DriveSavers, one of the top two data recovery businesses in the US, has just announced an awesome new feature. The ability to recover data from a password disabled iPhone or Android device…of course, that infers the ability to bypass your phone’s encryption.
There are a lot of great uses for this new service. Despite being able to sync your phone data with services like iCloud or Dropbox, there are always going to be at least a few notes, contacts or photos that ONLY exist on your phone. And some of these are bound to be important to you professionally or personally.
If you’re like me, you password protect your phone. And, if you’re extra careful, you’ll have your phone set to permanently block access to your data (usually by erasing) if someone enters the password incorrectly multiple times. This is a smart move in case your phone is stolen, for example.
But it’s not uncommon to disable access to your phone by mistake. I have quite a few friends with young children, and well, let’s just say that some of them have learned not to leave their phones lying around the hard way. My wife and I used to have the exact same phone and I’ve punched in my passcode on her phone more than a few times. Never to the extent that I’ve locked up the phone, but you get the picture.
Another scenario that comes up is a phone belonging to a deceased loved one. Of course you’d want access to one of their most personal possessions, but if there’s a password on there, you’re out of luck, right?
Well not anymore. DriveSavers hasn’t publicized it much, but they announced the new service in an email newsletter.
OK, that all sounds good right? Well….in those particular scenarios, sure. But Apple and other hardware manufacturers have gone to pains to make sure that the encryption on those devices is secure from everyone except the owner. Apple purposely did not include a back door because they didn’t want to be able to invade your privacy that way. If the government asks, they can honestly say they don’t have access and that’s the end of that.
Law enforcement officers certainly have valid reasons to access private data, and they have a lot of ways to do that. However, they’re not happy that hardware manufacturers (possibly in the wake of Snowdengate) are making it harder to bypass personal data security.
However, with this new service, it sounds like there’s a way around the encryption on our mobile devices. And that is very scary. Oh, and don’t bother trotting out that tired cliché - If you aren’t breaking the law, you have nothing to hide. Just because I’m not doing something illegal doesn’t mean I want someone to be able to paw through my personal data.
How Does It Work?
Short answer? They’re not saying. They don’t ever state that they can bypass the encryption, but that seems to be the result. You give them a phone, even one that has been password disabled, and they may be able to give you the data.
I’ve used their services before, and they’re great. Generally, they give you a price range for what it will cost (usually dependent on how much work they have to do) and they’ll give you whatever they can recover. It is NOT cheap. But if you absolutely, positively have to have the data…these are the guys to go to.
Now with their regular hard drive service, they have this whole clean room setup where guys in bunny suits actually take apart your drive if necessary.
With their phone data recovery however, the process is non-destructive so if you send them a working phone, you get a working phone back along with a drive with the recovered data.
If you’ve managed to password disable your phone and there’s data that you have to have, it’ll cost you anywhere from $800-$2300 for their standard service.
Of course, assuming the NSA doesn’t already have this ability, there’s nothing stopping law enforcement agencies from using DriveSavers either.