[cryptography] Fwd: Re: Commercialized Attack Hardware on SmartPhones

shawn wilson ag4ve.us at gmail.com
Sun Mar 2 11:37:51 EST 2014

On list
---------- Forwarded message ----------
From: "shawn wilson" <ag4ve.us at gmail.com>
Date: Mar 2, 2014 11:37 AM
Subject: Re: [cryptography] Commercialized Attack Hardware on SmartPhones
To: "Tom Ritter" <tom at ritter.vg>

How about a dictionary and rules. Even if you choose an alphanumeric
"strong" pass, you're kinda limited to the phone's keyboard - you're not
going to want to switch case or between letters and special too often.
Also, IIRC Android limits length to 15 chars. I also don't think the screen
lock can be different than the boot pass (so everything I said above should
hold true).

Basically what I'm saying is use hashcat.
On Mar 2, 2014 10:34 AM, "Tom Ritter" <tom at ritter.vg> wrote:

> Hey all, wondering if anyone knows of any commercialized hardware
> (e.g. developed into a product, not just a research paper) that
> conducts attacks on powered-on, Full Disk Encrypted Android/iPhone
> phones that _isn't_ PIN guessing?
> So a powered-off FDE-ed iPhone or Android can be attacked by brute
> force with no limiting factor.  A good example of this type of
> software is Elcomsoft [0] - they brute force the passphrase.
> A powered-on FDE-ed iPhone or Android can also be attacked by manual
> or automated PIN entry - on the iPhone this can introduce a lockout,
> but not on Android.  Assuming they can't see your smudges and guess
> the PIN/Swipe/password of course.  I'm not sure if I know of a
> commercialized solution to this that does it electronically, but a
> friend of mine built a robot. [1]
> But if you have a strong passphrase, things are looking good.  But
> what about Cold Boot or DMA?
> I don't believe you can do a DMA attack against most Android phones -
> it's just a USB port.  But what about the HDMI-mini port?  And is the
> iPhone Thunderbolt/Lightning connector hooked up to DMA?
> As far as cold boot, I'm aware of the FROST paper[2], but that isn't a
> commercialized offering, nor does it seem reliable or robust enough
> for law enforcement needs.  Chip-off attacks are very unlikely.  AFAIK
> iPhone jailbreaks require you to unlock your phone for technical
> reasons, so those aren't possible without an unlocked phone (although
> I'm not positive about that.)
> Does anyone know about anything in this space? Where an 'ordinary' law
> enforcement agency (e.g. the NYPD, not the NSA) could shortcut a
> strong passphrase on a phone technically? (e.g. not beating it out of
> someone?)
> -tom
> [0] http://www.elcomsoft.com/eift.html#passcode
> [1] http://boingboing.net/2013/07/26/pin-punching-200-robot-can-br.html
> [2] https://www1.informatik.uni-erlangen.de/frost
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140302/7c7deda7/attachment.html>

More information about the cryptography mailing list