Can someone explain if Cellebrite (or similar tools) can bypass your device's Encryption? (sh.itjust.works)

submitted 21 hours ago by throwawayacc0430@sh.itjust.works to c/privacy@lemmy.ml

13 comments fedilink hide all child comments

I'm talking about this article that I remember reading last year, but I never fully comprehend it. https://archive.md/qgBWB

Especially one of the images:

What does "BFU Extractions" mean? Does it just straight up bypass any lockscreen, even Before First Unlock?

The first time I came across that article, I just assumed if you have a strong password, your fine, now I'm not so sure, I'm starting to get a bit paranoid... 😖

top 13 comments

sorted by: hot top controversial new old

[-] jivandabeast@lemmy.browntown.dev 11 points 16 hours ago* (last edited 16 hours ago)

Okay so I'll try my best to convey what I know (I studied DFIR in college, but I work as a security engineer now):

There are two types of mobile device forensic acquisitions/collections/extractions: BFU and AFU.

BFU (Before first unlock) extractions simply refer to what Cellebrite is able to pull from the phone when it has been turned on but not unlocked for the first time, similarly AFU (after first unlock) is what it can collect after its been unlocked.

You can think about this as your phone being in two states: when you first boot it up (and I'm talking from the Android perspective, because I have never owned an iPhone) you're required to use your pin/password to unlock the device and then it will complete its boot. Any time after that first unlock though, you can unlock with stuff like biometrics and its much faster (i know my phone when i unlock for the first time after a boot will display an "Android is Starting" or something like that while it loads up).

Bringing this back to your main question: depending on the OS version and device, what is pulled from AFU/BFU will vary. So looking at the image you linked:

If you were an incident responder, you'd probably read this chart left to right. Lets say i have a Samsung S23 running presumably android 13 or 14, I'd first look at the samsung rows, choose the second one for the version, and then id have to determine if the device is in BFU or AFU mode, and see which options are available to me. In this instance, it doesn't make a difference because I can get user data from either (because i can brute force the password on the lockscreen for this specific device). Otherwise, a BFU extraction might only pull out surface level information from the device because everything may not have been decrypted yet.

I feel like I'm rambling but I hope it's shedding some light, your point about the password is important but not everything. Companies like Cellebrite and Magnet pay a lot of money for zero day vulns that they can build exploits for into their software, meaning that if theres something critical (like a pin code bypass) then they could just use that and get all your data. But, there's a lot of various data on cellphones, take Signal for example (and this is just an example, I don't actually know): it's possible that if signal is encrypting messages stored on the device, that even if an examiner pulled that database out, they might still not be able to do anything about it.

My final point, there's also a high degree of secrecy around these tools. Obviously Cellebrite and Magnet are incentivised to keep their exploits quiet so they continue working, otherwise Google or Apple could just issue a security patch and render them useless. Often, they'll have different tools that are available to different organizations: a company may have a few cellebrite dongles for internal investigations and litigation support, the details of which are kept under NDA, but they're still likely to be separate from what an organization like the FBI would have access to. This is why it's often hard to find information on these tools, especially updated or recent information

[-] catloaf@lemm.ee 19 points 20 hours ago

It means they can rip the encrypted data off the phone, then take it over to a system with a bunch of GPUs and brute-force the password.

[-] throwawayacc0430@sh.itjust.works 4 points 20 hours ago

But isn't the key supposed to be in the "Secure Element" (or whatever they call it)?

[-] Max_P@lemmy.max-p.me 4 points 12 hours ago

It's derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user's correct password, and the TEE to agree to hand out the key, which it may refuse to do if there's been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It's still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It's not a lot of tries. Then you better hope you had a good password.

[-] bamboo@lemmy.blahaj.zone 12 points 18 hours ago

It's possible that they discovered a weakness in the way the keys are generated in the TPM (or whatever it's called for Android), which brings the time to brute force down from 1,000 years to a few weeks with massive GPUs?

Similar story, as of a few years ago, OpenSSH announced deprecating support for RSA keys keys because of a vulnerability in SHA-1 hashing, where they cited research showing a determined attacker could break the key with $50k of compute power, which may seem like a lot, but is pretty feasible, necessitating the deprecation

It is now possible [1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD $50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

I don't know about the Android system, but during the initial design and fabrication, the hardware may have not been designed to withstand the compute power just a few years later, and can not be easily updated to improve the security. These are the weaknessed Cellebrite is looking for.

[-] catloaf@lemm.ee 9 points 18 hours ago

$50k of compute power, which may seem like a lot

To an individual. For a business, that's a quarterly spend. For the government, it doesn't even come up in budget reviews.

[-] tastemyglaive@lemmy.ml 3 points 18 hours ago

Interesting. I figured there was just a backdoor in Knox or iOS it was using.

[-] buffing_lecturer@leminal.space 14 points 20 hours ago

Theyre not saying anything about reading the key off the phone. Brute force the key by trying every key against the encrypted data dump.

[-] Pika@sh.itjust.works 2 points 18 hours ago* (last edited 18 hours ago)

password in this case, would it be the phones password, or a encryption key that uses the phones password for decryption.

if it's the phones password, I assume if a password unlock was configured instead of a passcode, it would be significantly harder to brute force.

[-] catloaf@lemm.ee 6 points 18 hours ago* (last edited 18 hours ago)

Same thing. Your lockscreen password/pattern/whatever is also the user partition decryption key. This is why BFU/AFU is a thing. After a reboot, the first unlock decrypts the partition. The key is stored in RAM. The only way to reset this is to reboot.

[-] Pika@sh.itjust.works 1 points 18 hours ago

ok, I feel password lock would be more secure in this case then since its harder to brute force. For some that might be worth the more of a hassle unlocking

[-] catloaf@lemm.ee 3 points 17 hours ago

Not necessarily. The longer the better. Most people use a 4-digit passcode or simple pattern. A long passcode, generated by a CSPRNG is probably the best. I don't know how biometrics stack up.

[-] Max_P@lemmy.max-p.me 2 points 12 hours ago

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It's generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you're safe.

this post was submitted on 14 Jun 2025

41 points (97.7% liked)

Privacy

38825 readers

790 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS