How the FBI Could’ve Gotten Into the Trump Shooter’s Phone
Gaby Del Valle, reporting for The Verge:
The FBI has successfully broken into the phone of the man who shot at former President Donald Trump at Saturday’s rally in Butler, Pennsylvania.
“FBI technical specialists successfully gained access to Thomas Matthew Crooks’ phone, and they continue to analyze his electronic devices,” the agency said in a statement on Monday.
The Federal Bureau of Investigation:
The search of the subject’s residence and vehicle are complete.
Also from The Verge, a piece titled “It’s Never Been Easier for the Cops to Break Into Your Phone”:
Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, said that law enforcement agencies have several tools at their disposal to extract data from phones. “Almost every police department in the nation has a device called the Cellebrite, which is a device built for extracting data from phones, and it also has some capability to unlock phones,” Quintin said. Cellebrite, which is based in Israel, is one of several companies that provides mobile device extraction tools (MDTFs) to law enforcement. Third-party MDTFs vary in efficacy and cost, and the likely FBI has its own in-house tools as well. Last year, TechCrunch reported that Cellebrite asked users to keep use of its technology “hush hush.”…
A 2020 investigation by the Washington, DC-based nonprofit organization Upturn found that more than 2,000 law enforcement agencies in all 50 states and the District of Columbia had access to MDTFs. GrayKey — among the most expensive and advanced of these tools — costs between $15,000 and $30,000, according to Upturn’s report. Grayshift, the company behind GrayKey, announced in March that its Magnet GrayKey device has “full support” for Apple iOS 17, Samsung Galaxy S24 Devices, and Pixel 6 and 7 devices.”
When I originally read the first story, my first thought was that, had Crooks’ smartphone been an iPhone, there would be no way for the bureau to gain access to it without a non-existent backdoor, so the only possible scenario would be for the phone to be so old that the FBI was able to hack it by entering a bunch of passcode combinations until it unlocked, which is what Cellebrite does. Cellebrite only works on old iPhones and Android phones and the vulnerability that made it work has been patched, but it’s unclear if it has been amended to work with newer models and sold only to governments.
Either way, Cellebrite is the least of our concerns. I also didn’t know anything about this new technology, called GrayKey, which apparently is a more sophisticated method of hacking that extracts encrypted data from the operating system instead of brute-force attacking the passcode, something I’m unable to wrap my head around because the encryption key for a device’s information is stored in the Secure Enclave on iOS devices, even the newest of which are vulnerable to GrayKey. How this hasn’t been patched yet is beyond me.
Obviously, I condemn the shooter, who attempted the assassination of former President Donald Trump, and I want to know more about him, including his motive, but that doesn’t stop me from being immensely frustrated that the FBI was able to gain access to his phone. If the FBI is given access to encrypted information from a bad person, it’s also given de facto permission to look at every American’s private information, and that’s incredibly concerning.
There are ways for the government to access data stored in the cloud because Apple stores an encryption key for accounts without Advanced Data Protection enabled, which it is forced to hand over to law enforcement when presented with a lawful warrant. Advanced Data Protection eliminates this encryption key on Apple’s end and requires a so-called recovery key or access from a recovery contact so that when Apple is asked for backdoor access, it has nothing to give to the FBI. I’m going to go out on a limb and say the shooter did not use Advanced Data Protection as it is a relatively obscure feature, but either way, it’s like a heavily guarded gate to a 3-foot-high fence.
If law enforcement can gain access to a phone just by extracting encrypted information like magic, there’s no point in encrypting the data in the cloud and storing the key on-device, where it is supposedly immune to warrants. That’s what’s concerning about this: If there is a known vulnerability in either iOS or Android that allows anyone to extract encrypted information from a device’s Secure Enclave, that is a backdoor for the FBI and authoritarian regimes everywhere around the world.
Obviously, there is a solution to this: Don’t store anything important in the yard. But “if you want to commit crimes, erase the content on your phone” is very bad advice because it’s already inadvisable to be a criminal. The problem isn’t that criminals will be caught — that’s a good thing — it’s that the government will inevitably use this to spy on innocent people. Apple and Google should fix this vulnerability as soon as possible.
Of course, I am jumping to conclusions — we don’t know what phone this is. But that’s irrelevant information because no matter what kind of phone it is, it’s possible for the FBI to get into it. That’s concerning, and that threat should be neutralized.