Bypassing Phone Security through Social Engineering
Khan was arrested in mid-July 2015. Undercover police officers posing as company managers arrived at his workplace and asked to check his driver and work records, according to the source. When they disputed where he was on a particular day, he got out his iPhone and showed them the record of his work.
The undercover officers asked to see his iPhone and Khan handed it over. After that, he was arrested. British police had 30 seconds to change the password settings to keep the phone open.
Reminds me about how the FBI arrested Ross William Ulbricht:
The agents had tailed him, waiting for the 29-year-old to open his computer and enter his passwords before swooping in.
That also works.
And, yes, I understand that none of this would have worked with the already dead Syed Farook and his iPhone.
Clive Robinson • April 7, 2016 7:00 AM
@ Bruce,
And I suspect it will not work the same way again with other live suspects.
The thing about social engineering is it generaly works against those who have no knowledge of the particular attack, and generaly have no reason to be suspicious.
It works rather less well against those who are either naturaly suspicious or have reason to be suspicious.
I suspect that after the SB incident many of those under suspicion have changed their habits and will have got themselves second phones etc, thus keeping their “work phone” clean.
Further I expect the smarter ones will also now consider all Smart Phones to be insecure, after both SB and the Mexican Tunnel King.
Which all things considered is probably a good thing.