Hathaway_Noa To my knowledge RAM dumps can be performed quite trivially with differing methods per device, some OEM's let you just do it without trouble, like Samsung you type a specific combination in the dialer. Pixels have been RAM dumped. You can find people discussing themselves RAM dumping their pixels on forums to attempt finding the credentials (I also found one trying on a GrapheneOS phone too funnily enough) and other sites with some searches online. This is pretty much MSAB just taking advantage of emergency reboot weaknesses more than any serious exploitation.
roamer4223 This may be a stupid, or a too specific, question - but does anyone know if this kind of attack would be able to brute force other profiles/users?
Yes, providing the user authenticated once, which keeps the secrets in memory.
roamer4223 if the main profile has a password with extremely high entropy (assume it would take too long to brute force, even with the best hardware), but the secondary profile/profiles have simple PINs with very low entropy? Assuming the phone was recently turned off / rebooted of course.
Realistically they should need to unlock the owner profile first.
roamer4223 And would it make a difference if the separate profile/user was unlocked and running when the phone was turned off / rebooted?
If the phone was turned off the right protections should be in place for both the owner and the secondary profile.