To Access Trayvon’s Phone

Today at The Last Refuge I went over what it would take in order for one to access Trayvon’s phone and thought it worth repeating here. You can of course click on the link above and read the comments of the process I went through or read on here. First I will get to the main point then I will explain some of technological aspects and some of the story behind the phone.

UPDATE (Dec 7, 2012): On May 1st there was a subpoena issued to Google for any and all stored data and password access assistance for Trayvon’s phone. All that was said was “No results were obtained”. That is too vague to know what is meant. I am not sure what went wrong but it should be very simple for Google to provide investigators with Trayvon’s Sign In and Passord to get passed the Pattern Lock. There is a slight chance a G-Mail account was never put on the phone to begin with but from what I understand that is a very small possibility.
http://184.172.211.159/~gzdocs/documents/1112/discovery9/fdle_reports_may.pdf

UPDATE (Dec 2, 2012): It did not occur to me until today, upon reviewing the Oct 19 hearing again, but the judge granted a subpoena, at that date, for T-Mobile in Trayvon’s name in regards to O’Mara’s motion here, paragraph I.
http://www.flcourts18.org/PDF/Press_Releases/Motion%20For%20Order%20Issuing%20Subpoena%20Duces%20Tecum.pdf
There are a couple of potential problems here. First is that the phone is in Tracy’s name, not Trayvon’s so I don’t know how that would affect anything at T-Mobile. The second thing is that if the phone is PIN or Password locked then this is the proper entity to subpena however if it is Pattern locked then the subpoena has to go to Google. If all went well though O’Mara may have, since Oct 19, already gained access to the internal memory of the phone.

Straight to the point version: Trayvon’s phone may be locked with a pattern lock. All one needs to do to access Trayvon’s phone without knowing the pattern lock is to access the G-Mail account or do a G-Mail account recovery after which they will be able to reset the pattern lock and access the phone. If no G-Mail account was ever assigned on the phone it is impossible to bypass the pattern lock, well maybe. It might be hackable.

Now the long version.

First let’s keep in mind that there has been no evidence brought to bear that shows us that the phone found at the scene belongs to Tracy Martin. The strongest evidence we have that shows us that is Travyons phone is the 911 Call that was placed from it on March 2 at 12:45pm and the subsequent call backs from the Sanford Police Department. This matches the Property and Evidence Chain of Custody (p.41) of the phone that was reviewed on March 2 at 12:12pm and returned into evidence at 1:07pm. This may have been either Singleton or Santiago dialing 911 to retrieve the cell phone number. So we will proceed as though it is in fact his phone.

There is very little known to us about the investigation of the phone in the police reports. Page 16 and 17 of the first released reports tells us the following from Santiago’s March 2nd report and March 6th report;

From Santiago’s March 2nd report;
Feb 26
I noticed a black cell phone near the area of Martin. I then contacted Agent Shor from CCIB to my location and asked him to bring the celabrite device, a device that is used to download cell phone information. Upon Agent Shor’s arrival he told me that he could not download any information because the cell phone battery was either very low or was not operable because the cell phone had gotten wet because of the current weather condition (wet and rain).

February 28
I spoke with SA Carter who told me we did not need a search warrant. I had CST Smith take the cell phone to the Seminole County Sheriff’s Office to see if they could download the cell phone.

March 1
I was contacted by the supervisor from the Seminole County Sheriff’s Office that they could not do anything with the cell phone other than download what was on the memory chip because they did not have the password.

On March 2
I contacted via email and asked Sgt. Ciesla to recover the phone back from the Seminole County Sheriff’s Office.

Now from Santiago’s March 6th report;

March 1
I was contacted by the supervisor from the Seminole County Sheriff’s Office that unless they had the swipe code they could not access the victims cell phone.

March 2
Inv. Singleton contacted a representative from T-Mobile who told her if the Sanford Police Department obtained the cell phone number and the pin number to the account they would be able to access the swipe code on the cell phone.

March 5
I contacted Mr. Martin(victims father) via cell phone and asked if I could obtain the pin number from the victims cell phone. Mr. Martin stated he would have to contact his lawyer before releasing that information.

—End Reports—

From the Property and Evidence Chain of Custody

March 9th
The phone was moved out of evidence for review by Sgt. Kent of the Seminole County Sheriff’s Office at 9:13 am and returned that same day at 4:00 pm. (We do not have this report)

March 20th
The phone was moved out of evidence by JDB of the FDLE at 9:23am where apparently it remains to this day.(We do not have any reports from the FDLE on the phone aside from a latent print report (p.119) that was cancelled before the print test was done.)

As far as actual released reports goes of investigation into the phone itself that is all we have.

We are told by Mark O’Mara that the FLDE investigation into the phone brought the same problem the SPD and SCSO had. They were unable to access the internal memory of the phone beyond the SIM card. However there is a problem. We don’t know exactly why they can’t access the phone. The terminology they use is odd. At first Santiago says the SCSO can’t access the phone because they do not have the password. Then in his other report Santiago tells us the SCSO can’t access the phone because they do not have the swipe code. Then he says when calling Tracy he is looking for the PIN number. O’Mara says the FDLE said “passcode”. This is all very confusing; password, swipe code, PIN number, passcode, none of it makes sense really.

The phone is a T-Mobile, model #U8150-A, known as Ideos/“Comet” and manufactured by Huawei.
http://www.huaweidevice.com/resource/mini/201008174756/ideos/products.html
http://en.wikipedia.org/wiki/Huawei_IDEOS_U8150

This phone does have what’s known as a pattern lock option.

I believe it also has a PIN lock option as well(update: there’s also a password option). These are three separate ways to lock the phone from access. But from the terminology used in the reports it’s difficult to say which method was used to lock the phone. It’s important to differentiate because the method for bypassing each is different for either lock.

In order to bypass a pattern lock, the phone has to have a G-Mail account on it. If it does not I am told it is impossible to bypass the pattern lock without resorting to a master reset of the phone which would result in erasing all of the information on the internal memory. This is from the Huawei website;

If you lose the screen lock password. If you have already created a
Google account, you can unlock your mobile phone by the following methods.
• After you have entered the wrong sequence five times, a Forgot pattern? button will appear. Touch this button to enter the Google account interface. After you have entered your Google account password, you will be able to reset the unlock pattern.
• After you have entered the wrong pattern twenty times, you will be taken directly to the Google account interface. After you have entered your Google account password, you will be able to reset the unlock pattern. If you have not created a Google account, the phone will be permanently locked and unusable.

http://www.huaweidevice.com/worldwide/faq.do?method=index

However there is the possibility of bypassing the pattern lock by hacking although this also may result in damage or loss of information. But I am also told that bypassing the phone lock may not be so difficult after all.

So let us assume there is a G-Mail account on the phone with a pattern lock. The phone itself will give you the option if you don’t know the pattern lock to reset it. In order to do this you have to access the G-Mail account which requires a Username and Password.

Here is a video explaining the process of setting, using and resetting a pattern lock;

It’s unlikely that Tracy Martin knows the username to Trayvon’s G-Mail account though it could be he does. At this point then all one would need to do is ask Tracy for Trayvon’s G-mail username. But let’s say no one knows it. In that case all one has to do is go to G-Mail’s account recovery service to get the user name. However, when you do this they will ask you to enter the Email address that you used to register the G-Mail account. So at this point one would need to get Trayvon’s email account and password in order to retrieve his G-Mail user name. Once they have the G-Mail user name they can reset the password. After that they will be able to bypass the pattern lock.

If however the efforts to obtain Trayvon’s Email account information are thwarted by friends and/or family then that leaves only two options that I can think of which is either a court order demanding it or a court order to Google to access the G-Mail account.

If the phone is locked with a PIN lock instead of a pattern lock then the process is much simpler. All they would need is for Tracy to contact T-Mobile and have them give him what’s called a PUK number which when entered into the phone one will be able to access it. (Update: If it is password locked T-Mobile can also help with that) If however these efforts are again thwarted then we are back to court orders and hacking.