Updated: Jun 28, 2019
I phones make up, around 70% of the devices we see through our forensic facilities. In general owners are able or forced to provide their passkey so our work then revolves round getting their data back.
However, what happens when you don't have or aren’t given the passkey? This is the sort of situation we come across in our Forensic business.
We are tasked daily with getting access to locked and damaged phones. The two major phone systems currently being used, are iOS for Apple, and Android for almost everyone else. Our labs complete both recovery and forensic exercises on both these platforms and many other makes and models of phones. In fact, we support over 3000 phone models for investigation or recovery. Most of the volume comes through our data recovery service where we typically get back client data from damaged phones. When you consider the average person has over 600 photos on their phone and also that it is often their most used device for online work. Then, it's no wonder people are keen to get their data back and a recovery service is often the only way to do it.
We also provide Digital Forensics services. These see us participate in investigations with our role being to uncover or obtain data from computers and other devices. These days, that means we see a lot of phones. Obtaining data from phones can involve work at both a hardware and software level. On the hardware side, we have a whole host of interfaces used to gain access to a phones data and we have also developed a few of our own bespoke tools and techniques. On the software side, we use a range of tools typically used by advanced law enforcement and security organisations. However, phones continually change, with new models being launched. Also operating systems like iOS and Android are being regularly updated with security patches so, both forensics and recovery are moving targets.
Where we have the passcode, then our work becomes considerably easier and we can focus on the actual data. However, if we are asked to (legitimately) access a phone where the passcode is unknown then it gets much more difficult. In time, our tools generally enable us to "crack" or unlock the phone. However, it’s a bit like an arms race with phone manufactures adding to security and people like ourselves looking to reverse engineer access. This means that there are always some phones which realistically cannot be cracked, yet…
Many clients remember the case at the end of 2017 widely reported in the press where the FBI supposedly asked Apple to unlock Devin Kelley's iPhone. He was the Texas gunman who killed 26 and injured many more. This event highlighted phone security, not just for Apple but for Android too, on phones being accessed without a passcode. The sentiment at the time was that if the FBI was struggling then it must be all but impossible to access a locked phone. However, these days that is not the case for bona-fide organisations with the accredited tools and skills to use them. As of the date of writing this post. We can, either with tools within our own Lab, or from our software providers, unlock the latest iOS version on all Apple devices. We can’t always unlock the very latest OS versions as they are released. But in time it generally becomes possible.
Please do note, that cracking, or unlocking, a phone is not a trivial matter and the cost can vary wildly depending on the phone model and software version it is running at the time. At DataLAB, whilst we have the tools and skills necessary for this work, we will only crack devices where their provenance can be clearly established and where there is a legitimate interest in data recovery or forensic investigation without access to a passcode.
The moral here is that everything becomes accessible /crackable/ unlockable over time.
Level 1, 399 Khyber Pass Rd, Newmarket, Auckland 1023
Level 15, 171 Featherston St, CBD, Wellington, 6011
Ground Level, 6 Hazeldean Rd, Addington, Christchurch, 8024