iPhone and Android security codes can be bypassed easily if enforcement agencies ask for it

With increasing use of technology, criminals have been employing sophisticated means of committing crimes. With time, criminals are getting more tech savvy. These days use of gadgets like satellite phones, iPhones and Android phones by criminals and terrorists are common.

There appears to be a direct proportionality between the rate at which the gadgets keep getting sophisticated and the rate at which the criminals get increasingly sophisticated by the day. The task of monitoring the crime for law enforcement officers too is getting increasingly difficult day by day.It’s almost always a case where the law enforcement agencies are playing the catching up game.

What hampered investigations so far?

Cyber crimes are different from traditional approaches and it requires expertise to tackle with the new challenges that cyber criminals pose every day.

The usual approach was to hire experts in scenarios where phones, computers or email accounts were hacked. This is where the fundamental problem lies. The law enforcement agencies tend to rely heavily on experts (more popularly known ethical or White Hat hackers).

This strategy works like a double-edged sword as you never know when the White hat hacker may resort to means used by the Black Hat hacker (the villain or cracker) or a grey hat hacker (one who possesses characteristics of the White Hat as well as the Black-Hat hacker).

On April 2nd Declan McCullagh reported on April 2nd on cNet.com how the law enforcement agencies were being helped by Apple and Google to bypass or work around the security on their mobile phones. Click here to read more.

Google and Apple both, as a marketing strategy, claimed that their phones are secure and the security feature is robust. So, obviously these companies definitely would not want to help anyone be able to break into their devices.

Judiciary to the rescue:

Fortunately, for the law enforcement agencies and the officers, there is now a by which they can force these companies into assisting them into searching mobile phones that are often seized during arrests. The way is simple – get a court order asking these companies to help them. While this may sound a tedious job, it actually isn’t. Consider the fill-in-the-blanks Court Order used by the Sacramento sheriff’s office (Sacramento County Sheriff’s Department, abbreviated as SSD, is a local law enforcement agency that serves Sacramento County, California).

Apple and Google have no choice, but to comply, else the executives risk being arrested or even cancellation of licenses.

Speaking specifically about the security on these phones, Google’s Android is relatively more difficult to get access into.

And then there are other means to bypass the security without the help of manufacturers. There are firms that specifically deal with breaking into such gadgets. Micro Systemation, a Swedish firm, claimed that their XRY forensics software is capable of bypassing “four digit pass codes” on iOS devices. However, it doesn’t work with the iPhone 4S, the iPad 2, or the new iPad.  Micro Systemation further claims that XRY can perform automatic rooting and pattern lock decoding for 90 percent of Android devices.

Opinion of the masses:

There are some who argue that warrantless searches are perfectly constitutional during arrests, likening it to looking through an suspect’s wallet or appointment book or dairy. And then there are others who opine since our gadgets today store so much information about us, including correspondence and personal photos and videos, a search warrant should be required.

Well, the Indian Government may be tempted to formulate a strategy on lines similar to the one being followed by the law enforcement agencies in the US. Till then, should the Police forces need to get access into phones, they would still be able to, with the help of something known as ‘Third Degree’.


The DNetWorks Team