They imply they have active cracking abilities for all modern phones, that would be neat to see demonstrated.
It wouldn’t even be hard, just invite third party reporter to bring in a bunch of phones with a capture the flag text file on them. Take each phone one by one behind a screen, break it, bam you don’t have to give away any secrets but you prove that you can break the phone
And android only allows up to a 16 character password for some reason…
That is mostly good enough, a password that does not get cracked if it is generated randomly.
But how are you going to remember a 16 chars mix alpha num symbol password that’s randomly generated?
Yeah the key space is vast but it’s hard for most brains to handle it.
It’s not that hard. I use such a password for my phone
most
Why would they do this when they already make millions? The general public isn’t buying their product. They’ll only do private demos.
There is competition amongst the phone cracking companies. And there’s a limited amount of municipal money available. So they need to differentiate themselves from each other somehow.
There is good data that celibrite can break every phone out there right now, except for grapheneos… But I’ve heard no such data about this company. This means we can only speculate.
So if I was a municipality, and I wanted to decide who got my limited budget, I’d want to compare who’s giving me the best value for money. So I would need some metric, some data point, some way to differentiate them. That’s where reporting, would come in. The websites are public for a reason…
I doubt it. That info is first party and not to be trusted since it is obviously marketing. Any third party article that backs up their claims?
Isn’t it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible
Because they would have to possess technology that doesn’t exist in order to circumvent actual encryption without a key.
If I adequately encrypt my own data, and keep the keys a secret, I could hand my hard drive off to Microsoft and they could spend billions running all their AI clusters trying to crack it, and it would be a futile endeavor.
If the government had the technology to bypass encryption or quickly and inexpensively crack it, they’d use it for a whole lot more than unlocking smartphones. They could basically control the flow of Bitcoin on a whim with such tech.
No. You watch too many Movies. Yes there were attempts from state sponsored actors to weaken encryption algorithms. But is encryption easy to crack? No.
Dude what encryption are you talking about? Hardware storage encryption is just by now getting more widely adapted, the phone I used till a year ago didn’t even support any encryption.
Sure, aes-256 with secure password only stored in your mind is quasi 100℅ safe, but that is not how most devices handle their “encryption”.
If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)
Also also: encryption only helps if the device is off, which is seldom the case with phones.
Isn’t it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible
You stated in your original comment: “pretty much every system”. So no, any modern phone if android or iOS is by default encrypted.
If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)
TPMs are by design encrypted.
Keys are not stored unencrypted at least not when you encrypt your storage with modern solutions and set it up reasonably. You use either your TPM to store the key or store it on the drive and have it encrypted by itself or use a KDF.
Also also: encryption only helps if the device is off, which is seldom the case with phones.
No this assumption is wrong. You still would need to circumvent the Login into the device which is mostly secured by a pin or password or biometrics.
If you think TPMs are always encrypted, a key can be encrypted “with itself” and still be any use to you and android system pin is secure you are right. Might also believe in santa
If you think TPMs are always encrypted, a key can be encrypted “with itself” and still be any use to you and android system pin is secure you are right. Might also believe in santa
Not sure what you are rambling about the TPM.
Then prove that the Lockscreen is insecure.
How do you think encryption works?
What do you think does a lockscreen?
“lawful access” lol
Phones are really not that hard to compromise from an encryption standpoint. All they need to do is break a pin most of the time. Also the pin is very predicable and probably can be pulled from a cloud service like google.
It is actually pretty horrifying to think about
Or, you know, don’t use pins, use passwords
And use secure open source ROMs!
Somehow only people like the Secret Service are technically capable to break into your privacy while destroying evidence of their own.
Welp, encryption is optional boys and girls.
No it isn’t as it is the default and can not be turned off (that’s good)
Did you read the article? It doesn’t matter if you have encryption, they can break it in under a day.
That’s not an article. That’s sales pitch.
Are you implying the post title is inaccurate? If so how?
Just look at the incentives. A company trying to sell a product is going to promise everything.
This is not a third party review of the effectiveness of this product.
So I do not believe sales pitches without evidence
This is not a third party review of the effectiveness of this product.
Since they only supply devices to law enforcement, I doubt anyone will find such a review, but I don’t think that means we should believe the product doesn’t work, at least in theory it sounds quite feasible to me. There is some information available online given by law enforcement saying that the product does work, personally I think this is enough that we should believe it does work.
https://www.imore.com/unredacted-graykey-nda-outlines-instructions-given-law-enforcement
Yes this one is from the manufacturer but it does have more detail in how the device helped in individual cases if you are to believe what they say: https://www.grayshift.com/wp-content/uploads/101921_eb_Grayshift_AccessToTheTruth_V2-1.pdf
Strong statements require strong evidence.
You should always evaluate opaque claims using multiple sources that have different vested interests
Vs
https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtf
True but that isn’t a reason to give up. We need stronger encryption
