An Interest In:
Web News this Week
- April 4, 2024
- April 3, 2024
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
Some of Our Sources
- Abduzeedo
- Inspiredology
- Web Designer Depot
- Reencoded
- Stylized Web
- CSS Tricks
- Freelance Switch
- Web Resource Source
- Android Headlines
- Willems Lab
Help Webnuz
Referal links:
December 23, 2020 08:05 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1posH-QYzP4/authorities-dont-need-to-break-phone-encryption-in-most-cases-because-modern-phone-encrypt
Authorities Don't Need To Break Phone Encryption in Most Cases, Because Modern Phone Encryption Sort of Sucks.
Matthew Green, a cryptographer and professor at Johns Hopkins University, shares in a series of tweets: My students Max and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were "breaking phone encryption." This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. We wrote an enormous report -- a draft of which you can read here (PDF) about what we found, which we'll release after the holidays. The TL;DR is kind of depressing: Authorities don't need to break phone encryption in most cases, because modern phone encryption sort of sucks. I'll focus on Apple here but Android is very similar. The top-level is that, to break encryption on an Apple phone you need to get the encryption keys. Since these are derived from the user's passcode, you either need to guess that -- or you need the user to have entered it. Guessing the password is hard on recent iPhones because there's (at most) a 10-guess limit enforced by the Secure Enclave Processor (SEP). There's good evidence that at one point in 2018 a company called GrayKey had a SEP exploit that did this for the X. See photo. There is really no solid evidence that this exploit still works on recent-model iPhones, after 2018. If anything, the evidence is against it. So if they can't crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? The boring answer very likely is that police aren't guessing suspects' passcodes. They're relying on the fact that the owner probably typed it in. Not after the phone is seized, in most cases. Beforehand. The full thread on Twitter here.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1posH-QYzP4/authorities-dont-need-to-break-phone-encryption-in-most-cases-because-modern-phone-encrypt
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot