Not really, no, because it turns out cops aren't actually stupid. When they arrest you and take your phone (or anything electronic, really) the first thing they do is clone the memory. You might succeed in wiping out a copy by giving them the alternate password, but that's just going to add to your charge list.
There was a case a few years back (discussed on HN) where a gang had software installed on everyone's phone that caused a remote wipe when activated. The cops did a big raid, and even though they took everyone's phone someone they hadn't caught yet was able to wipe them.
The cops changed their SOP so that when they get ahold of your phone the first thing they do is yank the battery.
> When they arrest you and take your phone (or anything electronic, really) the first thing they do is clone the memory
Depends on the situation. If it's a raid due to software piracy - then probably. If they pulled you over for speeding and arresting you - they probably won't or even know what to look for.
And I really can't think of a way to clone a device like an Android device without unlocking it. ADB now a days requires your explicit permission from a prompt. And if you are like "oh they have ways" I would be very interested in that because that sounds like whatever they are doing are using an exploit or some sort of back door.
I found this article [1] and I'm already suspect of FUD.
The first part talks about bluetooth pairing with the device - which requires unlocking. The second page talks about unlocking an iPhone with plist files from a synced computer. So it's not a matter of some magical device that can backdoor a phone - but rather using interfaces that already exist.
I found this company [2] and it has the usual marketing ploy - but a quick google search doesn't reveal any actual reviews of people using it. I can paragraphs of marketing spin but no one actually saying "we used this to get into cell phones that were password protected".
I'm not saying it's not possible - I just find it hard to believe without it making modifications to the underlying software (ie flashing a ZIP on android that zeros out the pin password or something).
>And I really can't think of a way to clone a device like an Android device without unlocking it. ADB now a days requires your explicit permission from a prompt. And if you are like "oh they have ways" I would be very interested in that because that sounds like whatever they are doing are using an exploit or some sort of back door.
No, they don't need to use any kind of exploit. They have hardware that allows them to clone the the device's memory. I doubt it has to be on at all.
There's no way to secure a device if the attacker has physical access. The best you can do is secure the data with encryption.
What I meant is they yank the battery as soon as they get the phone. I believe you can clone the memory without powering the device if you have the right hardware. If not they could always disconnect the antenna before powering up.
But what I wonder is how they circumvent the entire trust mechanic when the phone is locked. When the phone is locked most of the storage is encrypted too.
I wasn't trying to say they can somehow get your plain text - this is just a copy of encrypted data. What they can do is keep you from tricking them into destroying the data they have.
Yes. The A7 came out after anything I've read on the subject, so it may be more difficult. But really all this means is they need to get the copy without destroying the phone and have some way to put it back. The point isn't to brute force the data somehow, but rather to protect it from being destroyed while the wheels of justice crush you.
I've always thought the way to deal with this is to use a OTP scheme. If you have a one time pad that's as large as your data set (assuming we're talking about some reasonably small number of critical documents here), you could generate the cyphertext from your key and then generate another key that translates your cyphertext into something innocuous - grocery lists or whatever.
There's no way the court could prove the key you gave them isn't the right key.
It'd probably be best to do this on a format that can plausibly have such extra data (assuming you generate more operational data than you do plausible cover data). An encrypted disk file is probably a good bet. So long as it's not too egregious, it'll probably be OK. "Yes I have a 64MB encrypted disk, even though my working set is only 2MB."
In fact, I wager that you could find a spot on any phone model that you could hit with a narrow drillbit to disconnect the power. You could make a jig that you put the phone into and guides the drillbit into just the right spot.
It would only take seconds to use, but you would need to be prepared for the specific phone model.
Maybe you could even have a CNC machine preloaded with the data for a wide variety of phone models. You put the phone down on the work surface, key in the model, and the CNC machine deftly cuts through the right power lead. Less portable, but would require less precise planning.
I'm a little confused here. Are you trying to say there's no way you can disconnect the battery of an iPhone even if you don't care whether or not it works when you're done? Really? I begin to doubt your fitness for this conversation.
I was under the impression that you couldn't run a bruteforcer against these phones because the key is kept inside of a hardware security module. Couldn't the duress code just wipe the key in the HSM?
If they can copy the HSM, that wouldn't help, but in that case, it doesn't really seem like they need your help getting the PIN in the first place.
>I was under the impression that you couldn't run a bruteforcer against these phones because the key is kept inside of a hardware security module. Couldn't the duress code just wipe the key in the HSM?
That's something I hadn't considered. Is it set up that you can create and destroy the keys but never get access to them?
There was a case a few years back (discussed on HN) where a gang had software installed on everyone's phone that caused a remote wipe when activated. The cops did a big raid, and even though they took everyone's phone someone they hadn't caught yet was able to wipe them.
The cops changed their SOP so that when they get ahold of your phone the first thing they do is yank the battery.