Privacy

38823 readers

888 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Can someone explain if Cellebrite (or similar tools) can bypass your device's Encryption? (sh.itjust.works)

submitted 19 hours ago by throwawayacc0430@sh.itjust.works to c/privacy@lemmy.ml

13 comments fedilink hide all child comments

I'm talking about this article that I remember reading last year, but I never fully comprehend it. https://archive.md/qgBWB

Especially one of the images:

What does "BFU Extractions" mean? Does it just straight up bypass any lockscreen, even Before First Unlock?

The first time I came across that article, I just assumed if you have a strong password, your fine, now I'm not so sure, I'm starting to get a bit paranoid... 😖

you are viewing a single comment's thread
view the rest of the comments

[–] catloaf@lemm.ee 19 points 19 hours ago (11 children)

It means they can rip the encrypted data off the phone, then take it over to a system with a bunch of GPUs and brute-force the password.

[–] throwawayacc0430@sh.itjust.works 4 points 19 hours ago (5 children)

But isn't the key supposed to be in the "Secure Element" (or whatever they call it)?

[–] bamboo@lemmy.blahaj.zone 12 points 17 hours ago (2 children)

It's possible that they discovered a weakness in the way the keys are generated in the TPM (or whatever it's called for Android), which brings the time to brute force down from 1,000 years to a few weeks with massive GPUs?

Similar story, as of a few years ago, OpenSSH announced deprecating support for RSA keys keys because of a vulnerability in SHA-1 hashing, where they cited research showing a determined attacker could break the key with $50k of compute power, which may seem like a lot, but is pretty feasible, necessitating the deprecation

It is now possible [1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD $50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

I don't know about the Android system, but during the initial design and fabrication, the hardware may have not been designed to withstand the compute power just a few years later, and can not be easily updated to improve the security. These are the weaknessed Cellebrite is looking for.

[–] tastemyglaive@lemmy.ml 3 points 17 hours ago

Interesting. I figured there was just a backdoor in Knox or iOS it was using.

load more comments (1 replies)

load more comments (3 replies)

load more comments (8 replies)