NYPD is running a $10million forensics lab to crack into iPhones

How the NYPD is using a $10million lab with a supercomputer that generates 26 MILLION iPhone lockscreens a day to find a way to get past Apple encryption

  • Police in New York have a new forensics lab where they try to crack smartphones
  • The lab has a supercomputer that can generate 26 million passcodes a second
  • Because of limits placed on incorrect passcodes, it can still take time to guess 
  • It can take almost four months to try all the possible lock screen passcodes

The New York Police Department are operating a new forensics lab to try and hack into smartphones to collect evidence from a person’s texts messages, GPS data, and voicemail transcripts and more.

The lab cost roughly $10 million and is located in the Lewis J. Lefkowitz Building in lower Manhattan, across the street from the county Supreme Court. 

It features a radiofrequency isolation chamber, which prevents any incoming or outgoing signals from reaching the phone, ensuring it can’t be remotely accessed or wiped.

The NYPD spent $10million on a special forensics lab in lower Manhattan where experts try to crack into smartphones to get around end-to-end encryption and gather evidence from a person’s text messages, GPS data, voicemails and more

The NYPD says that at any given time, there are around 3,000 smartphones in the lab that police haven’t been able to crack.

Because both Apple and Google rely on end-to-end encryption for their smartphones, the only way to gain full access to a phone’s contents is to unlock the physical device.

New York District Attoney Cyrus Vance says this has become a major obstacle for police conducting investigations. 

‘You entrust us with this responsibility to protect the public,’ he told Fast Company.

‘At the same time, [Apple and Google] have taken away one of our best sources of information. Just because they say so.’

When the lab gets a new phone, the staff connect them to one of a number of computer stations that generate passcodes to try and get past the lock screen.

The NYPD forensics lab is located in the Lewis J. Lefkowitz Building (pictured above) in lower Manhattan, across from the county Supreme Court

WHAT IS END-TO-END ENCRYPTION?

End-to-end encryption ensures only the two participants of a chat can read messages, and no-one in between – not even the company that owns the service.

End-to-end encryption is intended to prevent data being read or secretly modified when it is in transit between the two parties.

The cryptographic keys needed to access the service are automatically provided only to the two people in each conversation. 

In decrypted form, messages are accessible by a third party – which makes them interceptable by governments for law enforcement reasons.

Facebook-owned WhatsApp is already encrypted, and now Mark Zuckerberg is looking to do the same with Facebook Messenger and Instagram Direct. 

After six failed attempts, iPhones will disable the function for one minute, which limits the police to 360 attempts per hour, or 8,640 per day.

Even though the correct passcode cold be randomly generated in a second or less, it would still take up to 115 days to input all the options.

According to Vance, the number of locked phones coming into the lab have steadily risen, from 52 percent in 2014, to 82 percent today, but only half of those will ever be unlocked. 

In the past, Apple has been willing to provide data from iCloud accounts, but has generally refused to help law enforcement access the devices themselves, which it began encrypting in 2014 with the release of iOS 8. 

‘Even if we are lucky enough to get into the cloud or even if we’re lucky enough to get some of the metadata, we’re still missing an awful lot of important information that’s critical to the investigation,’ Steve Moran, director of the High Technology Analysis Unit, said.

Some worry that the data collection will only lead to more prosecutions, but Moran says the cracked phones can sometimes get people out of charges too. 

New York District Attorney Cyrus Vance (pictured above) has been an outspoken critic of Apple’s end-to-end encryption policy, saying ‘they have taken away one of our best sources of information. Just because they say so.’

He points to 16 cases where evidence found on a locked phone was used to dismiss a case.

Earlier this month, Apple confirmed it had abandoned a plan to expand its encryption services to iCloud accounts after the FBI complained. 

The company has said it remains committed to using end-to-end encryption for its smartphones and tablets. 

HOW WOULD ENCRYPTED ICLOUD HINDER THE FBI?  

The FBI relies on hacking software that exploits security flaws to break into a phone. 

But that method requires direct access to the phone which would ordinarily tip off the user, who is often the subject of the investigation.

Apple´s iCloud, on the other hand, can be searched in secret. 

In the first half of 2019, US authorities asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts.

The company said it turned over at least some data for 90 per cent of the requests it received.  

Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.

Instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.

But backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.

Apple is not the only tech company to have removed its own access to customers’ information.

In October 2018, Google announced a similar system to Apple’s dropped plan for secure backups. 

The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

The company continues to offer the service but declined to comment on how many users have taken up the option. 

The FBI did not respond to a request for comment on Google’s service or the agency’s approach to it.

Source: Read Full Article