Google discovers that it is possible to release the terminal lock of the smartphone owned by the user remotely

A report on the encryption and safety of smartphone published by District Public Prosecutor of New York stated that "Google can unlock terminal lock of Android smartphone remotely only if search / seizure letter is issued" It has developed and has evolved into the situation described by Google's PR.

11.18.15 Report on Smartphone Encryption and Public Safety.pdf

Google can remotely bypass the passcode of at least 74% of Android devices if ordered

In the report "search warrant and unlock order", the court describes the correspondence between Apple and Google in the case that the court issued a search warrant and issued an unlock request for the mobile terminal owned by the target.

According to the report, "Full Disk Encryption" which encrypts the whole is adopted for a terminal equipped with Android 5.0 or later, and even if there is a court order, it is impossible for Google to unlock the terminal. However, since full disk encryption is not enabled by default, Google may be able to release a device that is not activated remotely. For the Nexus series with Android 5.0 or later it is said that full disk encryption is enabled by default, but it seems that it depends on the model.

Meanwhile, for terminals equipped with Android 4.4 or earlier, because full-disk encryption is not adopted in the first place, "Google unlocks the terminal remotely and the police evict from the data left in the terminal It is possible to collect ". Google released in November 2015Share by Android versionAccording to Android 6.0 is 0.3% and Android 5.0 and 5.1 is 25.6%. This means that about 74% of Android devices are using Android 4.4 or earlier, and Google will be able to unlock the device remotely.

About the facts found in the report, IT-related mediaThe Next WebI checked with Google that Google can unlock the device remotely only "Android 4.4 terminal screen locked with pattern" only, and remotely unlocks the device locked with PIN and password It can not do.

For Apple's iOS device, no matter how many times you make a mistake password will not be locked For iPhone 4 only, try all password combinations "Brute force attackYou can unlock it with ". A terminal equipped with iPhone 4s or later and iOS 7 is impossible to brute force attack, but when a court order is issued, the data that Apple has released the terminal in its own way and saved It is a procedure to submit a copy of.

Since iOS 8 is a specification that Apple can not access the terminal unless Apple owns a password and Apple does not hold the password of the terminal, even if court orders Apple will lock the terminal It is impossible to release. In addition, Apple has releasedOS share, IOS 9 is 67% and iOS 8 is 24%, and only 9% of the terminals are using iOS 7 or earlier.

in Mobile,   Security, Posted by darkhorse_log