Do you have any opinions or thoughts on Drive Savers?
They claim to be able to recover data and unlock ANY smartphone, regardless of manufacturer or operating system with a 100% success rate.
Full claims here: drivesaversdatarecovery.com/data-recovery-
Conversation
Replying to
That's not what they claim. Read what is written there more carefully. There's no claim that they can break encryption using a strong passphrase without a million years of time. They don't even claim they can do that for a PIN by bypassing secure element mitigations on ANY phone.
1
1
1
I'd certainly believe they have Android and iOS exploits allowing them to brute force PIN codes and passphrases at the rate supported by the hardware. Firmware-based throttling by the iPhone SEP could be bypassed by another exploit. Is there really any surprising about that?
1
1
1
Most Android phones have no throttling beyond the cost of on-device key derivation once an attacker controls the OS. Many Android including the Nexus 5X and 6P didn't implement true hardware-bound encryption and can even have the on-device aspect bypassed via a TEE exploit.
1
2
2
Pixel 2 and 3 have a dedicated security chip with low attack surface, particularly on the Pixel 3, which implements throttling like the iPhone SEP. I doubt they have an exploit for it but they don't need one to make those claims and it's certainly possible that one could be made.
1
2
2
If you use a 6 digit PIN or weak passphrase, the reality is that you're relying entirely on the hardware-based security which can be inherently bypassed given enough resources. Hardware acceleration for key derivation does make all passphrases inherently more secure though.
2
2
1
So that's why security chips came to scene though, now I know how many authorities were able to unlock Android and IPhone four digits pin, login throttling can be by-passed, wow!
2
do PC's share same story, what does new macbook sec chip tell?
1
They generally don't offer security features like hardware-bound encryption key derivation or a secure enclave providing exponentially growing delays for key derivation attempts. What do you expect to be different if they did commonly provide these features though?
As I said, these features can inherently be bypassed with enough resources even when implemented very well. They're important in spite of that, because they're the only thing making encryption worth anything for the vast majority of people without a strong passphrase.
1
Given enough resources, a hardware-bound key can be extracted from the hardware to perform offline brute force attacks instead of on the device. Similarly, even if a secure element was perfectly implemented with no firmware vulnerabilities, the same thing applies to it.
1