Viewing a single comment thread. View all comments

ACAT wrote

Cellebrite tools were leaked online not long ago. Old news. I've been using them leaked tools to mess with my phones.

Tip: If your phone isn't turned off when it was confiscated, no matter if it was encrypted, people still able to access your data. This ain't rocket science, these techniques have been known from dawn of smartphone. Ask any store that sell stolen phones and they'll show you that you never needed expert to crack. There are several way they can crack or bypass the lock screen:

  • Pass-the-hash - layman: when ur lock screen is on, the hash of the pass code/touch id/etc is buffered in the memory. What you can do is dump the hash from memory and crack using pass-the-hash attack. Same shit on any device.

  • Bruteforcing - sure, you can set how many time until your phone locked when passcode was bruteforced. But there are many exploits in the wild allowing you to continue the bruteforce without phone locking out.

Moral of the story: use passphrase, encrypt your shit, turn it off when cops came, no PIN, biometric or other bullshit.