/* ---- Google Analytics Code Below */

Sunday, January 24, 2021

Getting Around Smartphone Encryption

Being discussed, security and how it is being circumvented.

How Law Enforcement Gets Around Your Smartphone's Encryption

in Wired, Lily Hay Newman,  January 15, 2021

Analysis by Johns Hopkins University (JHU) cryptographers revealed encryption-circumventing schemes that law enforcement agencies use to access information in Android and iOS smartphones. JHU's Maximilian Zinkus said iOS has infrastructure for hierarchical encryption, yet little is actually used. The researchers found vulnerabilities in the iPhone's After First Unlock security, triggered after users unlock their phone the first time after a reboot; encryption keys begin getting stored in quick access memory even as the phone is locked, at which point a hacker could find and exploit iOS bugs to grab keys that are accessible in memory, and decrypt big chunks of data from the device. Reports from Israeli law enforcement contractor Cellebrite and U.S. forensic access firm Grayshift indicated most smartphone access tools probably operate in this manner. Android phones lack a Complete Lock mechanism after first unlock, meaning forensic tools can steal even more decryption keys, and compromise more data.  ... ' 

No comments: