Cellebrite Premium fail

lucia

So recently there was this news about Cellebrite Premium, the man's cell phone is a Samsung Galaxy A30, the federal police tried a combination of 10 million passwords and were unsuccessful, in this case the most important factor for the police's failure was the complex password?

link to the news website https://www.metropoles.com/colunas/paulo-cappelli/pf-tenta-10-milhoes-de-senhas-e-nao-desbloqueia-celular-de-patriota

KleinesSinchen

lucia in this case the most important factor for the police's failure was the complex password?

Sounds like this.

I'm not very knowledgable in these things, so my assumptions might be wrong. Simpler devices lack a dedicated security chip and probably use the TEE (Trusted Execution Environment) of the main CPU for handling decryption.

10 million tries is not exactly much. Seems Cellebrite is successful at bypassing the (software based?) throttling on the Galaxy A30 but cannot extract the encrypted key for a powerful bruteforce attack outside the device.

Even a 12+ digit PIN would be out of range seeing this low number of password attempts.

lucia

KleinesSinchen Thanks for the reply, so the chip you mentioned makes hardware encryption?

VEECCdYKYi

Having a duress password should protect against brute force attacks right? Disregarding the probability that the brute force guesses the right pin/password before the duress pin/password.

dhhdjbd

VEECCdYKYi
I think, since the duress password is in software, it can be bypassed somehow. (or rather a exploit is possible)

pxlkng

VEECCdYKYi
dhhdjbd

No, and this is not the intended usage for duress.
What protects against brute-force are mainly two things:

the throttling enforced by the secure element
a good passphrase/PIN, ideally not even relying on the secure elements throttling (e.g. 8+ random diceware words)

Having a duress PIN/passphrase set up with the thought that it will be hit during bruteforce is not reliable or a good protection.

VEECCdYKYi

pxlkng
Okey.
What does throttling enforce secure element mean? Slowing down the brute force attack so making way to time- and resource consuming to be an viable method? I don't know much about these things but I find it interesting.

final

If a profile is in After First Unlock, the data isn't at rest and a sophisticated threat could use an exploit to bypass the lock screen. If that capability is not available, which can be a case with new devices, then brute forcing is a fallback. An AFU brute force can also be much faster.

For devices that are Before First Unlock they always require a brute force because data is at rest and must be decrypted to be accessible. A secure high-entropy passphrase would be impossible to brute force regardless of device, although having to type in such a long, complex password would be tedious for some.

We recommend GrapheneOS users with forensic extraction of a seized device as a major threat to do this to ensure data is safe BFU regardless of how long the device hasn't been updated for.

pxlkng

VEECCdYKYi

Yeah. The secure element enforces attempt cooldowns on a hardware-level that currently can't be bypassed, to make even bruteforcing of otherwise unsafe passphrases or PINs unviable to bruteforce.
(It is still recommended to not rely on the secure element ideally and pick a strong passphrase/PIN)

From the website FAQ:

Standard delays for encryption key derivation enforced by the secure element:

0 to 4 failed attempts: no delay
5 failed attempts: 30 second delay
6 to 9 failed attempts: no delay
10 to 29 failed attempts: 30 second delay
30 to 139 failed attempts: 30 × 2⌊(n - 30) ÷ 10⌋ where n is the number of failed attempts. This means the delay doubles after every 10 attempts. There's a 30 second delay after 30 failed attempts, 60s after 40, 120s after 50, 240s after 60, 480s after 70, 960s after 80, 1920s after 90, 3840s after 100, 7680s after 110, 15360s after 120 and 30720s after 130
140 or more failed attempts: 86400 second delay (1 day)

iirc those values have been changed some time ago to be even more aggressive, unsure though.