• Todd Bonzalez@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    If encryption doesn’t matter to them, then at least one of these statements must be true of every phone they unlock:

    1. The device wasn’t actually encrypted.
    2. The device was already in a decrypted state and we bypassed the screen lock and not drive encryption.
    3. We acquired the decryption keys somehow.
    4. We have technology that can break modern encryption without learning keys from another source or brute forcing.
    5. We have enough processing power to brute force a modern encryption algorithm.

    #1 and #2 are possible because government contractors lie all the time about what they actually do. Pretending to decrypt stuff isn’t outside the realm of possibility.

    #3 is the biggest concern, especially if they are able to infer what the key is by uncapping silicon or something, because that would mean that any phone that could be unlocked by this company is as good as unencrypted since the device contains the keys in a retrievable format for some reason.

    #5 and #6 are pretty much impossible, and such abilities would be far more profitable if used for just about anything but unlocking phones.