Law enforcement using mysterious new tool to unlock cellphones
and not a surprise either!
unless you are stupid enough to still be using touch id or to be using face id or something like that, and dont have some insecure pin password, and just have a 20+ didget password with a mix of character types you are fine....
Okay I admit thats a bit unintuitive and something 99% of people dont do, but if you do that you will be fine.
“bypassing the passcode may take hours or days, allowing the phone data to be downloaded.”
This basicly just bypasses how many times you can guess passwords then. You can very easily prevent the police from looking at your device by simply having an actually secure password and no biometric authentication. I can garentee even if they had my device they are not getting in.
Assume all smartphones are compromised, end of story.
I have several email addresses, but the one I use for my Android phones is a throwaway - I don't use it for anything else. A successful attacker can get access to my contact list and my call and text history. But the police or a bored employee at T-Mobile or Google can do the same.
Even if you use an encrypted messaging app on your smart phone, it has two fatal flaws. First, your wireless carrier can track when messages went out and came in, so even if they don't know what the messages are they can tell when you communicated. Second, some of the software on your phone is proprietary, so it's possible a company or agency or whatever is collecting your plain text data.
Just don't bother. If you're going to do anything you want to keep private, illegal or not, leave the phone at home.
Every day the US gets worse. We pretend everything is fine, justify things, lie to ourselves, and stay silent.
Do you think things will get better on their own?
At point will you get mad? When will you resist? What will say when the economy collapses, you get sent to the concentration camps, the civil war starts, and WWIII breaks out?
Will you feel any responsibility at all?
Are you just going to take it?
Cellebrite tools were leaked online not long ago. Old news. I've been using them leaked tools to mess with my phones.
Tip: If your phone isn't turned off when it was confiscated, no matter if it was encrypted, people still able to access your data. This ain't rocket science, these techniques have been known from dawn of smartphone. Ask any store that sell stolen phones and they'll show you that you never needed expert to crack. There are several way they can crack or bypass the lock screen:
Pass-the-hash - layman: when ur lock screen is on, the hash of the pass code/touch id/etc is buffered in the memory. What you can do is dump the hash from memory and crack using pass-the-hash attack. Same shit on any device. https://ios7hash.derson.us/
Bruteforcing - sure, you can set how many time until your phone locked when passcode was bruteforced. But there are many exploits in the wild allowing you to continue the bruteforce without phone locking out. https://twitter.com/hackerfantastic/status/1010631766087032832
Moral of the story: use passphrase, encrypt your shit, turn it off when cops came, no PIN, biometric or other bullshit.
This is evil and scary at the same time. :O