Forbes had an interesting story a few weeks ago about the types of information law enforcement can recover from a seized iPhone. It’s worth repeating here, especially for those sensitive to privacy issues. I heard almost the same thing in a BSidesDE talk back in November. According to the presenters many people don’t even bother to set a passcode. And if they do nine times of of 10 its just a four-digit PIN that can be bruteforced in no time. Even if they set a more complex passcode, many taken into custody will gladly give it up. Investigators can bruteforce more complex passcodes but with a warrant Apple will gladly decrypt all the data and return the contents on a DVD.
Of course there are the old trusty ways of grabbing the contents from a backup but we’re skipping those here for now. The basic lesson learned is to configure your iDevices to lock after a few minutes and always use a long complex password to unlock it. Apple can still get at the contents but there’s not much you can do about that besides maybe only using apps that implement application level encryption.
You may think of your iPhone as a friendly personal assistant. But once it’s alone in a room full of law enforcement officials, you might be surprised at the revealing things it will say about you.
On Tuesday the American Civil Liberties Union published a report it obtained from a drug investigation by the Immigration and Customs Enforcement (ICE) agency, documenting the seizure and search of a suspect’s iPhone from her bedroom. While it’s no surprise that a phone carries plenty of secrets, the document presents in stark detail a list of that personal information, including call logs, photos, videos, text messages, Web history, eight different passwords for various services, and perhaps most importantly, 659 previous locations of the phone invisibly gathered from Wifi networks and cell towers.
“We know the police have started using tools that can do this. We’ve known the iPhone retains records of the cell towers it contacts. But we’ve never before seen the huge amount of data police can obtain,” says ACLU technology lead Chris Soghoian, who found the report in a court filing. “It shouldn’t be shocking. But it’s one thing to know that they’re using it. It’s another to see exactly what they get.”
Do you think that the ability to recover so much data from iPhones is a good idea or an invasion of privacy? Post your comments below. Today’s post pic is from DigitalInvestigationSolutions.com.