[deleted] The latest iPhones and iPads can be exploited by Cellebrite. They're likely going to continue keeping up with the latest iOS versions and new hardware models unless there's a major change to how they function. They sometimes have a couple months of delay for certain new Android and iOS versions when they have to update their exploits for major changes or replace them completely.

      Lukas You'll be able to do that, but the intended purpose is making it possible to use a strong passphrase while having the convenience of fingerprint unlock + short PIN for secondary unlock.

        [deleted] It's likely simply implied by AFU exploitation capability on iOS. If they lose the capability on newer iOS versions they may start listing where they have it again.

          orangecola we don't have access to the iOS and Android support matrix documents at the moment because it's what we requested from one of our sources. We didn't ask for the rest. We don't plan to publish the documents ourselves anymore, but there was a user on our forum who published the extended documentation before and they may do it again.

            [deleted] They probably just haven't shipped the functionality in Cellebrite Premium yet.

              What does "FFS Yes, BF No" mean for stock OS Pixel in AFU? Do they get access to all user data unencrypted without the need to brute force the password?

                Thank you for providing the screenshots, although make sure the source is not compromised as it'd be nice to see them in future. I suggest rewriting table manually, there are fingerprinting methods available :P But i'm sure you are aware.

                It's very surprising to see that they have some sort of patent for newest iOS, i thought that recent iOS AFU unlocks were more like exception than normal thing. It seems that these devices can't be widely considered unlock-safe anymore.

                As part of my final year work, I tested Cellebrite against a Pixel 4A phone with GrapheneOS... it was incredibly underwhelming. I'll just say the results were very basic, nothing very useful. I didn't have access to XRY, though.

                jellybean BFU refers to exploiting a device Before First Unlock. BF refers to whether they can brute force lock methods after BFU exploits., which they cannot for Pixel 6 or later / iPhone 12 or later due to the more hardened secure elements. AFU refers to exploiting a device After First Unlock, which obtains access to nearly all the data.

                    Upstate1618 There are no exploits for encryption involved in this. Windows and desktop Linux distributions along with typical laptop/desktop hardware are extremely more vulnerable to these kinds of exploits. macOS on modern Mac hardware is not as protected against this as an iPhone but certainly more than those.

                        • [deleted]

                        • Post #32

                        GrapheneOS Is there a simple explanation of why computers are considered less secure, and more vulnerable to attacks than mobile devices?

                        • de0u replied to this.

                            [deleted] Is there a simple explanation of why computers are considered less secure, and more vulnerable to attacks than mobile devices?

                            To sone extent it's cultural. People are used to buying a new phone every couple of years, so there are more refresh cycles and more opportunities to change things. Also, phones are easier to steal. And, unlike desktop machines, which were for "professionals" for a long time, the smartphone audience (since 2007) has rapidly become "everybody".

                            There is no fundamental reason, but it takes a long time to upgrade legacy stuff that "works", when many individual things must be changed.

                              [deleted] Is there a simple explanation of why computers are considered less secure, and more vulnerable to attacks than mobile devices?

                              Here's a timely example: Secure Boot is completely broken on 200+ models from 5 big device makers.

                              In the mobile world I am aware of this mistake being made by Fairphone, but not a major vendor, whereas apparently in the PC world the doofus factor has been non-trivial. Note that GrapheneOS has, as the article notes is best practice, a different signing key for each device type.