this post was submitted on 16 Jul 2024
92 points (97.9% liked)

Privacy

31954 readers
616 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 27 points 4 months ago* (last edited 4 months ago) (3 children)

They imply they have active cracking abilities for all modern phones, that would be neat to see demonstrated.

It wouldn't even be hard, just invite third party reporter to bring in a bunch of phones with a capture the flag text file on them. Take each phone one by one behind a screen, break it, bam you don't have to give away any secrets but you prove that you can break the phone

[–] fmstrat@lemmy.nowsci.com 5 points 4 months ago (1 children)

Why would they do this when they already make millions? The general public isn't buying their product. They'll only do private demos.

[–] jet@hackertalks.com 2 points 4 months ago (1 children)

There is competition amongst the phone cracking companies. And there's a limited amount of municipal money available. So they need to differentiate themselves from each other somehow.

There is good data that celibrite can break every phone out there right now, except for grapheneos... But I've heard no such data about this company. This means we can only speculate.

So if I was a municipality, and I wanted to decide who got my limited budget, I'd want to compare who's giving me the best value for money. So I would need some metric, some data point, some way to differentiate them. That's where reporting, would come in. The websites are public for a reason...

[–] fmstrat@lemmy.nowsci.com 3 points 4 months ago

The websites are there to get a phone call. No municipality is spending this kind of money without a 3-quote requirement and demos. (Unless there is a preexisting relationship/renewal)

[–] refalo@programming.dev 5 points 4 months ago (1 children)

And android only allows up to a 16 character password for some reason...

[–] ShortN0te@lemmy.ml 6 points 4 months ago (1 children)

That is mostly good enough, a password that does not get cracked if it is generated randomly.

[–] umami_wasbi@lemmy.ml 6 points 4 months ago (1 children)

But how are you going to remember a 16 chars mix alpha num symbol password that's randomly generated?

Yeah the key space is vast but it's hard for most brains to handle it.

[–] anivia@lemmy.ml -1 points 4 months ago (1 children)

It's not that hard. I use such a password for my phone

[–] todd_bonzalez@lemm.ee 3 points 4 months ago (1 children)

Okay so a company whose entire business model relys on their ability to bypass smartphone security is going to start an arms race with the security community that will lead to their own product losing viability?

There's absolutely no incentive to do this. They have absolutely no reason to want smartphone security to improve, or to show off how they do what they do.

[–] jet@hackertalks.com 5 points 4 months ago

I agree they don't want smartphone security to improve. But they also have to let their customers know which phones they can break.