Federal investigators are analyzing device’s content, although it is unclear how agency gained access

The FBI has gained access to the phone of the suspected gunman who opened fire on Donald Trump’s rally and is analyzing the device’s contents, the agency stated in a press release on Monday afternoon. The shooting, which killed one audience member and left Trump bleeding from one ear, is being investigated as an assassination attempt.

Authorities have been working to determine the motive behind the attack at Trump’s campaign rally on Saturday, but no clear picture has yet emerged. The gunman, identified as 20-year-old Thomas Matthew Crooks by the FBI, was shot and killed in the incident.

Federal investigators announced on Sunday that they had obtained Crooks’s cellphone, but had issues with bypassing its password protections to access the data within. FBI investigators then shipped the phone to a lab in Virginia, where agents successfully gained access, per the bureau’s press release.

  • SpacePirate@lemmy.ml
    link
    fedilink
    arrow-up
    20
    ·
    edit-2
    5 months ago

    It does when you have physical access to the RAM and storage, and a disassembly lab expressly configured for this purpose.

    This is the backbone for a number of forensic services offered to law enforcement, and an entire cottage industry. I know with certainty it was still feasible as of the iPhone 12, which is well inside of 15 years. I don’t believe the architecture in the 13 or 14 has changed significantly to make this impossible.

    With slightly earlier phones, tethered jailbreaks are often good enough, though law enforcement would more likely outsource to a firm leveraging Cellebrite or Axiom as the first step.

    • OutsizedWalrus@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      5 months ago

      No, it doesn’t. This is what the Secure Enclave is for.

      You’re not storing these counters in system memory. You’re sending attempts to an isolated chip.

      • stetech@lemmy.world
        link
        fedilink
        arrow-up
        11
        ·
        edit-2
        5 months ago

        Yes, it does, if they have full access to the disassembled hardware and assuming research time & resources they could do practically anything. Such as emulating the Secure Enclave chip with a “fraudulent” version, changing all firmware running on any semiconductors in the phone, isolating storage, I don’t know the details, but let your imagination loose.

        Physical, uninterrupted access is unlikely, yet bad news for anyone’s threat model.

        • experbia@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          not only physical access, but the authority to get any information necessary from the manufacturers of every component in the device. there is no question to them how any component operates, from silicon to software.