Do you have any opinions or thoughts on Drive Savers?
They claim to be able to recover data and unlock ANY smartphone, regardless of manufacturer or operating system with a 100% success rate.
Full claims here: drivesaversdatarecovery.com/data-recovery-
Conversation
Replying to
That's not what they claim. Read what is written there more carefully. There's no claim that they can break encryption using a strong passphrase without a million years of time. They don't even claim they can do that for a PIN by bypassing secure element mitigations on ANY phone.
1
1
1
I'd certainly believe they have Android and iOS exploits allowing them to brute force PIN codes and passphrases at the rate supported by the hardware. Firmware-based throttling by the iPhone SEP could be bypassed by another exploit. Is there really any surprising about that?
1
1
1
Most Android phones have no throttling beyond the cost of on-device key derivation once an attacker controls the OS. Many Android including the Nexus 5X and 6P didn't implement true hardware-bound encryption and can even have the on-device aspect bypassed via a TEE exploit.
1
2
2
Pixel 2 and 3 have a dedicated security chip with low attack surface, particularly on the Pixel 3, which implements throttling like the iPhone SEP. I doubt they have an exploit for it but they don't need one to make those claims and it's certainly possible that one could be made.
1
2
2
If you use a 6 digit PIN or weak passphrase, the reality is that you're relying entirely on the hardware-based security which can be inherently bypassed given enough resources. Hardware acceleration for key derivation does make all passphrases inherently more secure though.
2
2
1
So that's why security chips came to scene though, now I know how many authorities were able to unlock Android and IPhone four digits pin, login throttling can be by-passed, wow!
2
Of course, it relies on a secure element enforcing an exponentially growing delay and/or a limit on the number of attempts. That can inherently be bypassed given enough resources. It doesn't mean it isn't an incredibly important security feature since few use a strong passphrase.