Misc

Android Pattern Lock Foils FBI’s Attempt to Search Criminal’s Phone

55

While I think we’d all agree that pattern unlock isn’t the most desirable method for locking your phone down if you need the absolute highest degree of security, it appears that it has foiled someone. That someone happens to be the FBI. A pimp named Dante Dears was asked to turn in a cellphone that he once admitted never existed. The FBI, eager to find information that could help take him down, found that he’d locked his phone using pattern unlock, a method to unlock an Android phone using a pattern drawn on a 3×3 grid.

Normally, they’d be able to search through his phone then and there due to a waiver he signed which would give up his fourth amendment right as part of his parole term, but since the device was locked (which was apparently a violation of the waiver) they needed to obtain a warrant.

They did so, shipped the phone off to the FBI and intended to get to work… only to find it impossible to get inside the phone. They tried different combinations on the pattern unlock screen 20 times before they were hit with the infamous password prompt. The FBI has sent a subpoena to Google to get access to Dears’ Google account to obtain the following:

  • The subscriber’s name, address, Social Security number, account login and password
  • “All e-mail and personal contact list information on file for cellular telephone”
  • The times and duration of every webpage visited
  • All text messages sent and received from the phone, including photo and video messages
  • Any e-mail addresses or instant messenger accounts used on the phone
  • “Verbal and/or written instructions for overriding the ‘pattern lock’ installed on the” phone
  • All search terms, Internet history, and GPS data that Google has stored for the phone

We’re sure a few of these things won’t be found within his account, but I guess it doesn’t hurt to be thorough. This article isn’t intended to highlight the case, but Android’s use of security that even has law enforcement agents left scratching their heads.

I suddenly feel the urge to set one up myself even though I have nothing embarrassing or incriminating on my phone. Has Android’s pattern unlock been successful for you when absolutely needed? [Ars Technica]

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

O2 UK Promises ICS for Galaxy S II in Mid-April

Previous article

Minecraft: Pocket Edition Brings Survival Mode and Pigs

Next article

You may also like

55 Comments

  1. And yet my company’s exchange servers require me to lock my phone with a pin number.

    1. Install Enhanced Email and you can by pass the pin number lock restriction.  I prefer to lock my phone w/ pattern over the stupid 4 digits pin.

  2. Most people, I imagine who use the pattern lock don’t use complex patterns like the one shown here.  Every time I’ve seen someone use one, it’s been a fairly straightforward pattern.  One that’d be fairly easy to get via brute-force.  But the same can be said of PINs; most people use fairly guessable combinations of numbers, especially if you have any knowledge of the target.

    1. But they tried brute force. The problem is once you try 20 combinations, you get locked out. the odds of getting even a simple unlock pattern right in 20 tries are pretty slim.

      1. I’d disagree.  I was able to guess a friend of mine’s pattern in 4 tries (it was a simple pattern).

        The point is, people aren’t going to go for maximum security. There is a direct linear trade-off between security and convenience. The higher the security, the lower the convenience. And most people are willing to sacrifice security for convenience.

        1. Could you do it for a stranger?  You know your friends preferences.  Heck, you might even have seen him unlock to phone an had some basic memory of how his finger moved.

          1. Or simply just looked at the smudges on the screen. That’s the disadvantage of the pattern lock… if you don’t wipe your screen it’s easy for anyone to get in.

        2. I’d call that luck. We can put some numbers together though. 3×3 grid, let’s define a simple pattern as 4 or 5 nodes. That’s 8776 possible combinations. You have 20 tries, so the odds are 438.1 to 1 or a 0.23% chance of solving it. Take it down to just 4 nodes (the minimum possible), and you have 1624 combinations, giving you a 1.23% chance of solving it in 20 tries.

          Just because something is more convenient doesn’t mean it’s less secure. Thumbprint scanners are more convenient than combination locks, but are much more secure. 

          My point here is that they tried brute force, it didn’t work, and it’s not surprising considering they had less than a percent of a chance at getting it right.

          Oh, and citing my source on the combinations:
          http://maximum-likely.blogspot.com/2011/01/android-lock.html

          1. Agreed. I think we need to define what exactly is a “simple” lock pattern? Could it be 3 across and one down from the top line? Could it be from the bottom to the top and then to the left by 2? Could it be a square? Could it be 2 simple lines?

            That’s 4 tries already, and there are many other combinations on that grid that could be classed as “simple”.

        3. Because your isolated case of guessing his pattern in 4 tries will be the same for everyone else?

        4. Obviously you’re not a pimp! :-)

        5. Obviously you’re not a pimp! :-)

  3. Well that’s embarrassing, it’s not like its hard to remove it with root.

  4. This is hilarious! And pretty awesome.. 

    *pattern locks phone now* O_o

  5. WIN

  6. I don’t think Google should ever be forced to give over such personal information to ANYONE. The fact that they were even asked makes me wary of what they are collecting.

    Just for clarification: I trust Google, as long as it stays at Google (like Vegas)

    1. No one, not even Google, is above the law. 

      1. correct, but the law has no right to force google to give up private information about a customer like that… so therefore, if the FBI has a propper warrant then google should hand over ONLY the information requested, if there is no propper warrant then google should refuse to hand over any information. 

        1. Keep in mind the suspect was on parole and had already waived some rights in exchange for early release.

          1. thats all fine, I don’t know the specifics and I won’t pretend, I just think no matter what it should be done by the right terms if google is going to hand over info like that. just because he is a criminal doesn’t mean he should be treated differently by a company like google… although if he did indeed sign some waiver that said any personal information about him cannot be withheld regardless of security or whereabouts then sure google should hand it over.

          2. Probably in his wavier it said that he must hand in all phone information or something similar I imagine. as they can’t get into the phone they are asking google. Seeing as he presumably gave them his permission to view private information it could be the only way.

          3. As a former Probation Officer and from what I read in this article basically the parolee has agreed to a “warrantless search” by being on parole.  On probation, we could search the probationer, his car, and his house or shared living quarters without a warrant unlike the police at the time who would need a warrant to search him.

            With that said, it would not be a violation of his parole for him to not provide the unlock pattern.  He agreed to hand over his phone to be searched and that’s it.  Now, the FBI needs to obtain a warrant to get the information straight from Google because they could not get it from the phone.  That’s all this is…

      2. the united states government is corrupted as fuck. this isnt an insult but thats been known for a long time and i wouldnt and dont trust the govt  probably never will. i mever believed they were serving my interests. when i was old enough to understand they had already lost any credibility as an honorable entity

  7. So this can only be used with pimps and other scum right? I would hate to give my phone to be fondled by a horny cop

  8. I use it with Cerberus and it takes a picture with the front facing camera after 2 failing attempts and emails it to me. 

    Never had it stolen to use it, but it does send me funny pictures when im drunk trying to unlock it

    1. You know any other security apps that take pictures after failed attempts? I am looking for one myself

      1. Android lost does a similar one where you send the phone a message (like low memory) and when the user clicks ok it takes a photo and uploads it.

      2. GotYa! Face Trap (Phone Security)

        1. ^ yup I use Gotya and it has yielded some great results

  9. I love my pattern unlock method.

  10. Thats one smart pimp, Harvard graduate i presume!

  11. I approve of this.

  12. Big Daddy Kane was right, pimping ain’t easy ;-)

  13. Idc

  14. FBI Fails.

    For any phone that can be rooted — which is the vast majority — you can bypass any basic security as long as the phone wasn’t also encrypted, which most aren’t.

  15. One time I found my bro’s phone, I got the pattern right on the 1st attempt. He had some.. interesting photos.

  16. And iSheep claim the pattern lock is unsafe. It is easier to get through a pin code than a lock pattern

    1. Probability of guessing a pattern unlock is actually higher than a PIN.  You have 16 digits maximum for a PIN.  And on top of that for a PIN, each number after each other is independent of one another…in other words 10^16 possibilities.  For the pattern unlock, you cannot repeat a point and you cannot “skip” over a point in a straight line.

      1.  It’s hard to memorize a 16 digit pin. It’s easier to memorize them if they are based on someone’s birthday or address so if you know that kind of info, it’s much easier to guess. Patterns on the other hand aren’t based on any similar association.

      2.  you can skip over a point.

  17. Some of you bring up rooting, however, that also loses all the data they’d want to view. Kinda pointless.

  18. And people say Android is not secured. More like its  awesome!!!

  19. can’t you bypass the whole unlock by just mounting the nand memory or pulling the information with light..same way by flashing but reverse. I would just take the phone apart and take out the memory chips that have that info on there. You can’t say that we don’t have that tech because we do. FBI is just lazy. Also on a side note. I would think that Google(makers of the pattern unlock method) would have the encryption algorithm for it and can just deactivate it on the phone and give the phone back to the FBI without giving any information. Don’t know if I’m right but it makes sense to me.

  20. Am I the only one thinking Lookout Mobile phone wipe in this instance? Not to mention, does Google relate your phone # to your google account? If not, I’m curious as to how they’d even find out what google account was his.

  21. My pattern unlock cannot be guessed. I use all the nodes on the screen. It also cannot be discerned from the smudges on the screen, too many smudges. The last thing you do on your phone is not enter the pattern, so there are no fresh smudges unless you just unlock the phone and shut it off without using it for something.

  22. A lot of the stuff they’re asking for Google won’t be able to provide, they’ll have to get it from the carrier. Unless Google really is invading privacy and does have access to that much data. Big brother big business.

  23. dont help the fbi google. the govt cant be good for anything at this day and age

  24. Bishop Don Magic Juan would be proud.

  25. This is all very funny until someone gets hurt because law enforcement was hindered from doing their job. 9/11 is still ringing in my ears. :(

    1. ಠ_ಠ Really? You don’t see the slippery slope, loss of freedom issue underlying all of these shenanigans?

      1. no… i see the problem with distrusting all government officials.

  26. Why don’t they just give him the “phone” back?
    Or rather a similar model with a fake pattern lock and it records (and transmits) which pattern he tries to open the phone with, even if he hides it from view. He will most likely try multiple times to get it right, but it will fail as it is the wrong phone.

    The FBI will now have the correct pattern. True… now it is no longer working, as it is asking for a code. Well.. let the phone show that code prompt too…

  27. The only problem I have with pattern unlock is that you can typically see smudges on your screen from repetition of the pattern.  At that point somebody with half a brain could probably at least narrow down a few patterns that would match the lock pattern on your phone.  Maybe the FBI stupidly cleaned the screen before attempting this, and maybe I should be more OCD about cleaning my screen. lol

  28. ds

Leave a reply

Your email address will not be published. Required fields are marked *

More in Misc