around the protection. Lawmakers and cyber security experts say that there is a way for them (law enforcers) to access information from locked devices without having any technical skills at all.

The debate over backdoors has been going on for years, with both sides arguing their point. Lawmakers and law enforcement agencies around the world want access to encrypted data in order keep safe from national security threats, while privacy advocates say that giving government more power will only allow them possible access into your personal life without permission or cause – which they believe would be an overwhelming violation of our rights as Americans.

For a long time now it has been known that both Android and iOS operating systems can be compromised by hackers who want access to your personal data. But new research indicates governments already have methods, tools or vulnerabilities in the security schemes of these smartphone brands. Thanks largely due to certain weaknesses which gives them carte blanche permission from users’ phones.

When you secure your device with a passcode, fingerprint or face recognition lock it becomes nearly impossible for anyone else besides yourself to access the data on that phone. The only way they’ll be able to read anything is if their specific key comes along with yours which only generates when unlocked through whichever method was used originally- this ensures complete privacy.

Smartphones today provide a level of protection for your sensitive data that was not possible before. Not only do they have different encryption keys, but those who unlock the device must also be able to authenticate themselves with additional factors such as fingerprints or face recognition technology in order to access more confidential information on an individual’s phone han ever before.

The researchers were assuming that it would be extremely difficult for an attacker to unearth any of those keys and unlock some amount or data. But this isn’t what they found at all.

When your iPhone boots up, all of its data is in a state called “Complete Protection.” You have to unlock it before anything else can happen and there are privacy protections that are very strong.

When you unlock your phone for the first time after a reboot, all of its existing data moves into this new protected mode. Apple calls it “Protected Until First User Authentication”.

So how effective is AFU security? That’s where the researchers started to have concerns.

The idea that we can just power down our smartphones after each use and expect them to be safe from hackers seems unrealistic, not least because most people don’t take time out of their day for days or weeks at a time without using it – that would mean hundreds of hours.

When researchers looked at how Android and iOS operate, one key difference stood out. In order to prevent device data from being compromised after the first unlock on an iPhone or iPad (AFU), Google has a special version of its security software that applies before you enter any passwords.

Though smartphones are currently adequate for many “threat models” or potential attacks, the researchers have determined that they fall short when it comes to providing specialized tools which can easily be bought by law enforcement and intelligence agencies.