The issue with this, Is that it is now fully leaked and out there. Sadly i need to unroot my phone for it to be secure again. On Sat, Dec 24, 2016 at 12:30 AM, Michael Butash wrote: > https://motherboard.vice.com/read/us-state-police-have- > spent-millions-on-israeli-phone-cracking-tech-cellebrite > > I've known about cellbrite for a bit, seems they've only gotten better (or > worse, relative) as a shill for your secrets to the highest bidder slurping > any/all mobile data for forensic capabilities. Government, military, > police, or criminal, whoever can afford them. You or I with enough enough > cash too. > > So what does one do these days aside from accept that their phone can and > will be compromised with enough direct intent to do so? This can/does > happen at some international waypoints I've read agents will "insist" they > take your phone somewhere (with a cellbrite I presume). It seems rather > impossible to bother attempting to secure your data on any phone, > encryption or none. > > Google doesn't seem to comment on what cellbrites markets as attacking > "any" android, and sadly better Apples where it's more cat and mouse, but > at least some attempt at denying it exists. Blackberries seem to pride > themselves on secure android, but I wonder if it'd hold up to a cellbrite > ufed. > > Is there really a *good* option out there that prevent this? Why is that? > > I'd just like to for once be confident in a product that it's not built > inherently with a conveniently exploitable backdoor for .gov where ever you > are, or all of them as probably more likely. The fact cellbrite can simply > leech *any* android, and various apples as a cat and mouse effort is quite > disgusting. > > Also, cellbrite's ufed tool seem capable of cloning sims, which means the > protocols in use for now gsm + probably lte are again flawed as allowing > the sim ki (private key of sorts) to be extracted from weaknesses in the > cryptographic storage internal to them (shh). Until around 2003, one could > clone gsm sims pretty trivially, only stronger crypto standards evolved to > protect it further, which I now suspect is broken too given this "tool" > existing at all. > > We should crowdfund buying one to play with at an installfest, I see some > on ebay (search "cellbrite ufed"). Ebay also turns up searching it some > interesting sales of documents for test study results too. > > -mb > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen