Detectives from Scotland Yard's cybercrime unit decided the easiest way to get around their suspect's careful use of full-disk encryption and strong passphrases on his Iphone was to trail him until he made a call, then "mug" him by snatching his phone and then tasking an officer to continuously swipe at the screen to keep it from going to sleep, which would reactivate the disk encryption.
It's an elegantly simple countermeasure, and one that we're sure to see — for example — practitioners of corporate espionage and nation-state spying deploy. What countermeasure would you use to defeat it? A dead-man's switch for high-risk users that prompted users to enter a passphrase every five minutes? I can see how that would get old pretty fast.
Undercover surveillance officers trailed Yew and waited for him to unlock his phone to make a call – thereby disabling the encryption.
One officer then rushed in to seize the phone from Yew's hand – just as would happen in a criminal mugging. As his colleagues restrained the suspect, the officer continually "swiped" through the phone's screens to prevent it from locking before they had downloaded its data."The challenges of pin code access and encryption on some phones make it harder to access evidence in a timely fashion than ever before," said Det Ch Insp Andrew Gould who led the operation.
"Officers had to seize Yew's phone from him in the street. This evidence was crucial to the prosecution."
Phone encryption: Police 'mug' suspect to get data
[Dominic Casciani and Gaetan Portal/BBC]
(via Techdirt)