Well they might charge you with “Obstruction of Justice” instead. Then plug it in some cellebrite device and boom, unlocked.
Best way to not have to deal with stuff like this is just to not have the incriminating evidence in the first place. If you are, for example, doing a protest, only chat with contacts in a safe place, then wipe chat logs every time, any data you wish to keep should be encrypted then uploaded anonymously via VPN/Tor and wiped from local storage. Hide the fact that such data exists so you wouldn’t have a scenario where the government is trying to get you to give them the data, since they dont even know what data exists. Plausable deniability.
Edit: Those apps I’ve linked is still a good idea since “Destruction of Evidence” is probably a lesser charge than something like “Rioting”.
That’s what they say. I mean the news literally base this off the FBI’s own words, so there’s no way for us to tell if they actually manage to break the encryption but then turns around that say “the encryption is too strong”. Besides, iOS is closed source.
Intelligence agencies have made this “Anom Phone” that is this supposed encrypted phone that drug dealers and various criminals used to communicate, turned out to be a honeypot.
One is where they sell the cellebrite device to law enforcement.
Another where the cellebrite device remain in control of cellebrite, and law enforcement has to send the phone to cellebrite.
Unless you actually work for cellebrite and got access to their more advanced tools, which then I doubt they would let you share the details of since that must be breaking some non-disclosure agreement.
There are attacks where rather than trying to crank the password you just capture the hash which is stored in memory somewhere and then using a tool that lets you bypass the standard login inject that hash into the app, totally bypassing the UI interface and the password hashing algorithm.
The app sees the hash is correct and isn’t aware that the information has been input via nonstandard methods, and so allows access.
The attacker still doesn’t have a clue what your password was, but they don’t need to. Interestingly enough this means that every time they want access to your data they have to do this because they don’t have a way of actually changing the password or finding out what it was.
Just because the phone is encrypted doesn’t mean there’s not an exploit that makes it easier to bypass or extract the passphrase. Celebrite is unfortunately pretty good at attacking out of support phone and breaking into them.
Use a modern, supported OS on a device put out by a trusted vendor and you’re probably ok. But old software/hardware makes it much easier to bypass.
Well they might charge you with “Obstruction of Justice” instead. Then plug it in some cellebrite device and boom, unlocked.
Best way to not have to deal with stuff like this is just to not have the incriminating evidence in the first place. If you are, for example, doing a protest, only chat with contacts in a safe place, then wipe chat logs every time, any data you wish to keep should be encrypted then uploaded anonymously via VPN/Tor and wiped from local storage. Hide the fact that such data exists so you wouldn’t have a scenario where the government is trying to get you to give them the data, since they dont even know what data exists. Plausable deniability.
Edit: Those apps I’ve linked is still a good idea since “Destruction of Evidence” is probably a lesser charge than something like “Rioting”.
Cellebrite struggles with iPhones already, this reboot is part of the cat and mouse game they’re playing
That’s what they say. I mean the news literally base this off the FBI’s own words, so there’s no way for us to tell if they actually manage to break the encryption but then turns around that say “the encryption is too strong”. Besides, iOS is closed source.
Intelligence agencies have made this “Anom Phone” that is this supposed encrypted phone that drug dealers and various criminals used to communicate, turned out to be a honeypot.
I’ve used cellebrite before.
Anecdote of 1 for you, iOS is a pain in the ass.
There are different versions.
One is where they sell the cellebrite device to law enforcement.
Another where the cellebrite device remain in control of cellebrite, and law enforcement has to send the phone to cellebrite.
Unless you actually work for cellebrite and got access to their more advanced tools, which then I doubt they would let you share the details of since that must be breaking some non-disclosure agreement.
Cellebrite? I don’t think that’s how encryption works
There are attacks where rather than trying to crank the password you just capture the hash which is stored in memory somewhere and then using a tool that lets you bypass the standard login inject that hash into the app, totally bypassing the UI interface and the password hashing algorithm.
The app sees the hash is correct and isn’t aware that the information has been input via nonstandard methods, and so allows access.
The attacker still doesn’t have a clue what your password was, but they don’t need to. Interestingly enough this means that every time they want access to your data they have to do this because they don’t have a way of actually changing the password or finding out what it was.
Link? That sounds incredibly stupid design
It might work that way, actually .
Just because the phone is encrypted doesn’t mean there’s not an exploit that makes it easier to bypass or extract the passphrase. Celebrite is unfortunately pretty good at attacking out of support phone and breaking into them.
Use a modern, supported OS on a device put out by a trusted vendor and you’re probably ok. But old software/hardware makes it much easier to bypass.