this post was submitted on 09 Nov 2024
978 points (98.3% liked)
Technology
59555 readers
4688 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm the only guy in my (small) friend group who still used pattern code instead of fingerprint so I take that to mean my phone is by default more difficult to break into than most. Giving my fingerprint to a giantic tech firm has always seemed like a bad idea so I never did. Though the fingerprint reader acts as a power button too so who knows if they've scanned it anyway.
Afaik the fingerprint is stored on dedicated hardware on your device, it never leaves your phone and cannot be "read"
Patterns are too easy to breach via brute force is my understanding like comically easy
Any modern phone os locks to pin after 3 tries.
Now depending how good they are, it's often possible to guess it by looking at the smear patterns on the phone.
Most phones aren't letting you try more than 5 attempts before you're locked out. You can even set it up to erase after the attempts
Most attacks are done offline. If they clone the encrypted partition, they can brute-force as fast as they want. Pin lockouts can't protect against that.
You are showing a limited understanding of law enforcement's capabilities for brute force attacks.
They make an imagine ofnthe device and then brute force it so you better have that 16 character password.
Makes sense, but in that case, why do law enforcement even care if the OS reboots itself if they already have a copy of the encrypted contents?
properly passworded os still has vulnerabilities that they want to exploit.
OP is just one vulnerability closed.
You mentioned wipe feature after fialed tries, thats a tactic that a person with serious threat model can use but cops go a work around it.