A low tech solution to a high tech problem

Det. Zach NeemannLast month, Det. Zach Neemann, one of our customers in the Deschutes County (Oregon) Sheriff’s Office Digital Forensics Lab, was attempting to analyze a Samsung Galaxy SIII SGH-I747 GSM AT&T cellular telephone running Android V 4.0.4. Even though USB debugging was enabled, during physical and file system extractions, the UFED Touch would disconnect after about a minute of the screen being timed out.

Neemann assumed it was because the phone was going to “sleep” or “hibernation” mode. As long as he continued to touch the screen every few minutes, the phone did not go to sleep and the imaging continued. “However, I really did not want to sit there for the next two to three hours, touching the screen,” he told us.

An in-depth examination of the Accessibility, Security, Battery, Power Saving, Display and other settings showed no feature to keep the phone awake. Neemann could turn off the screen lock, but the screen timeout limit was 10 minutes, and this model—unlike others—did not have the option to disable the screen lock permanently.

Tricking a Samsung Galaxy S3's Smart StayFacing the possibility that he would have to keep touching the screen every 10 minutes for the next two hours, Neemann located a feature called “Smart Stay” which stated that it would disable the screen timeout if the device detected that the user’s face was watching the screen. “At this point I took a picture of myself with my phone, and printed it,” he said. “Then I taped it to the back of my chair, propped the phone up and set the screen timeout to 30 seconds.

“While observing the phone I found that an eye icon appear in the task bar every thirty seconds,” Neemann said. “This appeared to look for my face and then disable the screen time out.  I was then able to capture the entire physical image without the cell phone going to sleep. The imaging process worked perfectly, after this fix.”

Tricking a Samsung Galaxy S3's Smart ScanThe following morning, Neemann did further testing with the Samsung phone. He learned that the facial sensor comes on in designated intervals, anywhere from every 15 seconds to 10 minutes depending on how the user configures it.

“We removed the photo and pointed it to the back of the chair, to a white background, to a beige background and to a black background,” Neemann told us. “We also tried just the back of the hand and a combination of a white background with black square in the middle. It did NOT work for any of those backgrounds. The only way it properly recognized the facial pattern was to point it toward an actual picture.”

Fortunately, the device wasn’t so picky that it would only work on one face: Neemann tested it with images of two different males and one female, and all of them prevented the screen from timing out.

Have you ever tested your way out of an especially tricky problem with a mobile device? Leave us a comment!