There are attacks where rather than trying to crank the password you just capture the hash which is stored in memory somewhere and then using a tool that lets you bypass the standard login inject that hash into the app, totally bypassing the UI interface and the password hashing algorithm.
The app sees the hash is correct and isn’t aware that the information has been input via nonstandard methods, and so allows access.
The attacker still doesn’t have a clue what your password was, but they don’t need to. Interestingly enough this means that every time they want access to your data they have to do this because they don’t have a way of actually changing the password or finding out what it was.
Just because the phone is encrypted doesn’t mean there’s not an exploit that makes it easier to bypass or extract the passphrase. Celebrite is unfortunately pretty good at attacking out of support phone and breaking into them.
Use a modern, supported OS on a device put out by a trusted vendor and you’re probably ok. But old software/hardware makes it much easier to bypass.
Nice, I think making your phone go into Before First Unlock mode cannot be considered destruction of evidence
deleted by creator
Cellebrite struggles with iPhones already, this reboot is part of the cat and mouse game they’re playing
deleted by creator
I’ve used cellebrite before.
Anecdote of 1 for you, iOS is a pain in the ass.
deleted by creator
Cellebrite? I don’t think that’s how encryption works
There are attacks where rather than trying to crank the password you just capture the hash which is stored in memory somewhere and then using a tool that lets you bypass the standard login inject that hash into the app, totally bypassing the UI interface and the password hashing algorithm.
The app sees the hash is correct and isn’t aware that the information has been input via nonstandard methods, and so allows access.
The attacker still doesn’t have a clue what your password was, but they don’t need to. Interestingly enough this means that every time they want access to your data they have to do this because they don’t have a way of actually changing the password or finding out what it was.
Link? That sounds incredibly stupid design
It might work that way, actually .
Just because the phone is encrypted doesn’t mean there’s not an exploit that makes it easier to bypass or extract the passphrase. Celebrite is unfortunately pretty good at attacking out of support phone and breaking into them.
Use a modern, supported OS on a device put out by a trusted vendor and you’re probably ok. But old software/hardware makes it much easier to bypass.