31 October 2024
Current phones are nearly impossible to investigate without the owner’s permission. Security measures are personalized, and it often requires the owner's help to retrieve usable data. 'Which is hardly ever available for court cases, suspects will off course not be very helpful in providing access to phones. Or in some cases the owner could already be deceased.'
Traditional methods of hacking or scraping data from phones still often yield only encrypted data. 'Researchers then face great difficulty making that encrypted data usable," Fukami says. "It’s a process that also takes a long time and doesn’t always result in usable evidence.'
To overcome this, Fukami explored ways to bypass vulnerabilities in phone system security. She succeeded. 'Through exploiting the security mechanism implemented in common memory systems used in popular smartphones, we could access the hidden information, which can be used to decrypt the encrypted contents.
Research like this is necessary, given several developments. 'Phones not only have much better security now, but they also have much larger memory than, say, ten years ago.' Additionally, manufacturers' attitudes towards governments have shifted, with a 2015 case between the FBI and Apple marking a critical turning point.
In this case, Apple refused to give the FBI access to bypass iPhone security systems despite multiple requests. In the end, the FBI succeeded in braking into the case phone with the help of a third-party. Therefore, the court case was dropped at the last minute. Fukami: 'However, this case sparked a world-wide discussion over privacy against national security.'
According to Fukami, cases like these highlight that investigators often lag behind criminals, especially in a world where product technology is advancing rapidly. She advocates for proactive research in forensic science on security systems. 'What is a breakthrough now will be outdated in a year, so it’s important to keep thinking about countermeasures we can put in place.'
'Forensic science has traditionally focused on retrieving raw data from phones', says Fukami. 'I believe a hacker-like approach is beneficial in these situations. Data from phones is playing an increasingly important role in the courtroom. With these kinds of proactive approaches, we ensure that crucial evidence from a phone can more often be effectively used as evidence.'