Cellebrite Premium July 2024 documentation

Onion Pixel 2 has an off-the-shelf NXP secure element which is likely far less secure than the Titan M1. You're misinterpreting lack of capability as more security but that's not what it means. They likely started caring a lot about Pixels much later and never dedicated the resources to dealing with the Pixel 2 secure element. Pixel 3 through 5a have the same Titan M1 secure element. Pixel 2 is a separate thing, and while likely much easier to exploit is only 2 devices which had far lower sales than more recent Pixels and are hardly used by anyone anymore. If they had a real reason to deal with it, they likely could do it and without as much trouble as later Pixels.

Onion Yes, they can bypass the phone being locked and gain control of the OS. Lockdown mode doesn't seem to block them or they'd mention the limitation since this is documentation on using Cellebrite Premium. It's not meant for public consumption and is not marketing material, although their ability to exploit most devices does end up marketing their products simply by publishing it since they're doing a good job keeping up. They probably don't mind us posting it much.

How supersonic BF is possible on iphone XR/XS/11 ? couple years ago checkm8 team found a flaw on secure enclave (up to iphone X) and apparently Apple did the job to remove the flaw on new iphones

There's no sign of Apple preventing exploitation of the secure element. iPhone 12 and later added an additional layer of security for the brute force protection. The main portion of the secure element is probably still getting exploited, it just doesn't bypass this. Cellebrite could therefore still bypass most of the secure element features but they have no need for it.

racoondog They have the capability of getting the lock method from an iOS device when they exploit it After First Unlock, although it doesn't always work, but when it does there's nothing they can't get. They can also exploit the secure element and just can't bypass the encryption brute force limits due to another layer inside it. It's possible they can obtain that even if the IPR capability for getting the lock method fails and brute forcing can't be done.

racoondog Yes, when the device is in AFU, they can get nearly 100% of the data without a brute force. The only exception is that the tiny portion of data that's meant to be at rest while locked (which is opt-in and even Signal doesn't use it) can't always be obtained. It's not meant to be possible to ever obtain it but in practice they can get it due to at least one bug.

Whatnoww It's available as a feature of the hardware keystore and it's up to apps to use that API for an additional layer of disk encryption. Android is going to be providing APIs for an iOS style data class available only while the device is unlocked and hopefully it's implemented better. We can harden it if it fails to hold up properly to attacks.

UserresU The intended purpose is adding a PIN to confirm fingerprint unlock. It is not a primary unlock method, which wouldn't be reasonable.

UserresU There's information throughout the thread. Which part do you need more info about?

Quotesquestioner Are you referring to the SoC column for iPhones? That refers to their System on a Chip, i.e. the CPU, GPU, MMU, etc. It's already implied by the device model but they may have added it to help explain why there would be differences between certain generations.