Final's avatar
Final final@stacker.news 11 months ago
Yes. If the device is unlocked successfully via brute force then it's considered an unlocked device extraction. Cellebrite call hot phones that are locked 'AFU' and hot phones that are unlocked / brute forced successfully as 'Unlocked'. Older Cellebrite docs we published used to call their AFU iOS capabilities Instant Password Retrieval (IPR) but they stopped doing that for some reason. AFU exploits are to access and extract data without unlocking the device or to bypass the unlock mechanism entirely. Since data isnt encrypted/at rest when AFU they can obtain almost all of the data (except conditional circumstances like data of other Android user profiles or the Mail inbox on iOS) if an exploit is available. "BFU Yes" in their docs means accessing data encrypted by the device rather than user credentials in a BFU state. For Android it's some OS configuration and APKs of installed apps. iOS provides far more information.
↑ Parent

Replies (5)

Default avatar
npub1x48p...za4r 11 months ago
Scheduling the phone to automatically switch off at certain times (for example, every three hours) can be helpful if a Cellebrite or Greykey machine isn't available right after the smartphone is seized.
1 replies ↓
Default avatar
npub1x48p...za4r 11 months ago
I was informed that there are manufacturers whose smartphones can be unlocked even in BFU mode, possibly because they provide some sort of master key, with Samsung being one of them. Is this information accurate? Excluding Apple and Google, which manufacturers would offer better security against forensic devices?
1 replies ↓
Final's avatar
Final final@stacker.news 11 months ago
This is a GrapheneOS feature by default, 18 hours but configurable to 30 minutes of inactivity. iOS implemented it too but it's done in 3 days of no unlock. The Shortcuts app could be useful for this as you can assign device restarts to a trigger. A more primitive shortcut could be to assign a reboot when the clock hits a certain hour such as when you're asleep. Stronger USB port security features would help, I don't see why Apple couldn't copy what GrapheneOS does with disabling Pixels' USB-C port at a hardware level when they create both the phone and OS.
1 replies ↓
Final's avatar
Final final@stacker.news 11 months ago
There are some companies who claim BFU Physical extractions, mostly on very insecure MediaTek devices and some Samsung Exynos devices. This extracts everything but the data extracted is still encrypted... so it needs a brute force anyways. There isn't a "master key" because that key is created and derived from the user credential which you need to know. It's advertiser speak. Take a look at this video MSAB made: Notice it says "XRY Pro has allowed me to *BRUTE FORCE* that device" at around 1:20 despite the narrative in the title and the video? Shameless... A good amount of Samsung devices do have brute force support though as documented in our last doc publications and in this video. More reasons why a dedicated secure element like the Titan M2 is very valuable.
1 replies ↓