Nuttso the phone was already in AFU and the auto reboot function was not set up on the phone, I've only.just learned about the auto reboot function, but the phone was immediately placed into a Faraday bag, so I'm trying to see how vulnerable the phone is as it was in AFU, the only thing I noticed is sometimes the phone would switch back user when it was in my pocket, so I hope it has randomly rebooted
Security from bruteforce
[deleted]
what about ios? Just curious!
[deleted]
Nuttso brand spanking new 14 pro or 14 pro max?
- Edited
@Messi2023 if you need further info pass me a signal number
[deleted] not that I know of any forensic lab that can access them. Not even grayshift
I have to revise a statement of mine. I just asked my lawyer if IT forensics companies are present during arrests or searches in Germany and he confirmed it. Only recently at a tax investigation. Does not mean anything, because it is primarily about pc.
- Edited
Cellebrite has announced bruteforce support for Google Pixel phones (including GrapheneOS) up to gen 5 in one of their private chat groups on discord, this means that they have the ability to bypass the secure element (titan M). Also Dutch NFI (law enforcement) have made it possible to inject malicious code into pixel phones during the fastboot mode in which they are able to extract encrypted keys which can be bruteforced. Again this means they have find a way to bypass the secure element of the pixel phone. The only way to get around this is by:
- Buy a 6th gen Pixel phone or higher and update it always when updates are available.
- Make sure your phone has auto-reboot and turns your phone in BFU state every now and then. (though BFU wont wont help protecting from injecting malicious code during fastboot mode)
- Make sure to use a long, strong and complex alphanumeric password.
This is what I can think about for now.
Hathaway_Noa they can't bypass the secure element. Cellebrite is full of sh*t. They again described extracting data from an unlocked phone. Same they said about signal. My lawyer is the chairman of the Chamber of Criminal Lawyers in Germany. They are gathering all the information they can. AFU is currently not cracked.
Hathaway_Noa Make sure your phone has auto-reboot and turns your phone in BFU state every now and then. (though BFU wont wont help protecting from injecting malicious code during fastboot mode)
This is also a myth. By law, such action must be explained in court to the last detail. This is not encrochat or Sky ecc where they can ship around the rule of law. In targeted operations like this, they have to explain exactly how. Which in turn explains the hack still in the trial technically accurate. The reason for this is that there was no data manipulation during it and the data has integrity.
- Edited
Nuttso of you you have fact based evidence like court files or just a number and a name from a lawyer with such a case provide it pls.
Nuttso Cellebrite explicitly announced bruteforce capabilities within BFU mode for locked pixel phones, they announced this to their own customers and this will only be available for Cellebrite Premium and NOT ufed4pc! BIG DIFFERENCE! If you believe cellebrite is lying against their customers be my guest, but I'd rather give people this information to be taken into consideration. A lot of people take the titan-m security for granted and use short numeric passwords, this can bite them one day. Bootloader exploits are always a thing and have always been a thing, for both pixel phones and android phones.
The real problematic adversaries are pegasus and other unknown companies that are hording vulnerabilities.
- Edited
Hathaway_Noa I know I follow them closely. I also know people that are licensing their products. And no they can't do what they claim. You're overestimating them. They do this quite often. And again. In targeted operations they have to proof unaltered data. This means it must be in the court files how they do it not just that they can do it.
Nuttso You may believe that.
- Edited
A judge at the district court will of course be able to convict without the raw data, but the Federal Supreme Court will overturn the verdict. Because in Germany, the Constitutional Court has ruled that the defendant must have the right to see all methods and raw data. This is mandatory. Encro and Sky is something else. There they have pulled off a clever move. The shipped around German law. With the current law and a targeted operation it's impossible to pull such a hack and not explain absolutely every detail how u did it in court. Same goes for NL.