Police Fail to Break Encryption of Government Opponent's Galaxy A30

[Stompix]

This reminds me of the case of the government trying to intimidate Apple into providing (or collaborating with) tools to access the encrypted device of one of the suspects of the San Bernardino shooting in 2016, but this would go against its own philosophy and undermine its trust as a secure device in the market.

In this case, what would Apple have to do? Develop a backdoor to decrypt its own system? What guarantee would the government have (if Apple provided a backdoor in a modified iOS) that it wouldn't use it at its leisure and whenever it wanted? This opens up unprecedented dangers.

The thing is that they cracked it even without Apple's assistance, it was an exploit that they patched only 2 years after and nobody knew that till like 2020 or 2021. Normally, the phone would be uncrackable, but it was an amalgam of coincidence that led to that exploit, basically a bug in Mozilla, an expectation in Apple security, the lack of a failsafe against brute forcing it and that's it.



 

[Forsyth Jones]

At least on UK, it doesn't happen. Looking at UK's case, they would rather drop encryption feature and let their user know that it's caused by UK's government [1] while fighting for such backdoor order[2].

[1] https://apnews.com/article/apple-iphone-encryption-britain-cybersecurity-c5c37e99b3b9161dbed24231fbd94746
[2] https://www.theregister.com/2025/03/05/apple_reportedly_ipt_complaint/

Man, this is absurd, I have nothing to say about it. Just reinforce the importance of using external cryptographs (Veracrypt and etc) to protect our data.

The thing is that they cracked it even without Apple's assistance, it was an exploit that they patched only 2 years after and nobody knew that till like 2020 or 2021. Normally, the phone would be uncrackable, but it was an amalgam of coincidence that led to that exploit, basically a bug in Mozilla, an expectation in Apple security, the lack of a failsafe against brute forcing it and that's it.

This just reinforces the point that nothing is 100% secure. That's why it's always recommended to keep your software and iOS updated. Thanks for sharing this info.

[NotATether]

The key word here is "password". Android is only secure if you secure it with a strong password. Fingerprints, passcodes, etc, these are not secure. If you do that, then it is not going to fall to some 10 million password bruteforce attack.

Sadly, this kind of pressure may lead to the development of backdoors in their systems.

Their customers doesn't care about such things, they are more interesting the brand, colors of the device, size, camera, etc. More secure phones will always exist.

Again, almost all backdoors can be mitigated by encrypting everything with strong passwords. Disk encryption also helps. You'd have to put a rootkit that sends all filesystem activity to the government's server if you want to gleam all sorts of data, but that will be too egregious to insert, causing public uproar and a collapse in the manufacturer's market share.

[Stompix]

This just reinforces the point that nothing is 100% secure. That's why it's always recommended to keep your software and iOS updated. Thanks for sharing this info.

Problem is that you also need to be sure your system is reliable, ok with iOS we know that, with Android, you need to keep buying a new phone, but from what manufacturer? With Samsung\Moto you get a few things modified, with Xiaomi you get a shitlaod of bloatware that might be vulnerable, with Huawei, you get a completely different Android that probably already has 100 backdoors from the manufacturer itself.

Better just use a different phone or a burner phone for that!

The key word here is "password". Android is only secure if you secure it with a strong password. Fingerprints, passcodes, etc, these are not secure. If you do that, then it is not going to fall to some 10 million password bruteforce attack. Again, almost all backdoors can be mitigated by encrypting everything with strong passwords. Disk encryption also helps.

There is $5 tool that applied 100 times over your fingers is going to unblock everything 

[bitmover]

Again, almost all backdoors can be mitigated by encrypting everything with strong passwords. Disk encryption also helps. You'd have to put a rootkit that sends all filesystem activity to the government's server if you want to gleam all sorts of data, but that will be too egregious to insert, causing public uproar and a collapse in the manufacturer's market share.

Isn't backdoor the idea to create an alternative route to just bypass the system security?

You just enter some kind of Master password or some other stuff and you just access all data that was protected bt the password. Maybe they could use a less secure encryption to do so. Isn't this doable?