5 May
2018
5 May
'18
12:20 a.m.
https://www.eff.org/deeplinks/2018/05/bring-nerds-eff-introduces-actual-encr... "And that’s what companies like Cellebrite and Grayshift do. They sell devices that break device security—not by breaking the encryption on the device—but by finding flaws in implementation." Somehow Cellebrite's tools work around rate limits. This implies either the rate limit is on the secure enclave, which can be overwritten, or the rate limit is not enforced by the secure enclave. So obviously there must be some mechanism that forces the creation of a rate limit. Obviously the whole issue is a matter of more research and experimentation.... Although this whole argument seems to be against certificate authorities really...