[HN Gopher] Re-Victimization from Police-Auctioned Cell Phones
___________________________________________________________________
Re-Victimization from Police-Auctioned Cell Phones
Author : impish9208
Score : 94 points
Date : 2023-05-16 12:39 UTC (10 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| dml-at-umd wrote:
| I'm Dave Levin, one of the authors of this study. Happy to answer
| any questions!
| aidenn0 wrote:
| First of all, it's great that you were able to effect change
| here. It's a bit of a shame that that part wasn't mentioned in
| TFA until the last paragraph.
|
| Are there lots of other companies that might be selling unwiped
| phones from civil forfeiture, or does PropertyRoom run most of
| the market?
| ryandrake wrote:
| At least on the iOS side, where phones are locked to a particular
| user's AppleID, how useful are one of these phones bought at
| auction? I'd guess they're only useful for harvesting the
| previous owner's content and for parts.
| pjscott wrote:
| The problem is that about 20% of the phones in the study had
| the passcode disabled, and another 5% had easy-to-guess
| passcodes.
| ryandrake wrote:
| Even with the device's passcode though, AFAIK you can't just
| re-assign the phone to your own AppleID without the previous
| owner AppleID releasing it.
|
| EDIT: ...only if the previous user opted in to Activation
| Lock[1]
|
| 1: https://support.apple.com/en-us/HT201365
| tedunangst wrote:
| But you can open the photos app and look at all the drivers
| licenses they've collected.
| ThePowerOfFuet wrote:
| Activation Lock is enabled when Find My is enabled, and
| when you sign into iCloud this is enabled by default.
| jrm4 wrote:
| This is the sort of thing that confirms the idea that Apple and
| the Android phone manufacturers get away with WAY too much. If
| their business model involves taking and using and processing
| THIS MUCH personal information, they should be held to a
| significantly higher standard of care. Stolen phones should
| mostly not exist, and this problem _definitely_ simply shouldn 't
| exist. This 100% ought to be on them.
| SuperShibe wrote:
| Bot answer
| pjscott wrote:
| So, to be clear: the police stole a bunch of phones, some of
| which had the passcode disabled, and sold them without wiping
| the data... and you place the blame on the phone manufacturer?
| The only people in this story who _haven 't_ messed up, and the
| only ones who made an effort to protect the user's privacy?
| astura wrote:
| What?
| ThePowerOfFuet wrote:
| >"We informed them of our research in October 2022, and they
| responded that they would review our findings internally," Levin
| said. "They stopped selling them for a while, but then it slowly
| came back, and then we made sure we won every auction. And all of
| the ones we got from that were indeed wiped, except there were
| four devices that had external SD [storage] cards in them that
| weren't wiped."
|
| Well at least it seems to have a happy ending.
| xkcd1963 wrote:
| So wait, you are being paid by the state to seize private
| property, and then you sell it for profit?
| open592 wrote:
| Never heard of PropertyRoom.com - but from a quick look at the
| "Police Auctions" it just looks like a legalized market for
| stolen goods haha. I mean they have a bundle of ~10 "used" bikes.
|
| Why try to find the owner of stolen goods, when you can just put
| it online and sell it youself...
|
| Guessing they hold it for a certain amount of time before selling
| it.
| dingusdew wrote:
| All I have to say is that it shouldn't just be a process to wipe
| data, but it should be that if you _don 't_ wipe data, and it
| includes data about people who are not yourself, that selling it
| without wiping it should be considered a criminal act of
| negligence.
|
| Of course the US couldn't give one shit about that. Our privacy
| laws are fucking bullshit.
| vuln wrote:
| What about shadow volumes? Encrypted hidden data?
|
| How about a criminal act of negligence to sell anything that
| _can_ at one point or another store data. Then we can just
| destroy all of these electronics as the _climate change
| warriors_ cry about that too.
|
| I swear there is no good outcome. Everyone will find something
| to complain about and suggest laws and jail time to prosecute
| the behavior while others are screaming to defund police and
| that the US incarceration rate is too high.
|
| Unless they're CEOs or "rich" then we can send them all to jail
| based on public opinion.
| burnished wrote:
| If it was hidden or inaccessible it seems obvious that you
| have no longer acted negligently.
| ChoGGi wrote:
| Anyone know of the equivalent PropertyRoom.com for Canada?
| morkalork wrote:
| If you live in a large municipality, check out their website.
| Lots of weird stuff for sale like old police cruisers.
___________________________________________________________________
(page generated 2023-05-16 23:01 UTC)