Privacy @lemmy.ml TheReturnOfPEB @reddthat.com 4 mo. ago

Magnet Graykey can provide same-day access to the latest iOS and Android devices – often in under one hour.

www.magnetforensics.com Magnet Graykey | Mobile forensic access tool

Magnet Graykey is a forensic access tool designed for same-day, lawful access and extraction of encrypted data from mobile devices.

51 comments

I doubt it. That info is first party and not to be trusted since it is obviously marketing. Any third party article that backs up their claims?
- Isn't it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible
  
  Because they would have to possess technology that doesn't exist in order to circumvent actual encryption without a key.
  
  If I adequately encrypt my own data, and keep the keys a secret, I could hand my hard drive off to Microsoft and they could spend billions running all their AI clusters trying to crack it, and it would be a futile endeavor.
  
  If the government had the technology to bypass encryption or quickly and inexpensively crack it, they'd use it for a whole lot more than unlocking smartphones. They could basically control the flow of Bitcoin on a whim with such tech.
  
  No. You watch too many Movies. Yes there were attempts from state sponsored actors to weaken encryption algorithms. But is encryption easy to crack? No.
They imply they have active cracking abilities for all modern phones, that would be neat to see demonstrated.

It wouldn't even be hard, just invite third party reporter to bring in a bunch of phones with a capture the flag text file on them. Take each phone one by one behind a screen, break it, bam you don't have to give away any secrets but you prove that you can break the phone
- Why would they do this when they already make millions? The general public isn't buying their product. They'll only do private demos.
  
  There is competition amongst the phone cracking companies. And there's a limited amount of municipal money available. So they need to differentiate themselves from each other somehow.
  
  There is good data that celibrite can break every phone out there right now, except for grapheneos... But I've heard no such data about this company. This means we can only speculate.
  
  So if I was a municipality, and I wanted to decide who got my limited budget, I'd want to compare who's giving me the best value for money. So I would need some metric, some data point, some way to differentiate them. That's where reporting, would come in. The websites are public for a reason...
- And android only allows up to a 16 character password for some reason...
  
  That is mostly good enough, a password that does not get cracked if it is generated randomly.
- Okay so a company whose entire business model relys on their ability to bypass smartphone security is going to start an arms race with the security community that will lead to their own product losing viability?
  
  There's absolutely no incentive to do this. They have absolutely no reason to want smartphone security to improve, or to show off how they do what they do.
  
  I agree they don't want smartphone security to improve. But they also have to let their customers know which phones they can break.
"lawful access" lol
- Next will be direct "lawful access" to our thoughts when the tech becomes available
Phones are really not that hard to compromise from an encryption standpoint. All they need to do is break a pin most of the time. Also the pin is very predicable and probably can be pulled from a cloud service like google.

It is actually pretty horrifying to think about
- Or, you know, don't use pins, use passwords
  
  And use secure open source ROMs!
This looks like old news to me. Years ago I've read that three letter agencies can access phones without getting the access code or bio-metrics from the phone owner.

https://en.wikipedia.org/wiki/Grayshift

And it was in the news recently because of the Trump shooter : https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtf

https://signal.org/blog/cellebrite-vulnerabilities (2021, crazy story)
https://www.npr.org/2022/07/14/1111618620/secret-service-erased-texts-from-two-day-period-spanning-jan-6-attack-watchdog-s

Somehow only people like the Secret Service are technically capable to break into your privacy while destroying evidence of their own.
- This isn't the secret service
Welp, encryption is optional boys and girls.
- No it isn't as it is the default and can not be turned off (that's good)
  
  Did you read the article? It doesn't matter if you have encryption, they can break it in under a day.
Lot of cope and denial in these threads. Yes the same-day is probably a rosy estimate based off people using 6 digit codes or something easy to crack, doesn't mean it's false or that they can't hypothetically target longer alpha-numeric passwords. For all we know they might not even be brute-forcing and could be conducting some sort of exploit that over time reveals the encryption keys themselves in some way.

I'm still very curious about the nature of the mechanisms of action. I assume they manage to bypass the basic lock-out against entering too many passcodes too quickly somehow which is what enables this. If throttling could be properly enforced (to say nothing of something like 10 attempts and it refuses all future attempts and erases the key type of thing) this type of attack wouldn't be practical for anyone using anything above a 6 digit numerical passcode in any reasonable timeframe. I wonder if they exploit wireless radios including cellular, wifi, bluetooth and force some code on the phones via these usually-on chips that enables this via exploiting problems in their architecture. Perhaps something that locks up, prevents functioning or resets certain checks via flooding parts of the hardware/software from these points of access. Or if it really is purely phy/log access to the lightning/usb-c port.

You've viewed 51 comments.