MIME-Version: 1.0 Received: by 2002:a9d:322a:0:0:0:0:0 with HTTP; Mon, 4 Jun 2018 05:01:21 -0700 (PDT) In-Reply-To: <07ba36a95bdb8dc943a887fa0cc1351b@cerb.eff.org> References: <07ba36a95bdb8dc943a887fa0cc1351b@cerb.eff.org> Date: Mon, 4 Jun 2018 05:01:21 -0700 Delivered-To: ryacko@gmail.com Message-ID: Subject: Re: [#SK-D7171] It isn't that hard to figure out how Cellebrite's hardware works From: Ryan Carboni To: Amul Kalia Content-Type: multipart/alternative; boundary="0000000000002e5366056dcfb1ee" --0000000000002e5366056dcfb1ee Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable ACTUALLY I THINK ANY KEYBOARD CAN HACK AN IPAD. A problem caused by a lack of rate limiting. On Mon, May 7, 2018 at 2:16 PM, Amul Kalia wrote: > Thanks for your thoughts, Ryan! > > Best, > > Amul Kalia > Electronic Frontier Foundation > (415) 436-9333 > info@eff.org > Become a Member! https://www.eff.org/support > > On Fri, 04 May 2018, ryacko@gmail.com wrote: > > https://www.eff.org/deeplinks/2018/05/bring-nerds-eff- > introduces-actual-en > > cryption-experts-us-senate-staff "And that=E2=80=99s what companies lik= e > > Cellebrite and Grayshift do. They sell devices that break device > > security=E2=80=94not by breaking the encryption on the device=E2=80=94b= ut by finding > flaws > > in implementation." > > > > Somehow Cellebrite's tools work around rate limits. This implies either > > the rate limit is on the secure enclave, which can be overwritten, or t= he > > rate limit is not enforced by the secure enclave. So obviously there mu= st > > be some mechanism that forces the creation of a rate limit. > > > > Obviously the whole issue is a matter of more research and > > experimentation.... > > > > Although this whole argument seems to be against certificate authoritie= s > > really... > > > --0000000000002e5366056dcfb1ee Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

ACTUALLY I THINK ANY KEYBOARD CAN HACK AN IPAD.

A prob= lem caused by a lack of rate limiting.

On Mon, May 7, 2018 at 2:16 PM, Amul Kalia= <in= fo@eff.org> wrote:

Thanks f= or your thoughts, Ryan!

Best,

Amul Kalia
Electronic Frontier Foundation
(415) 436-9333
info@eff.org
Become a Member! https://www.eff.org/support

On Fri, 04 May 2018, ryacko@gmail.com wrote:
> https://www.eff.org/d= eeplinks/2018/05/bring-nerds-eff-introduces-actual-en
> cryption-experts-us-senate-staff "And that=E2=80=99s what co= mpanies like

> Cellebrite and Grayshift do. T= hey sell devices that break device
> security=E2=80=94not by breaking the encryption on the device=E2=80=94= but by finding flaws
> in implementation."
>
> Somehow Cellebrite's tools work around rate limits. This implies e= ither
> the rate limit is on the secure enclave, which can be overwritten, or = the
> rate limit is not enforced by the secure enclave. So obviously there m= ust
> be some mechanism that forces the creation of a rate limit.
>
> Obviously the whole issue is a matter of more research and
> experimentation....
>
> Although this whole argument seems to be against certificate authoriti= es
> really...

--0000000000002e5366056dcfb1ee--