Like drivebyacct2 mentioned, though, asking Google for the SSN of a user is kind of odd, and I really hope Google doesn't know that. It's possible the carrier might know, but Google shouldn't unless the suspect was receiving payment from AdWords or Google Checkout/Wallet (do they need SSN for tax reasons at that point?)
But what if the safe in the metaphor is owned by someone else and residing on their property, and contains multiple smaller safes inside? That's kind of like cloud-based apps that Android uses heavily. The Feds have enough reason to believe there is relevant information in email, text, and web searches to convince a court of this (difficulty level of convincing a court is debatable).
There also is generally a lot of shit the man pushes out with the knowledge they likely won't be given a response to, and they will accept that. It's a fishing expedition. It's not right, but it's common.
> In it, the FBI asks for a warrant to be served on Google. It wants to know:
> The subscriber's name, address, Social Security number, account login and password
I would hope the FBI is bright enough to know that in all likelyhood Google stores their users passwords in hashed form. How would Google actually be able to comply with this request for the password?
What would happen if they can't comply (they can't)? Would this eventually lead to legislation that forces services to store passwords in plain text or reversible encryption (which is pretty much the same thing)?
select * from smses where login = ?
Most of the other data they were requesting can easily be produced by Google - sure. I'm not denying that at all. I'm just saying that the (original, as set by the user in question) password is probably not retrievable and I'm also saying that the FBI should know that.
It may be the FBI intends to try the password elsewhere. Lots of people use the same password across multiple accounts of various different types.
Or maybe they intend to submit it as evidence if it's something like "masterpimp"
Or that would break the rules regarding forensic data retrieval, and make the information gleaned in that fashion inadmissible as evidence.
This is why backup images are made first, which is not possible with phones when they are locked... the backup images are operated on when doing digital forensics, so that the result can be reproducible by a third party.
I wonder. This is a subpoena, right? If so, it's not an order for Google to alter anything, just to give the FBI certain information that they have. It may very well be that Google cannot comply with the specific order as granted, but without the text of the order I can't be sure.
There is a difference between "Give us this user's password" and "Reset this user's password and provide the credentials to us."
As a side note, I really dislike this style of reporting. I doubt the judge disagreed with Soghoian if Soghoian published his blog post after the judge published his opinion. The article makes it sound like a stupid judge made the wrong decision by not reading some expert opinion that was available to him. If the judge disagreed with anybody, it was defense counsel. But the article doesn't mention any objection by the defense. Perhaps, because as a lawyer, he is in a better position to know what's legal and what's not?
But I believe the attempts were not random. They probably did what you suggested, inspects trace of the fingertip grease and discovered a much more constrained set of possible possible patterns.
So they basically got an un-directed graph and now they thought they could figure out the most likely directed path in the graph that would unlock the phone.
Somebody probably made an educated (but eventually bad) guess about what the unlock path would be.
Depending on the phone, they should be able to get into recovery mode and connect via adb. However, if it has a locked bootloader, they're SOL, and my schaudenfreude is without limit :)
The FBI's forensics people are idiots, basically. They have what they want already, they never needed the PIN code.
This isn't a high-priority case, so the FBI will always go with the cheaper, quicker option.
Going to court harder than spending half an hour to dump the phone? Really?
Surely anything they gather from the phone now will be useless in court?
Do you know where in the source this is?
You must have already have root but since they mentioned it's a Samsung phone then all you do is find a CWM/Rooted kernel tar and flash via Odin then do the steps below.
adb -d shell
sqlite> update system set value=0 where name='lock_pattern_autolock';
Reboot from there and the lockscreen is bypassed.
Remember kids, use this for good and not evil muahahhahaahhaah
PDF of the application.
Face unlock was even weaker since anyone who had access to your photo could unlock it.
I thought that rumour was debunked by Google engineers within the first hour that it launched?
edit - The quote is "Responding to a Twitter message from someone who say Face Unlock could be hacked [with a picture of the person], Bray said, "Nope. Give us some credit.""
This is also super interesting: "His parole conditions prevented him from doing anything to hide or lock digital files."
So if convicted of a crime they can require you to not use basic personal and identity safety measures.
Not really a new concept, it's fairly similar to banning a paedophile from going near schools, banning someone on parole from leaving the country (or state), or enforcing a curfew, etc. Similar in that it's restricting what would normally be anybody's right.
But more to the point, so man computers now expect password-protection. I don't see how this amounts to something other than a ban on general computing and for reasons that are not distinctly related to the offence.
But in reality, technical government agents have very little incentive to do their job well done. They just wanna get over it and go back home. As a result you have highly untrained personnel, who doesn't keep up with latest technology and will do the bare minimum to just not get fired. Their methods are always amateurish and easy to avoid if you're actually trying.
I'd imagine the US is a bit better than my country in this regard. But I'd doubt that by much. I'm still sure that their technical skills are light years behind what the public perception is.
And thank God, or we would be even more deeply fucked.
In other words: The FBI doesn't care if they actually get the information in this case; they want to know if they'll be able to get such information in future, more important cases.
like that would be held in court for anything? let's thing analogically: would a mob king be freed if a judge authorized a safe with evidence to be opened on the 4th but it was only opened on the 7th, and new evidence was put into the safe by other agents on the 6th?