• umbrella@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    stingrays, people.

    they sell the exploits and are all hush hush about it.

    • GamingChairModel@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      Stingrays don’t do shit for this. That’s mostly real time location data focused in by tricking your phone into reporting its location to a fake cell tower controlled by an adversary. That doesn’t get into the data in your phone, and even if someone used the fake tower to man in the middle, by default pretty much all of a phone’s Internet traffic is encrypted from the ISP.

      The world of breaking disk encryption on devices is a completely different line of technology, tools, and techniques.

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        stingrays can compromise a phone through modem exploits, and pull data from there.

        though not all of them are made equal, they are an entire category of devices.

    • Uriel238 [all pronouns]@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      IMSI catching is a different thing.

      But yes, exploits are sold by gray hats rather than by white hats and closed. The NSA is supposed to be on top of this, but instead of closing exploits, they keep them to enhance their anti-terror spying, which they then trickle out to US Law Enforcement, especially if there’s loot (liquid assets) that are easy to seize.

      Law enforcement in the US is mostly a highway robbery racket.

  • TheReturnOfPEB@reddthat.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    A 2020 investigation by the Washington, DC-based nonprofit organization Upturn found that more than 2,000 law enforcement agencies in all 50 states and the District of Columbia had access to mobile device forensic tools (MDTFs).

    • Uriel238 [all pronouns]@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      Good luck with that. The CFAA was written when Reagan was spooked by Wargames in 1982. If you violate any TOS of websites you use (very easy to do) it can be prosecuted as a federal felony with a maximum sentence of 25 years imprisonment.

      If the police really want you to disappear into the penal system, they’ll make it happen. And they do, routinely.

  • communism@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    For GrapheneOS full disk encryption, am I correct in understanding that the disk is encrypted when my phone is locked and decrypted when I unlock it? So I don’t need to turn it off for it to be encrypted, as long as it’s locked it’s encrypted?

  • Uriel238 [all pronouns]@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    It’s always a contest between security tools and penetration tools. The problem comes when law enforcement can do this without fair protections of privacy, say if they can easily establish probable cause ( My detection dog is signalling you have illegal data on your phone ) or they are allowed to get a warrant post-hoc for an otherwise illegal search.

    …Or they do the illegal search and then engage in parallel reconstruction e.g. make a fake story about following up on an informant.

    Once the police just seize and crack your phone on a whim, then the state no longer respects your privacy and autonomy, which means you can no longer consent to be governed, rather are controlled by gunpoint (surveillance and use of force). This is one of the critical ingredients to autocratic rule, since it does a lot to neuter the capacity of discontent turning into revolt.

  • TheReturnOfPEB@reddthat.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    5 months ago

    Our local sheriff is using some spy level shit in our county that he refuses to explain.

    He keeps “happening” upon crimes just “on accident.” yesterday it was “stopped to take a pee in public park and caught a baddie” and two days before that it was “just happen to follow and pull over a guy with lots of pounds of pot hidden in the car.”

    The US police are spying on Americans phones, internet, GPS, and everything with no judicial recourse because it is corporations spying and then “giving the info” to the police for money.

    The US law enforcement has gone full STAZI but using capitalism as additional cover.

    The US is dead.

      • corsicanguppy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        Let’s all apologize to Stallman.

        For the twice a day that broken toe-jam-eating watch is right?

          • absGeekNZ@lemmy.nz
            link
            fedilink
            English
            arrow-up
            0
            ·
            5 months ago

            This made me think of Jordan Peterson…some of his early stuff on actual psychology was interesting and informative…then there is all the other stuff, you had a lane stay in it.

            But I guess very minor celebrity can go to someones head and make them do crazy things. /s (damn you Poe’s law)

            • humorlessrepost@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              5 months ago

              He should’ve cleaned his own fucking room.

              I will say his recent interview of (by?) Alex O’Connor was spectacular, though.

    • 🖖USS-Ethernet@startrek.website
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      They’re probably just capturing SMS messages or regular calls. Which is still illegal without a warrant, but who watches the watchers? Use encrypted chats and encrypted calls if you’re worried.

      • bdonvr@thelemmy.club
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        Unless disabled by timeout, restart, or otherwise manually I’m curious to know why that would be?

        • kingthrillgore@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          Wiping isn’t a 100% thing with either Hard disks or Flash. He should have thrown everything into a wood chipper. And yes, this absolutely has to be a one way trip. Either they get you, or you turn the gun on yourself. Nothing good will come of you surviving.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    This is the best summary I could come up with:


    Just two days after the attempted assassination at former President Donald Trump’s rally in Butler, Pennsylvania, the FBI announced it “gained access” to the shooter’s phone.

    Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, said that law enforcement agencies have several tools at their disposal to extract data from phones.

    The bureau famously butted heads with Apple in late 2015 after the company refused to help law enforcement get around the encryption on the San Bernardino, California shooter’s iPhone.

    Early in the following year, Apple refused a federal court order to help the FBI access the shooter’s phone, which the company said would effectively require it to build a backdoor for the iPhone’s encryption software.

    “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Cook wrote.

    Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, said the Pensacola shooting was one of the last times federal law enforcement agencies loudly denounced encryption.


    The original article contains 1,208 words, the summary contains 180 words. Saved 85%. I’m a bot and I’m open source!

  • Chozo@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    Without knowing how they got into his phone, this is a non-story that is just a retelling of older stories. For all we know they just took his dead finger and put it on the reader. Or maybe he used the same 4-digit PIN for his debit card or lock box or something else that they were able to recover. Maybe some detective just just randomly entered the shooter’s birthday, only to say “Hey sarge, you’re never gonna believe this… first try!”

    There’s nothing useful that can be taken away from this story yet, until more details come out.

      • SineNomineAnonymous@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        “We tried 0000. Tony, write up a press release about how incredible we are at our job and how we spent 400% of our usual overtime on it and send it to the tech press. Make sure they mention we need to triple next year’s budget for security and shit.”

    • SineNomineAnonymous@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      Exactly. The article doesn’t shy away from a bit of free publicity for Cellerite. Which is nowhere near as much of a magic bullet as the “tech media” makes it out to be.

      How do I know it? By doing the most basic of research by heading to their website and looking at their manuals and documentation.

      And Cellerite won’t tell you this publicly because their bottom line depends on their ability to massively overprice their services which they sell to technically illiterate people.

      Any article that mentions Cellerite without a caveat about the dubiousness of their publicity can be disregarded and shouldn’t be taken seriously.

  • anlumo@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    I’m pretty sure it used to be easier with phones that didn’t have full disk encryption.