this post was submitted on 16 Oct 2024
98 points (97.1% liked)

Privacy

1209 readers
84 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
all 41 comments
sorted by: hot top controversial new old
[–] card797@champserver.net 56 points 4 weeks ago (1 children)

Well, I want their passwords too.

[–] Steamymoomilk@sh.itjust.works 11 points 4 weeks ago* (last edited 4 weeks ago)
[–] horse_battery_staple@lemmy.world 44 points 4 weeks ago (3 children)

Don't use biometrics and if you do, power off your phone before it's siezed.

[–] corvi@lemm.ee 21 points 4 weeks ago* (last edited 4 weeks ago) (2 children)

PSA hitting your power button (5)? times in a row (however many it takes to bring up the SOS screen) on an iPhone will disable biometric login until you’ve entered your password again.

You can also hold to power down but not actually go through with it, I believe.

[–] ericjmorey@discuss.online 5 points 4 weeks ago (1 children)

That's not how it works on Android phones. Different Android phones will work differently based on the manufacturer and customization of the installed OS.

[–] ramble81@lemm.ee 18 points 4 weeks ago (1 children)

Hence why they said “iPhone” in their post.

[–] ericjmorey@programming.dev 0 points 4 weeks ago (1 children)

Hence why I provided information for people using Android phones.

[–] three@lemm.ee 4 points 4 weeks ago (1 children)

nuh uh! android phones work super differently!

You wanna point out that information?

[–] ericjmorey@programming.dev 3 points 3 weeks ago

You reading something that wasn't written isn't on me.

[–] AsudoxDev@programming.dev -3 points 4 weeks ago (3 children)

That does not encrypt your storage. It simply disables the biometric authentication methods. Which means they can see your stuff if they get into the phone via a exploit.

[–] Lemjukes@lemm.ee 17 points 4 weeks ago

I mean, they can do that if biometrics are disabled altogether too. Encryption isn’t really what’s at issue with biometrics vs. passcodes. In the US police can force you to put you to input a biometric but they can’t force you to enter a passcode.

[–] MelodiousFunk@slrpnk.net 9 points 4 weeks ago (1 children)
[–] AsudoxDev@programming.dev 8 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

You didn't read the article you linked to, did you?

The encryption by default you speak of is before the first unlock, that is, locked with something like a password or PIN. After the first unlock, the decryption key is stored in memory and your filesystem is pretty much vulnerable to anyone that can get access to the memory. That is why you can even unlock your phone with your face or fingers, because all that is a simple boolean value that indicates whether you logged in or not. You can't "generate" or get a key from your face nor fingers.

[–] pivot_root@lemmy.world 6 points 4 weeks ago* (last edited 4 weeks ago) (2 children)

In a lot of modern phones, and particularly iPhones, the encryption key is stored in the TPM. The TPM itself handles the encryption and decryption of data. If someone manages to get read access to the system memory, the most they're getting is whatever cleartext data is stored in memory for cache or process memory.

Citing my Claims:

I'm not going to bore myself or anyone else with whitepapers and PDFs, but Apple themselves summarize how T2 (TPM) works with disk encryption on Mac devices. The iPhone has the same chip and an even stricter threat model. In M-series Apple devices, they rolled its functionality into the SoC.

[–] AsudoxDev@programming.dev 2 points 4 weeks ago* (last edited 3 weeks ago) (2 children)

Correct, though it still is saved somewhere. Just like how TPMs in Computers can be exploited as well, this also can be. What I meant in my original comment was that the emergency mode did not clear that hardware chip's storage, which others said otherwise.

edit: corrected mistake according to ethan

[–] firelizzard@programming.dev 2 points 4 weeks ago

do a full encryption of the storage

That’s not how disk encryption works. Data in storage is always encrypted. That’s the whole point. When an app requests data, it is decrypted on the fly. Decrypted data is never stored outside of RAM.

[–] pivot_root@lemmy.world 2 points 4 weeks ago* (last edited 4 weeks ago)

Ah. Then yeah, emergency mode won't suffice for protecting the full contents of the disk.

I can't say Apple actually does this, but it is possible to protect important data by further encrypting user data with a separate encryption key derived from the passcode, and then clearing the key whenever the screen is locked.

[–] OfCourseNot@fedia.io 7 points 4 weeks ago (1 children)

iOS encrypts the storage by default. Don't know about android but I'm sure if not by default it can be enabled.

[–] AsudoxDev@programming.dev 0 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

I never said anything about the phone not being encrypted by default. I am talking about the emergency mode iOS devices have.

[–] OfCourseNot@fedia.io 0 points 4 weeks ago (1 children)

You literally said 'that doesn't encrypt your storage'. I've read some other comments of yours about it being decrypted after entering a pin or passwords in memory...that's not how it works (again at least in iOS), it's managed by hardware. Basically a chip enters your password for you. So no, an attacker can't access your storage, it's still encrypted, or your password that easily.

[–] AsudoxDev@programming.dev 2 points 4 weeks ago* (last edited 4 weeks ago)

PSA hitting your power button (5)? times in a row (however many it takes to bring up the SOS screen) on an iPhone will disable biometric login until you’ve entered your password again.

I responded to that with:

That does not encrypt your storage. It simply disables the biometric authentication methods. Which means they can see your stuff if they get into the phone via a exploit.

That emergency mode that is activated by hitting the power button 5 times does not encrypt the storage. It merely disables the biometric authentication methods and possibly other things related to security, but it does not encrypt the storage. The phone stays in the AFU state and therefore the decryption keys are still somewhere in the hardware chip's memory.

[–] jet@hackertalks.com 5 points 4 weeks ago

Fun fact: You can have two factor authentication where a PIN and a Fingerprint are required on android.

This can be done with work profiles! Set a pin for the normal phone unlock, and a biometric for the work profile. To get to any data in the work profile, someone would need both factors.

[–] Lucidlethargy@sh.itjust.works 1 points 3 weeks ago

I've never used biometrics in any phone I've ever owned. This is the way.

[–] ramble81@lemm.ee 19 points 4 weeks ago

And the 4th amendment says to go fuck yourself.

[–] Sterile_Technique@lemmy.world 9 points 4 weeks ago (2 children)

Vaguely recall reading about a way to set your phone with two PINs, your normal one, and a security one that's like a completely separate user account. So just install some BS apps on it, take some photos, and give that PIN when you need to.

[–] synapse1278@lemmy.world 25 points 4 weeks ago (2 children)

Interesting idea!

A bit different, is the Duress Password from GrapheneOS:

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

The wipe does not require a reboot and cannot be interrupted.

Features: Duress - GrapheneOS.org

[–] jet@hackertalks.com 7 points 4 weeks ago (3 children)

I am not a lawyer, always consult with a lawyer in your local jurisdiction.

I believe giving a duress password to the police, which destroys data, will definitely be a crime, destruction of evidence at the minimum. Or obstruction.

I'm all for having a duress code, I just want to be clear about the trade-offs

[–] Wildly_Utilize@infosec.pub 5 points 3 weeks ago (1 children)

Perhaps one could set the duress pin to something easily guessable if they were worried about a brute force

[–] jet@hackertalks.com 3 points 3 weeks ago

That's a great idea

[–] Fuck_u_spez_@sh.itjust.works 4 points 4 weeks ago (2 children)

The burden is on them to prove that I didn't confuse my two passwords accidentally. I have SO many passwords, officer. Silly me.

[–] jet@hackertalks.com 7 points 4 weeks ago

Only in theory... most likely they will load you up with at least 5 federal charges and offer you a Faustian plea bargain where you admit guilt to avoid a lifetime in jail.

Now if you had a list of codes in your wallet, one of which was a duress code... it's not your fault they tried the code while you exercise your right to remain silent.

[–] eldavi@lemmy.ml 3 points 4 weeks ago

i tried to share an article from a decade ago of a man who used a defense like this and the judge held him jail in contempt for several years; but both the internet or i have have a short memory and my only point was to be prepared to spend a couple of years behind bars if you do this and have a shitty judge (like most are).

[–] NotMyOldRedditName@lemmy.world 2 points 4 weeks ago* (last edited 4 weeks ago)

The way around this could be a duress profile where it deletes everything on the phone except a premade profile with a few apps installed and a picture or two.

[–] lambalicious@lemmy.sdf.org 1 points 3 weeks ago (1 children)

If they have physical access to the device, this won't help.

They can simply produce a binary copy of the (still encrypted) information inside, via specialized hardware or backdoors via the CIA / Israel, then if you given them a duress code all they lose is either the original or the copy.

[–] synapse1278@lemmy.world 2 points 3 weeks ago (1 children)

It depends what the law is in your country, but wouldn't it be illegal for police to take away your phone without a warrant? Also, I find it not so probable that any cop has access to the top-secret-deep-state-backdoor.

[–] lambalicious@lemmy.sdf.org 1 points 3 weeks ago

For something to be illegal, the victim has to be able to press charges. And that doesn't change the fact that once they got their hands on the device they've got the info, a mandate of law doesn't make them "magically" forget the info.

[–] kautau@lemmy.world 3 points 4 weeks ago* (last edited 4 weeks ago)

That’s been around for awhile on the PC encryption side under https://veracrypt.eu/en/Hidden%20Volume.html

[–] bamfic@lemmy.world 5 points 4 weeks ago

Police can suck my dick

[–] hellfire103@lemmy.ca 3 points 4 weeks ago