back to article Crims zapped mobes, slabs we collared for evidence, wail cops

You know that nifty remote wipe function that takes all the photos off your phone when it gets lost? Turns out criminals know about it too, and they're using it to wipe phones taken by police as evidence. The BBC has heard from a few UK forces that report some of the mobes and tablets they've taken in as evidence have been …

  1. Anonymous Coward
    Anonymous Coward

    The law of unintended consequences

    Well, they were insisting for this feature to reduce theft.

    As a result - same as with any security feature for that matter they got something that reduces their right to violate laws and regs on unwarranted searches. This means that in democratic countries will now have to get a proper court order every time and go and dig through the provider (i/g/etc)Cloud account.

    In a privatoschoolocracy, however, they will just need to call upstairs to have the RIPA request authorized by the plod boss. So there it does not change a lot.

    1. frank ly

      Re: The law of unintended consequences

      This is conflating two separate things. As I understand it, the remote kill switch is operated by the network and the user/owner has to contact the network and convince them of their identity to ask them to kill their stolen phone. The police only have to contact the network (probably via a special contact number) and tell them to kill a phone because they don't want the owner to be able to use it.

      The remote wipe is under the control of the user and intended to protect private information from prying eyes. This is done via a website, with login process, run by the company that supplied the remote wipe app. Please correct me if I got any of that wrong.

  2. Vociferous

    1) remove battery (or turn the device off until you can get it to the lab)

    2) profit!

    Next problem!

    1. Anonymous Coward
      Anonymous Coward

      Re: 1) remove battery (or turn the device off until you can get it to the lab)

      0) Install app that does an automatic wipe of the device when it next starts up if the user doesn't authorise the device's shutdown/network disconnect.

      1) remove battery (or turn the device off until you can get it to the lab)

      2) profit!

      Next problem!

      Indeed.

      1. Vociferous

        Re: 1) remove battery (or turn the device off until you can get it to the lab)

        > "Install app that does an automatic wipe of the device when it next starts up"

        I'm the FBI and/or NSA, what makes you think I need to start the phone to read its stored data?

        > "you won't be able to access the info you were after when you turn it back on"

        I'm the FBI and/or the NSA, what makes you think your phone encryption is unreadable to me?

        > simply take the sim card out

        I thought the anti-theft signal didn't care about SIM? If it does, then yeah, that'll work too.

        1. Ross K Silver badge
          Facepalm

          Re: 1) remove battery (or turn the device off until you can get it to the lab)

          I'm the FBI and/or the NSA, what makes you think your phone encryption is unreadable to me?

          Please, do tell me more about how the government reads encrypted phones.

          1. BasicChimpTheory

            Re: 1) remove battery (or turn the device off until you can get it to the lab)

            @Ross K

            I'd have thought it a more interesting read to see how he thinks the FBI/NSA reads data from a powered down device. That might just be me.

            In relation to your question, "backdoors" might be the obvious (even if not necessarily factual) answer.

            1. Anonymous Coward
              Anonymous Coward

              Re: 1) remove battery (or turn the device off until you can get it to the lab)

              I don't think this is much a problem for them (most of time) since the master key is encrypted using the users screen lock password which is usually short and predictable. I also remember reading that there was a serious problem with androids PRNG seeding in previous versions which might make them vulnerable

        2. Daniel B.
          Boffin

          Re: 1) remove battery (or turn the device off until you can get it to the lab)

          I thought the anti-theft signal didn't care about SIM? If it does, then yeah, that'll work too.

          It doesn't care about SIM, but it can't register with the mobile network without a SIM (it could do it with a different SIM card, or if it has WiFi enabled and registers with a known WiFi network.)

          Crypto is not much of a hurdle against most people, because most smartphone users are security-stupid and will use 4-digit PINs or that annoying "secure" figure-point thingy instead of a really secure password. 4-digit PINs should be crackable within an hour, maybe less.

    2. Anonymous Coward
      Anonymous Coward

      Re: 1) remove battery (or turn the device off until you can get it to the lab)

      1) remove battery: I would love to see you try with any Iphone / Nexus / some other I can't remember .... :)

    3. Ross K Silver badge

      Re: 1) remove battery (or turn the device off until you can get it to the lab)

      1) remove battery (or turn the device off until you can get it to the lab)

      2) profit!

      Next problem!

      Battery removal isn't possible on a lot of phones.

      You can't turn a phone off if encryption's enabled. Well, you can, but you won't be able to access the info you were after when you turn it back on.

      1. Captain DaFt

        Re: 1) remove battery (or turn the device off until you can get it to the lab)

        "You can't turn a phone off if encryption's enabled. Well, you can, but you won't be able to access the info you were after when you turn it back on."

        From my understanding of the tech level of most police, maybe this is what they're misinterpreting as 'wiped'?

    4. Anonymous Coward
      Anonymous Coward

      Re: 1) remove battery (or turn the device off until you can get it to the lab)

      Removing the battery / switching it off makes their job harder if its encrypted.

      If the device is switched on they can try and gain access via USB debug (if its enabled), system services or the JTAG interface. If its switched off they are forced into attacking the master key.

  3. PCS

    Or simply take the sim card out.

  4. frank ly
    Thumb Up

    The simplest ideas are often the best.

  5. tom dial Silver badge

    Have they not heard of Faraday bags?

    Many available from Amazon.com and quite a few others, $20 or so.

    Alternative, aluminum foil, $.05 or so.

    1. Anonymous Coward
      Anonymous Coward

      Re: Have they not heard of Faraday bags?

      They do use them...standard procedure, but at some point it has to come out, also they are not 100% perfect

      1. Michael Thibault

        Re: Have they not heard of Faraday bags?

        Out, yes, but in an adult-sized Faraday cage, no?

    2. NumptyScrub

      Re: Have they not heard of Faraday bags?

      They also seem to be unaware of the existence of professional data recovery services who claim to be able to recover data deleted from mobile devices and flash memory.

      1) get (encrypted) data recovered via forensic methods

      2) demand suspect provide the decryption key under RIPA Section 49

      .....

      Profit!

      1. Anonymous Coward
        Anonymous Coward

        Re: Have they not heard of Faraday bags?

        They might be able to recover data you deleted, but not if the data has been wiped. iOS has a key for the user portion of the storage that is dropped and recreated. The key can't be accessed, so it can't be copied and saved, and no data recovery company is going to be able to get it.

        You might be able to find a data recovery company that will tell you they can recover from such an event, but if they charge you just for trying it is pretty obvious to see why they'd say that.

      2. John Tserkezis

        Re: Have they not heard of Faraday bags?

        "1) get (encrypted) data recovered via forensic methods"

        If you've ever had to do this, in some cases it's the same reason it's not done as why they don't put any person on the moon anymore. It's possible, but it's so bloody expensive you look for other means.

  6. Anonymous Coward
    Anonymous Coward

    Alternatively

    Innocent person's phone gets stolen by criminal.

    Criminal gets bagged for some other crime, because he's a criminal, they do crimes.

    Phone gets taken as evidence.

    Innocent person discovers theft.

    Innocent person wipes their mobile, unaware that they are destroying evidence.

    1. DN4

      Re: Alternatively

      > Innocent person wipes their mobile, unaware that they are destroying evidence.

      And this complicated chain of events is something you say it happens often, or what's the point?

      1. Anonymous Coward
        Anonymous Coward

        Re: Alternatively

        Criminals swiping phones for illegal use is well documented. Why wouldn't the rightful owners wipe them at some later date?

      2. John Tserkezis

        Re: Alternatively

        "And this complicated chain of events is something you say it happens often, or what's the point?"

        If your phone was stolen, and you had remote bork capability, would you bargain on the odds the thief gets caught and your data is used as evidence to incriminate them? Really?

        It's always safer to bork first, ask questions later.

  7. Eugene Crosser
    Boffin

    Faraday cage will not help

    Assuming the "remote kill" functionality is set up, the phone needs to be (1) FDE encrypted, (2) not rooted, and (3) have a system app that simply turns power down if it cannot connect to the "remote kill" server for a long enough period of time.

  8. Anonymous Coward
    Anonymous Coward

    Or, reverse the procedure

    and have an app which wipes the phone if it doesn't receive a network ping every - say - 24 hours ?

  9. jake Silver badge

    Gee, you think?

    Enacting laws when you don't actually understand the problem ALWAYS makes the law-makers look like the completely technologically clueless idiots that they are.

    More laws aren't working/helpful! Clearly we need more laws to fix this!

  10. MarkCX

    Sim removal might not help. If a phone finds a wifi signal it can connect to, that could also trigger a self-destruct.

    1. Lionel Baden

      open wifi

      Yeah I'm sure that the police in the station have left the wifi wide open.

      1. Anonymous Coward
        Anonymous Coward

        Re: open wifi

        British coppers? Probably.

    2. Daniel B.
      Boffin

      If a phone finds a wifi signal it can connect to, that could also trigger a self-destruct.

      Only if the phone had WiFi activated when it was taken away, and even then only if the phone can find a WiFi network that was previously added to its list of known WiFi networks.

  11. LucreLout

    Wiping a seized device is already perverting the course of justice, so while it might help those facing serious charges, for most run of the mill offences you'd be committing a far more serious offence to cover up a minor infraction.

  12. Crisp

    It gets better (or worse depending on your perspective)

    There are hard drives that you can wipe remotely. And they will wipe themselves should they not be able to pick up a GSM signal after a certain length of time.

    Putting one of these devices into a Faraday cage would actually cause the device to wipe itself.

    1. Hans 1
      FAIL

      Re: It gets better (or worse depending on your perspective)

      > Putting one of these devices into a Faraday cage would actually cause the device to wipe itself.

      So would hiking in remote locations, flight mode on very long trips etc ad nauseam.....

      You only want to kill the phone manually online, really.

    2. Gene Cash Silver badge

      Re: It gets better (or worse depending on your perspective)

      That's actually mentioned in the linked BBC story. They actually did their journalism homework. Much better than an American paper, where it'd be "Obama responsible for losing data"

  13. Anonymous Coward
    Stop

    One thing they haven't clarified...

    ...are these phone the crims devices?

    If my phone was nicked, I'd remote wipe it. Police take said stolen phone as evidence from crim

    The crim has not wiped the phone, I have.

    1. Lionel Baden
      Black Helicopters

      Re: One thing they haven't clarified...

      you have perverted the course of justice !!

      Should of gone AC you fool, start running

      1. Anonymous Coward
        Headmaster

        Re: One thing they haven't clarified...

        Should of gone AC you fool, start running

        Should HAVE gone AC you fool, start reading a sodding dictionary.

        1. Lionel Baden

          Re: One thing they haven't clarified...

          if pedantry is to be used, would not "should had of" been a better choice ?

          I am not a grammer nazi, nor am I trolling, it's an honest question.

          1. Blip

            Re: One thing they haven't clarified...

            @Lionel Baden

            Are you thinking of should've?

          2. Anonymous Coward
            Anonymous Coward

            Re: One thing they haven't clarified...

            Lionel, why are you able to construct and articulate that but yet be unuable to grasp the difference between "of" and "have". It's as big a faux-paus as "axed" as opposed to "asked".

            However "should had of" also makes no sense. Or as the other commentard stated "Should've".

            I AM a grammar nazi, but I am not trolling, it's an honest question.

            So, just for clarification "should of" does not exist, should not exist, will not exist.

            NB "should, of course, done XYZ" is permissible.

  14. Stuart 22

    [SECURE DEVICE: SOLVED]

    1. Get a Nokia 3210.

    2. Don't use the contacts section

    3. It will hold no more data than plod could have got from the network anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: [SECURE DEVICE: SOLVED]

      Yes, except some networks are phasing out 2G… Telstra being one of them.

  15. Fair Dinkum

    Lovely.

    Hoist, petard, own.

    PS all the plods need to do is turn of networking. Or remove the Sim, connect the device to a computer to analyze it, then maybe analyze the sim, as it may contain an address book and other intel, if it was previously used in a dumb(er) phone.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like