Google subpoenaed by FBI to access a pimp's pattern-locked Samsung smartphone

Filed Under: Featured, Law & order, Mobile, Privacy

pimp drawn by CaroleYou can just imagine the type of person who might belong to a gang called - wait for it - Pimpin Hoes Daily.

Classy, in that gold-tooth sporting, magenta-or-lime-double-breasted-Italian-suit wearing, and toe-squeezing-winklepinker-loving way.

Gang-founder Dante Dears (his name is as priceless as the acronym for his gang) has recently found himself a touch more free press than he perhaps bargained for.

According to El Reg, Dears was jailed twice between 2005-2011 for almost six years on charges including kidnapping and pimping prostitutes, some of whom were underage.

Conditions of his parole release included search of his home. The Feds were tipped off to Dears getting up to his old ways again, so they decided to raid his home where the San Diego FBI located his smartphone, according to several media reports.

Samsung SGH-T679Thing is, the FBI couldn't access the contents on the pattern-locked phone, so they issued Google with a subpoenae. In order to unlock the phone, the authorities require Dears' Google account username and password, which unsurprisingly, the Pimpin Hoes Daily founder has refused to hand over.

The warrant request includes providing the FBI with the phone's GPS data, contacts, text messages, search terms, webpage history. Normally, we would be none the wiser to such a request for information, but researcher Christopher Soghoian "stumbled" across it, and blogged it.

Now, a company such as Google is likely to receive countless demands for information, and I am sure they don't hand over information willy nilly. In fact, Google provided Ars Technica with the following statement:

Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it.

Reading this story, I just cannot believe that the Feds wouldn't be able to get into that phone. So I asked our resident Sophos's Android security expert, Vanja Svajcer, for his opinion.

Vanja said that although it is technically possible to break the pattern lock combination using brute force technique (there are allegedly only 895824 combinations), it requires potentially unlawful access to the phone.

To start guessing at the combination, a file needs to be retrieved from the device. Jail-breaking tools, which grant access to the device using the root credentials, may be used to get the the required file.
Check out this Forensics Focus article for more information.

Effectively, this means there is a catch-22: to get the evidence, you need the data on the phone. To get the data on the phone, you need to jailbreak it. Jailbreaking it invalidates the data. Hence, the need for the warrant.

Ah, now it all makes sense.

, , , , , , , ,

You might like

18 Responses to Google subpoenaed by FBI to access a pimp's pattern-locked Samsung smartphone

  1. genuinely curious · 887 days ago

    ..since it's a Samsung running Android, wouldn't that be "rooting" vs jailbreaking? Or are the terms interchangeable?

    • Jon Fukumoto · 886 days ago

      Yes It's called rooting. Rooting an Android phone is done to gain full administrative access, much like Linux. Once this is done, kiss the warranty goodbye, and good luck in getting support from Samsung, because you're not getting it.

      • Machin Shin · 883 days ago

        Of course if voiding your warranty scares you then you have no business having root access anyways. The good news is that while it "technically" voids the warranty what they don't know won't hurt them. It is possible to just flash your phone back to stock if you ever need to deal with the phone company. If you got your phone into a state where you can't flash it then odds are good they can't tell you rooted it.

  2. hardwired1 · 887 days ago

    No one needs to go through any level of sophistication to break the pattern lock. Most Android phone screens leave traces of swype finger prints that people's fingers leave behind each time they swype the screen to unlock. If the phone hasn't been wiped down, tilting the screen against bright light should reveal the frequently used swype pattern. This makes swype patterns weaker than regular numeric code unlock IMO.

  3. hardwired1 · 887 days ago

    No one needs to go through any level of sophistication to break the pattern lock. Most Android phone screens leave traces of swype patterns that people's fingers leave behind each time they swype the screen to unlock. If the phone hasn't been wiped down, tilting the screen against bright light should reveal the frequently used swype pattern. This makes swype patterns weaker than regular numeric code unlock IMO.

    • Anonymous · 886 days ago

      Of course if you get one of those "screen protectors" that basically sticks to the phone, it makes it very difficult to see said swipe :-)

    • kenn · 886 days ago

      This might make a good starting point, but apparently, the FBI decided to use legal power instead of their supposedly superior technical skills in decryption. It makes me wonder how many terrorists went out and got new phones with that style of entry encryption.

    • Jon Fukumoto · 886 days ago

      Using patterns to lock a phone is NOT what I call security. Using a complex password is much more secure, and less likely to be guessed unless a dictionary word was being used. Android gets a "F". Security is supposed to be mandatory, not complementary as it is on Android. Android 4.0 has support for on-device encryption which is off by default. What a mess!!!

      • Acid Genome · 884 days ago

        Why should security be mandatory? There's nothing on my phone I would care about being compromised and a complex unlock procedure is an inconvenience when you're regularly checking your device then locking it again. In other words, why force something on a user that might not be required? Is it mandatory to lock your car? Your house?

    • David Pottage · 884 days ago

      I am tilting my android phone against the light and I can't see any trace of the pattern lock that I use at least 10 times per day. Perhaps mine has some sort or dirt repelent coating on the screen or I clean mine more often than most, but I would not say that it is that easy to defeat a pattern lock.

      As for jailbreaking the phone. In many places, including the USA I think, criminal rules of evedence will only accept computer data as admisable if it comes from a computer that is not faulty and is working as the manufactuer intended. If that is the case then jailbreaking the phone may reduce it's evedental value to hearsay, which would count for very little in court.

  4. Richard · 887 days ago

    "... prostitutes, some of which were ..."
    Some of *whom*. Prostitutes are people, not objects.

  5. Admiral Benbow · 886 days ago

    Prostitutes are people, so that would be, "some of whom were underage".

  6. Greg W · 886 days ago

    Google is saying the warrent is too wide for this lowlife? They just hijacked Android Market, so this doesn't surprise me at all.

  7. Melb. · 884 days ago

    Couldn't they do a memory dump of the phone,
    Upload it to a second phone
    Root this second phone & brute force the unlock code.
    When you have that, use it on the original untouched phone, thus preserving the data?

    • tempname2 · 883 days ago

      You're making the assumption that:
      - the code for the pattern lock is stored in memory
      - is still resident in that memory space
      - the police have kept the phone powered on
      - the culprit didn't power the phone off before being apprehended
      - etc.
      -etc.

      And a memory dump alone is not an image of the entire phone.

  8. ForensicsFox · 875 days ago

    No Need to brute force or dump or even root the phone.
    Check out: http://www.cellebrite.com/mobile-forensics-produc...
    These guys developed a tool to dump everything from the phone memory whether it is locked or not, pattern, password or pin locked are all useless.
    law enforcement agencies around the world are using them while the question is how come the FBI needed to approach Google for that is something beyond my comprehension.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .