Federal investigators are analyzing device’s content, although it is unclear how agency gained access

The FBI has gained access to the phone of the suspected gunman who opened fire on Donald Trump’s rally and is analyzing the device’s contents, the agency stated in a press release on Monday afternoon. The shooting, which killed one audience member and left Trump bleeding from one ear, is being investigated as an assassination attempt.

Authorities have been working to determine the motive behind the attack at Trump’s campaign rally on Saturday, but no clear picture has yet emerged. The gunman, identified as 20-year-old Thomas Matthew Crooks by the FBI, was shot and killed in the incident.

Federal investigators announced on Sunday that they had obtained Crooks’s cellphone, but had issues with bypassing its password protections to access the data within. FBI investigators then shipped the phone to a lab in Virginia, where agents successfully gained access, per the bureau’s press release.

  • Maeve@kbin.earth
    link
    fedilink
    arrow-up
    89
    arrow-down
    3
    ·
    4 months ago

    Something sus about how quickly they can unlock phones when it’s attempted murderer killed dead and murder victims killed dead.

    • TeddE@lemmy.world
      link
      fedilink
      arrow-up
      92
      arrow-down
      1
      ·
      4 months ago

      Cracking a phone is pretty doable. Cracking phones in a way that will hold up in a court trial, much more formal.

      • MegaUltraChicken@lemmy.world
        link
        fedilink
        arrow-up
        10
        arrow-down
        3
        ·
        4 months ago

        I would definitely not call Cellebrite an “easy GUI” and they definitely don’t get into most devices. Ive seen devices take months to unlock, if ever.

      • Blaster M@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        4 months ago

        Cellebrite machines were used to copy contacts and messages and call logs from one phone to another, back in the day before Android and iPhone. There was little to no security on dumb phones back then… and you still needed the customer to put the PIN in and unlock their phone before using the Cellebrite. They came with a million different kinds of USB -> phone proprietary adapters, because mini and microUSB hadn’t bee adopted yet as a standard.

        Source: I used to do this sort of thing on a Cellebrite.

    • SpacePirate@lemmy.ml
      link
      fedilink
      arrow-up
      26
      arrow-down
      3
      ·
      4 months ago

      Most phones are locked with a four digit numerical PIN. The current technique is taking an image of the flash memory, and reflashing the memory after every few attempts.

      It still takes a bit longer than straight brute force without a temporal lockout, but it’s still pretty trivial.

      • saltesc@lemmy.world
        link
        fedilink
        arrow-up
        15
        ·
        4 months ago

        If it was biometric login, even easier. Would’ve gotten in before thebody even got cold.

        • SpacePirate@lemmy.ml
          link
          fedilink
          arrow-up
          22
          ·
          edit-2
          4 months ago

          It does when you have physical access to the RAM and storage, and a disassembly lab expressly configured for this purpose.

          This is the backbone for a number of forensic services offered to law enforcement, and an entire cottage industry. I know with certainty it was still feasible as of the iPhone 12, which is well inside of 15 years. I don’t believe the architecture in the 13 or 14 has changed significantly to make this impossible.

          With slightly earlier phones, tethered jailbreaks are often good enough, though law enforcement would more likely outsource to a firm leveraging Cellebrite or Axiom as the first step.

          • OutsizedWalrus@lemmy.world
            link
            fedilink
            arrow-up
            6
            arrow-down
            3
            ·
            4 months ago

            No, it doesn’t. This is what the Secure Enclave is for.

            You’re not storing these counters in system memory. You’re sending attempts to an isolated chip.

            • stetech@lemmy.world
              link
              fedilink
              arrow-up
              11
              ·
              edit-2
              4 months ago

              Yes, it does, if they have full access to the disassembled hardware and assuming research time & resources they could do practically anything. Such as emulating the Secure Enclave chip with a “fraudulent” version, changing all firmware running on any semiconductors in the phone, isolating storage, I don’t know the details, but let your imagination loose.

              Physical, uninterrupted access is unlikely, yet bad news for anyone’s threat model.

              • experbia@lemmy.world
                link
                fedilink
                arrow-up
                4
                ·
                4 months ago

                not only physical access, but the authority to get any information necessary from the manufacturers of every component in the device. there is no question to them how any component operates, from silicon to software.

      • Maeve@kbin.earth
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        I shouldn’t have, but I smiled.

        I should clarify: I meant that if they’re law enforcement does the killing, cracking the phone takes much less time than it does when the phone belongs to the murder victim.

      • Warl0k3@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        If I remember right, samsung/iphone face unlock won’t work on a corpse since it relies (at least in part) on infrared constellations that incorporate patterns formed by subdermal capillary networks and death obviously disrupts those.

        • Skydancer@pawb.social
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          edit-2
          4 months ago

          At the nation-state level with an ex-president target, pumping heated liquid through the arteries of a dead body isn’t much of an obstacle.

          Probably not actually what they did, but seriously people - a single biometric security factor is not going to secure anything when a government has the body and actually cares about getting in.

    • Fugtig Fisk@feddit.dk
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      4 months ago

      Dude… my niece can unlock my phone while i sleep by putting my finger on the sensor.

      I wouldn’t be surprised if it would recognize my face while sleeping too

    • tiredofsametab@kbin.run
      link
      fedilink
      arrow-up
      19
      arrow-down
      1
      ·
      4 months ago

      I get the feeling I’m the only person who doesn’t use fingerprint readers (due to this and just some bad experiences with them not working right in their earlier days on phones).

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      4
      ·
      4 months ago

      It says they had to send the phone to a lab in Virginia, so obviously not.

      • piecat@lemmy.world
        link
        fedilink
        arrow-up
        35
        arrow-down
        1
        ·
        4 months ago

        So you cut off the thumb and ship it

        Or make a casting

        There’s a million ways they could do it

        • RvTV95XBeo@sh.itjust.works
          link
          fedilink
          arrow-up
          31
          arrow-down
          1
          ·
          4 months ago

          Or you load the whole body into your passenger seat and drive it over there. Bonus points that this approach lets you use the carpool lane.

          • uhmbah@lemmy.ca
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            4 months ago

            “We could call the cops, Richard, but you know where we’d be spending our weekend. In some… goddamned hot police station answering questions we don’t know the answers to.”

        • absquatulate@lemmy.world
          link
          fedilink
          arrow-up
          9
          arrow-down
          1
          ·
          4 months ago

          Walter:
          You want a toe? I can get you a toe, believe me. There are ways, Dude. You don’t wanna know about it, believe me.

          The Dude:
          Yeah, but Walter…

          Walter:
          Hell, I can get you a toe by 3 o’clock this afternoon… with nail polish.

  • BaroqueInMind@lemmy.one
    link
    fedilink
    arrow-up
    34
    arrow-down
    4
    ·
    edit-2
    4 months ago

    Anyone know what kind of phone they reported they cracked? This should bring fear to anyone who cares even a little about privacy.

    Otherwise, it will become normal to question why you take a shit with the door closed (what are you hiding in there?) slippery slopes and what-not.

    • JakJak98@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      Do you mean like an eye tracking system for headsets in wt? I’ve always just used vr if I wanted that capability.

    • Kanzar@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Yeah FRP unlock for a while was definitely bypassable on several phones, I unlocked a few that way. Not sure if it is still possible now, haven’t bothered tinkering. 😅

  • brbposting@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    28
    ·
    4 months ago

    Investigators couldn’t get in with 1234, so they shipped it to their lab to try 5678

    Wonder if this was one of the latest flagships or something older

    • PunnyName@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      4 months ago

      Look, we have a bastardized version of right to self repair, so they should just give it back to the owner. He might have problems fixing it, but still.

    • tacosplease@lemmy.world
      link
      fedilink
      arrow-up
      13
      ·
      4 months ago

      If he had fingerprint unlock it would be pretty easy to get in considering they have access to his fingers. Facial recognition… less successful in this case.

      • ImADifferentBird@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        10
        ·
        4 months ago

        Most phones actually require pin/password on boot, and only let you use fingerprint/face unlock to unlock later in the session, as a security feature. So if he turned his phone off, even that wouldn’t work.

        • EatATaco@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          4 months ago

          On my pixel the pin required lock is up vol and power > lockdown.

          • PsychedSy@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            Lmao. I don’t restart enough to have realized that’s an option. My failsafe was to chuck it so it restarts…

            I do have my Nexus One hanging out somewhere in storage. Had to know all the tricks back then.

            • EatATaco@lemm.ee
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              4 months ago

              This comes up every so often and it was something I learned during the same conversation, so I always just pass it along.

              For me the fingerprint unlock is just too convenient to not use, but it’s nice to know I can lock down my phone quickly if I need to.

  • FireTower@lemmy.world
    link
    fedilink
    arrow-up
    14
    arrow-down
    2
    ·
    4 months ago

    Crooks, who left behind no immediately available manifesto or record of the attack, unlike many other modern assassination plots or mass shootings. He was registered as a Republican voter and donated $15 to a Democratic-allied organization but did not maintain a large online presence.

    Well this is thoroughly unhelpful.

  • serenissi@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    unless brute force was done, it might be a cold boot, usb exploit or bootloader exploit by physically accessing the storage.