this post was submitted on 08 Nov 2024
246 points (93.9% liked)

Technology

59472 readers
5324 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
246
iPhones Seized by Cops Are Rebooting, and No One’s Sure Why (gizmodo.com)
submitted 1 week ago by return2ozma@lemmy.world to c/technology@lemmy.world
94 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] cy_narrator@discuss.tchncs.de 6 points 1 week ago (12 children)

Nice, I think making your phone go into Before First Unlock mode cannot be considered destruction of evidence

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 6 points 1 week ago* (last edited 1 week ago) (11 children)

Well they might charge you with "Obstruction of Justice" instead. Then plug it in some cellebrite device and boom, unlocked.

Best way to not have to deal with stuff like this is just to not have the incriminating evidence in the first place. If you are, for example, doing a protest, only chat with contacts in a safe place, then wipe chat logs every time, any data you wish to keep should be encrypted then uploaded anonymously via VPN/Tor and wiped from local storage. Hide the fact that such data exists so you wouldn't have a scenario where the government is trying to get you to give them the data, since they dont even know what data exists. Plausable deniability.

Edit: Those apps I've linked is still a good idea since "Destruction of Evidence" is probably a lesser charge than something like "Rioting".

[–] jagged_circle@feddit.nl 1 points 1 week ago (5 children)

Cellebrite? I don't think that's how encryption works

[–] echodot@feddit.uk 3 points 1 week ago (1 children)

There are attacks where rather than trying to crank the password you just capture the hash which is stored in memory somewhere and then using a tool that lets you bypass the standard login inject that hash into the app, totally bypassing the UI interface and the password hashing algorithm.

The app sees the hash is correct and isn't aware that the information has been input via nonstandard methods, and so allows access.

The attacker still doesn't have a clue what your password was, but they don't need to. Interestingly enough this means that every time they want access to your data they have to do this because they don't have a way of actually changing the password or finding out what it was.

[–] jagged_circle@feddit.nl 1 points 1 week ago (1 children)

Link? That sounds incredibly stupid design

[–] echodot@feddit.uk 1 points 1 week ago* (last edited 1 week ago)

Yeah. It is. Every design has assumptions and every design can be abused by those assumptions. I'd like to say it's not a failure in design but it's really just a failure of imagination. No one thought this would be an issue, turns out it is, so someone fixed it.

The problem is that not every system gets updated.

load more comments (3 replies)
load more comments (8 replies)
load more comments (8 replies)