92
you are viewing a single comment's thread
view the rest of the comments
[-] refalo@programming.dev 2 points 4 months ago

Did you read the article? It doesn't matter if you have encryption, they can break it in under a day.

[-] jet@hackertalks.com 15 points 4 months ago

That's not an article. That's sales pitch.

[-] refalo@programming.dev 1 points 4 months ago

Are you implying the post title is inaccurate? If so how?

[-] jet@hackertalks.com 17 points 4 months ago

Just look at the incentives. A company trying to sell a product is going to promise everything.

This is not a third party review of the effectiveness of this product.

So I do not believe sales pitches without evidence

[-] refalo@programming.dev 4 points 4 months ago

This is not a third party review of the effectiveness of this product.

Since they only supply devices to law enforcement, I doubt anyone will find such a review, but I don't think that means we should believe the product doesn't work, at least in theory it sounds quite feasible to me. There is some information available online given by law enforcement saying that the product does work, personally I think this is enough that we should believe it does work.

https://www.imore.com/iphone/documents-reveal-exactly-how-much-iphone-hacking-tool-graykey-costs-law-enforcement-including-subscription-costs-company-boasts-turbo-brute-force-feature-for-ios-that-can-access-locked-iphones

https://www.imore.com/unredacted-graykey-nda-outlines-instructions-given-law-enforcement

Yes this one is from the manufacturer but it does have more detail in how the device helped in individual cases if you are to believe what they say: https://www.grayshift.com/wp-content/uploads/101921_eb_Grayshift_AccessToTheTruth_V2-1.pdf

[-] jet@hackertalks.com 5 points 4 months ago
[-] refalo@programming.dev 3 points 4 months ago

While I do agree with you, not everyone will agree on the authenticity of a particular source. I guess there is simply no way to be certain what their capabilities really are.

[-] todd_bonzalez@lemm.ee 0 points 4 months ago

Are you implying that all Lemmy post titles are demonstrably true?

How's your object permanence?

[-] possiblylinux127@lemmy.zip 4 points 4 months ago

True but that isn't a reason to give up. We need stronger encryption

[-] todd_bonzalez@lemm.ee 4 points 4 months ago

If encryption doesn't matter to them, then at least one of these statements must be true of every phone they unlock:

  1. The device wasn't actually encrypted.
  2. The device was already in a decrypted state and we bypassed the screen lock and not drive encryption.
  3. We acquired the decryption keys somehow.
  4. We have technology that can break modern encryption without learning keys from another source or brute forcing.
  5. We have enough processing power to brute force a modern encryption algorithm.

#1 and #2 are possible because government contractors lie all the time about what they actually do. Pretending to decrypt stuff isn't outside the realm of possibility.

#3 is the biggest concern, especially if they are able to infer what the key is by uncapping silicon or something, because that would mean that any phone that could be unlocked by this company is as good as unencrypted since the device contains the keys in a retrievable format for some reason.

#5 and #6 are pretty much impossible, and such abilities would be far more profitable if used for just about anything but unlocking phones.

this post was submitted on 16 Jul 2024
92 points (97.9% liked)

Privacy

31995 readers
812 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS