Comment

Comment on Leaked Cellebrite Tool Docs Reveal List of Phones That Can Be Unlocked

Adanisi@lemmy.zip ⁨3⁩ ⁨months⁩ ago

Use a long password and you’ll be immune from their before first unlock brute force.

Passcodes are trivial to break.

source

Sort:hotnew top

underisk@lemmy.ml ⁨3⁩ ⁨months⁩ ago
They’re exploiting vulnerabilities and back doors not brute forcing your passcode. The only way you’re keeping them out is with hardware encryption which the iPhone has and why it’s apparently the only one not vulnerable. Hardware encryption also won’t matter if your vendor shares their keys with law enforcement which as far as I’m aware Apple is the only one that has been taken to court for refusing.

Don’t put anything incriminating on your phones.

source
- Adanisi@lemmy.zip ⁨3⁩ ⁨months⁩ ago
  In a before-first-unlock state they absolutely are bruteforcing, since the filesystem is encrypted. The exploits are for bypassing the retry limit in that case.
  
  source
- fmstrat@lemmy.nowsci.com ⁨3⁩ ⁨months⁩ ago
  Huh? None of this makes sense to me. Apple and Google do not have encryption keys for your device, regardless of hardware or software. When your phone is unlocked, the key and/or hash is in memory, and may be key wrapped, regardless of hardware or software. iOS is listed as vulnerable to the attacks, minus the latest devices and versions, which is pretty much the norm with lagging development. Same woth latest Pixels. Where are you getting this info from?
  
  source
  - underisk@lemmy.ml ⁨3⁩ ⁨months⁩ ago
    
    The Secure Enclave is a component on Apple system on chip (SoC) that is included on all recent iPhone, iPad, Apple Watch, Apple TV and HomePod devices, and on a Mac with Apple silicon as well as those with the Apple T2 Security Chip. The Secure Enclave itself follows the same principle of design as the SoC does, containing its own discrete boot ROM and AES engine. The Secure Enclave also provides the foundation for the secure generation and storage of the keys necessary for encrypting data at rest, and it protects and evaluates the biometric data for Face ID and Touch ID.
    
    support.apple.com/guide/security/…/web
    
    The FBI wanted access to Apple’s encryption keys which they use to sign their software which would let them bypass these features. They don’t have ‘your’ encryption keys, they have their own that the FBI wanted to use to bypass these features. They eventually dropped it because they found a zero day exploit which apple fixed in later versions. That is why the newer phones aren’t vulnerable.
    
    en.wikipedia.org/…/Apple–FBI_encryption_dispute
    
    source
    fmstrat@lemmy.nowsci.com ⁨3⁩ ⁨months⁩ ago
    Familiar, but based on your first comment about the benefits of hardware encryption over software encryption, and thus iOS being better than Android, perhaps you’re misinterpretting the specifics?
    
    For the first point, the SE only stores keys at rest. The keys and hashes are still in memory when booted, otherwise the device wouldn’t be able to function. This works the same as software encryption, the key itself is just encrypted and stored on “disk” instead of in flash when off.
    
    For the second, Apple’s software signing keys would not give the FBI access to a device. There is nothing to “turn over”. The signing of new software to bypass the lock was to remove the 10 retry reset. As above, there is no benefit to hardware encryption over software here.
    
    The benefit hardware encryption brings is potential speed (which is certainly valuable, but not necessarily more secure or harder to crack).
    
    source
    -> View More Comments
fmstrat@lemmy.nowsci.com ⁨3⁩ ⁨months⁩ ago
Incorrect. Read the links.

source