SCSO can hack your phone without a warrant

So, I had a conversation with Ozzy himself last fall. He's a power hungry cop that talks about the Constitution out of one side of his face, while allowing his deputies to run wild. I know, I recognize the type, as I worked with many of them (larger agency) for most of my adult life. He refuses to purchase body cams for his deputies.... But hey, technology to hack into a phone without a warrant.... They will use info they find to then apply for a warranty, defeating the purpose.....

I'm not sure what you're upset about.  Almost every LE agency has access to these devices and uses them regular for lawful searches during investigations.  I saw nothing in the article that implies they will search your phone without a warrant and then use that information to obtain a warrant.  I think you may not fully understand what the term "exigent circumstances" means in the context of search and seizures.  And I don't mean that in a condescending way either as 95% of the population doesn't either.   LE can conduct a search of constitutionally protected areas when they have one of the three present; a search warrant, consent, or exigency (exigent circumstances).  This applies to everything including cell phones.  The courts are also extremely critical of the use of the latter two warrant exceptions with the burden of proof resting on the prosecution that they were conducted in good faith and with sufficient grounds.  While the system is far from perfect, the implication that LE is using these devices during criminal investigations for nefarious purposes without adequate judicial oversight is simply not true.

The key with exigent circumstances is that there is not enough time to obtain a search warrant to prevent death or serious bodily injury. Such as tracking an active and endangered kidnapping victim/suspect. They must apply for the search warrant after the fact and if denied there goes any criminal prosecution.

This tech has been out there for some time, only a matter of time before every small town that didn't need a SWAT team and doesn't need one of these either, will have them.



You can't possibly be this naive, or by your username maybe you're biased.

I think you may not fully understand what the term parallel construction means.

Just wondering, instead of freaking out about what could be done with the technology, we freak out once it is used improperly? I can see that there is a great danger of overreach, but without the occurrence there is no real issue. Going crazy over this is akin to anti's going off about your rifles potential danger.

My implication was not all LE in general, no way. I'm actually very pro law enforcement. That being said, I've personally seen SCSO deputies go way too far and it was swept under the rug. We would have been fired and most likely brought up on charges where I'm from. I honestly have no faith in the leadership of that agency. Hopefully the next Sheiff will clean it up and polish some of the tarnish off that badge. Note that I'm not slamming the Deputies at all, there are many great ones in that agency. They should know that it only takes one "aww fvck" to knock out 10 "atta-boys." Or at least, that's how it was put to us in the military. Unfortunately nobody remembers the good, only the dirty. The bad apples sour the image of the batch. And that's not what's needed right now.

Copy that.  Sorry if my response came off as sort of defensive in nature.  Being concerned is a good thing.  There is just a lack of good information being disseminated about the topic and most of what you'll find on the web is misleading.  I think LE would be smart to work on being more transparent and facilitating more community outreach on the topic to dispell any misguided concerns which is where I was trying to go with my post.  And you are correct that most failures in LE are directly related to a lack of good leadership.  

And to the poster above who brought up "parallel construction".  These forensic analyzers all have safeguards which document all activity on the phone including access or manipulation of software/hardware.  If you were to go through the phone or perform a forensic analysis before a warrant there would be a electronic record of that on any subsequent analysis.  Is it perfect, no, but nothing in the criminal justice will ever be as long as there is a human element.  Washington has more safeguards and some of the broadest protections against government intrusion / search and seizure than any other state.

This is why you should update your Apple phone when new iOS software comes out, and update your phone hardware every year or two as well.

A lot of the tricks Graykey used don't work in post 2018 iPhones running iOS 12 or later.

With Android of course, you're probably screwed. A lot of the Android phones can't be updated, and their resistance to this kind of attack isn't as good as Apple to start with.

I've been to Snohomish County Sheriff's Citizen's Academy (I totally recommend going to that free course they hold every year.. very eye opening on what they do).

They did talk about cell phone access.  If they can't get into it they actually can pay a company to hack into the phone for them.  Remember the iPhone fiasco where they wanted in.. well they stop demanding Apple due to finding another company to hack into the phone.. I believe it was an Israeli company that did the work.

For the San Bernadino case, the FBI used Cellebrite, but their way of cracking iOS security hasn't worked since iOS 13.

Cellebrite even admit it themselves that they can't crack iOS 13.



https://www.cellebrite.com/en/blog/a-first-look-at-ios-13-here-are-the-methods-you-can-trust-for-extraction-and-analysis/

It seems like a lot of criminals simply use old phones, don't secure them properly and don't update them.

I'm actually more worried about Stingray type tech than I am someone cracking my phone. I don't have anything to hide, but there's been plenty of solid rumors about non-US actors using Stingray's in the US for intelligence purposes.

Good article on them below. The problem with Stingray is that they insert themselves into the data stream and use fake certificates to crack encryption on some apps. And it's hard to tell which apps are vulnerable.

https://www.eff.org/pages/cell-site-simulatorsimsi-catchers

It's called a Man-In-The-Middle attack, and it's hard to detect.

https://www.itnews.com.au/news/dozens-of-ios-apps-open-to-man-in-the-middle-attack-450209