I’m talking about this article that I remember reading last year, but I never fully comprehend it. https://archive.md/qgBWB
Especially one of the images:
What does “BFU Extractions” mean? Does it just straight up bypass any lockscreen, even Before First Unlock?
The first time I came across that article, I just assumed if you have a strong password, your fine, now I’m not so sure, I’m starting to get a bit paranoid… 😖
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 3.81K Posts
- 96.4K Comments
- Modlog
It’s possible that they discovered a weakness in the way the keys are generated in the TPM (or whatever it’s called for Android), which brings the time to brute force down from 1,000 years to a few weeks with massive GPUs?
Similar story, as of a few years ago, OpenSSH announced deprecating support for RSA keys keys because of a vulnerability in SHA-1 hashing, where they cited research showing a determined attacker could break the key with $50k of compute power, which may seem like a lot, but is pretty feasible, necessitating the deprecation
I don’t know about the Android system, but during the initial design and fabrication, the hardware may have not been designed to withstand the compute power just a few years later, and can not be easily updated to improve the security. These are the weaknessed Cellebrite is looking for.
To an individual. For a business, that’s a quarterly spend. For the government, it doesn’t even come up in budget reviews.
Interesting. I figured there was just a backdoor in Knox or iOS it was using.