in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

FBI Unable to Access 7000 Encrypted Devices in 2017

At the International Association of Chiefs of Police conference, held in Philadelphia last week, Federal Bureau of Investigation Director Christopher Wray noted that the FBI has nearly 7,000 encrypted devices it cannot access. Per the phillyvoice.com:
In the first 11 months of the fiscal year [2017], federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech….
Considering what Wray's predecessor had to say about the issue in 2016, the problem is growing, fast:
[Former FBI Director James Comey] said, during the last three months of 2016 the FBI lab received 2,800 electronic devices sent in by local police and federal agents looking for evidence they contain. But analysts were unable to open 1,200 of them, "using any technique."
Assuming that the influx of inaccessible encrypted devices to the FBI's labs remained relatively constant last year, the implication is that the FBI possessed 4,800 encrypted mobile devices in 2016. In other words, there was a 50% increase year-over-year.  

A Growing Problem

One can expect the number of inaccessible smartphones to keep growing for a number of reasons.
First, older devices get replaced with new ones, eventually. That in of itself doesn't mean anything security-wise, except that encryption was not turned on by default for many older devices. Even if encryption were turned on, a password may not have been required.
Smartphones and tablets now come with encryption turned on by default and require a form of password; one can assume that nearly 100% of the phones the FBI needs to search in the future will be inaccessible.
Second, encryption tends to get stronger over time because researchers are constantly trying to find flaws in it. When found, they're patched up. Cracking techniques that may have worked in the past may not be available on newer devices.
When the FBI filed and then dropped a lawsuit against Apple in 2016, the Bureau revealed that it had obtained a method to gain access to an iPhone 5C (they didn't reveal what it was). Thus, it didn't need to force Apple through the courts. It also noted that this method didn't work on iPhones newer than the 5C, so that's as far as that technique will go. Seeing how OS updates to the iPhone 5C ended this past summer, the FBI's mysterious technique will see limited action in the future.
This tends to be the general pattern for flaws in security (assuming, of course, that you have bright people working on the problem; sometimes, flaws go undetected for years, possibly decades. Still, encryption performance points in one direction).
Third, more people are aware of the power and need for encryption. When the FBI butted heads with Apple (and, indirectly, with the entire tech community) in 2016, many in Congress initially supported the FBI. Calls for encryption backdoors, explicit or otherwise, were in the air. As time went by and these representatives educated themselves on the pros and cons of purposefully hamstringing cryptography, they started backtracking.
But, it's not just Congress. Ironically, the Apple vs. FBI case caused ripples and worked to educate a lot of people about encryption and its benefits, detriments, and importance. With more people aware of what encryption does and how it works, you can expect encryption to extend to even those devices that don't come with it by default.  

How to Solve It?

So, yeah, encryption is problematic for the FBI. And, it will continue to be problematic. Hence, it's not surprising to find that,
The Justice Department under President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from technology companies. But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take. [apnews.com]
Honestly, short of a backdoor, there isn't a solution here, and a backdoor is not a solution. Still, seeing how strange 2017 has been (and will probably be for the next three years, at least), it wouldn't be surprising if the FBI finally got what they wished for. No matter how ill-advised it might be.
 
Related Articles and Sites:
http://www.phillyvoice.com/fbi-couldnt-access-nearly-7k-devices-because-of-en/
https://gizmodo.com/the-fbi-cant-stop-fearmongering-about-encryption-1819772851
https://www.nbcnews.com/news/us-news/comey-fbi-couldn-t-access-hundreds-devices-because-encryption-n730646
https://apnews.com/04791dfbe30a4d3596e8d187b16d837e
 
<Previous Next>

47.5 GB of PHI Left Exposed on the Cloud. (That's 316,000 PDFs)

Hilton To Pay $700,000 Over 2015 Data Breach, Slow Notifications

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.