Police Fail to Break Encryption of Government Opponent's Galaxy A30

[Forsyth Jones]

The federal police (similar to the EUA FBI) were unable to break the encryption of a protester against the current left-wing government. According to the news, an unsuccessful brute-force attempt using 10 million passwords was made. Without accessing the encrypted device, the PF (federal police) failed to investigate the information requested by the minister of the "supreme" federal court (STF).

Reason for the warrant? A ready-made joke: besides trying to prove that the already imprisoned man was involved in the invasion of Brasília (January 8, 2023 act), the goal was to search for opposition terms against the STF and the current left-wing government such as "protest, military intervention", "SOS armed forces", etc. Terms commonly used in right-wing protests in brazil.

If you want to read the rest of the news, here's the link > https://www.metropoles.com/colunas/paulo-cappelli/pf-tenta-10-milhoes-de-senhas-e-nao-desbloqueia-celular-de-patriota#google_vignette

The focus here is on the use of encryption... I'm not sure if the Galaxy A30 still receives updates from Samsung, since Androids that aren't top-of-the-line only get a few years of Android updates and then security patches for a while...

Is this enough to show that Android encryption is military-grade resistant or that the govs like brazil is quite outdated in forensic technologies?

[Forsyth Jones]

Is Android/iOS system encryption really enough to protect our data?

Seeing this news makes me wonder, even with a basic, old and cheap smartphone,just how robust mobile encryption really is on Android devices. But we also have to consider the forensic technologies and techniques that governments possess to try breaking these devices' encryption.

Of course, everything ultimately depends on the strength of the user's passphrase.

[joniboini]

I'm a bit confused about the article (I rely on a translator to read it). So I assume they have the device and tried to crack the PIN code? Or are they referring to something else? I'm not up to date with government capabilities to recover data from a personal device, but I'd assume brute-forcing a PIN code isn't the most efficient method known to them. I don't think this can be proof that Android or any device in general is good to secure sensitive data, though, since they can be jailbroken in different ways if people have access to them. Not to mention the government may ask the company to provide a backdoor for them without telling the public at all. Plus, there are tons of malware/phishing apps out there.

[Forsyth Jones]

I'm a bit confused about the article (I rely on a translator to read it). So I assume they have the device and tried to crack the PIN code? Or are they referring to something else? I'm not up to date with government capabilities to recover data from a personal device, but I'd assume brute-forcing a PIN code isn't the most efficient method known to them. I don't think this can be proof that Android or any device in general is good to secure sensitive data, though, since they can be jailbroken in different ways if people have access to them. Not to mention the government may ask the company to provide a backdoor for them without telling the public at all. Plus, there are tons of malware/phishing apps out there.

Reading the news again, you are right, it doesn't mention whether the password cracking method was applied to the cell phone with robust encryption: password or a simple PIN. It does mention that a software called Cellebrite premium was used, which is used to access blocking patterns.

Apple once denied to the American government (I am not sure) that it would try to decrypt the device of someone wanted by the government, this is old news, but it had a lot of repercussions.

Regarding the possibility of implanting a backdoor with the collaboration of the manufacturer, as soon as this was exposed to the public, the brand's credit and its OS would be ruined. So it doesn't seem to be a relevant alternative for manufacturers or OS.

[bitmover]

The federal police (similar to the EUA FBI) were unable to break the encryption of a protester against the current left-wing government. According to the news, an unsuccessful brute-force attempt using 10 million passwords was made. Without accessing the encrypted device, the PF (federal police) failed to investigate the information requested by the minister of the "supreme" federal court (STF).

This is very interesting.

I am afraid that such situations may lead to regulations over cryptography, which are very bad for privacy and the security of everyone.

If you read the cypherpunk manifesto , Eric Hughes deplore those regulations.

Take a look:

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
https://nakamotoinstitute.org/library/cypherpunk-manifesto/

[Forsyth Jones]

This is very interesting.

I am afraid that such situations may lead to regulations over cryptography, which are very bad for privacy and the security of everyone.

If you read the cypherpunk manifesto , Eric Hughes deplore those regulations.

Take a look:

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
https://nakamotoinstitute.org/library/cypherpunk-manifesto/

It would be great if the average user learned about medium-advanced cryptography techniques. You don't need to be an IT technician to understand cryptography, which is one of the foundations of bitcoin and the privacy of our data.

pgp would be a great way to start, then move on to keepass, veracrypt...

Never rely solely on OS encryption.

Thanks for that cypherpunks quote, I'll check it out as soon as I can.