Android's pattern-lock security confounds FBI computer forensics team

  • Tweet this

sony-xperia-s-pattern-lock-screenJust how good is the protection afforded by the pattern-lock technique Google designed to prevent unauthorised access to some Android-based smartphones?

Good enough to apparently defeat the entire technical brainpower of the Federal Bureau of Investigation's (FBI) Regional Computer Forensics Labs (RCFL) in Southern California.

A recently released affidavit, discovered by security researcher Christopher Soghoian of Indiana University, revealed that the FBI went cap-in-hand to a judge, seeking a warrant that would force Google to help them unlock the phone.

The phone in question had been seized during the arrest of a notorious gang member and pimp in January.

In his warrant application, special agent Jonathan Cupina explained how the RCFL technicians made several attempts to unlock the phone, but ended up just triggering the lock-out mechanism, which requires a Gmail login and password to override. It was these details that the FBI wanted Google to hand over.

As Soghoian points out, it seems slightly perverse for a computer forensics lab to resort to obtaining search warrants for Google, when there are tried and tested commercial products and hardware hacks that would have enabled the FBI to access the phone's data.

Sure, the FBI may have needed a warrant to legally access the phone's data, but surely it could have done that rather than going direct to Google? It certainly doesn't paint the FBI's computer forensic team in a flattering light.

15 Mar 2012

What do you think?
blog comments powered by Disqus
To send to more than one email address, simply separate each address with a comma.