Communications to EFF is not necessarily confidential

Ryan Carboni ryacko at gmail.com
Sat Jun 23 15:27:25 PDT 2018 

I suspect so.

https://finance.yahoo.com/news/security-researcher-bypasses-iphone-apos-184800856.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 252 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20180623/bac43587/attachment.txt>
-------------- next part --------------
MIME-Version: 1.0
Received: by 2002:a9d:322a:0:0:0:0:0 with HTTP; Mon, 4 Jun 2018 05:01:21 -0700 (PDT)
In-Reply-To: <07ba36a95bdb8dc943a887fa0cc1351b at cerb.eff.org>
References: <CAO7N=i1sEQf5b1je_6M3vhFKfNo4w_3xN1AODkEOtY5+tmkCeA at mail.gmail.com>
	<07ba36a95bdb8dc943a887fa0cc1351b at cerb.eff.org>
Date: Mon, 4 Jun 2018 05:01:21 -0700
Delivered-To: ryacko at gmail.com
Message-ID: <CAO7N=i0H2q8oHEr_ioeNAAyiKETXQQkwwrDQ5JEw=4Hjn2Jw_Q at mail.gmail.com>
Subject: Re: [#SK-D7171] It isn't that hard to figure out how Cellebrite's
 hardware works
From: Ryan Carboni <ryacko at gmail.com>
To: Amul Kalia <info at eff.org>
Content-Type: multipart/alternative; boundary="0000000000002e5366056dcfb1ee"

--0000000000002e5366056dcfb1ee
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

ACTUALLY I THINK ANY KEYBOARD CAN HACK AN IPAD.
A problem caused by a lack of rate limiting.

On Mon, May 7, 2018 at 2:16 PM, Amul Kalia <info at eff.org> wrote:

> Thanks for your thoughts, Ryan!
>
> Best,
>
> Amul Kalia
> Electronic Frontier Foundation
> (415) 436-9333
> info at eff.org
> Become a Member! https://www.eff.org/support
>
> On Fri, 04 May 2018, ryacko at gmail.com wrote:
> > https://www.eff.org/deeplinks/2018/05/bring-nerds-eff-
> introduces-actual-en
> > cryption-experts-us-senate-staff "And that=E2=80=99s what companies lik=
e
> > Cellebrite and Grayshift do. They sell devices that break device
> > security=E2=80=94not by breaking the encryption on the device=E2=80=94b=
ut by finding
> flaws
> > in implementation."
> >
> > Somehow Cellebrite's tools work around rate limits. This implies either
> > the rate limit is on the secure enclave, which can be overwritten, or t=
he
> > rate limit is not enforced by the secure enclave. So obviously there mu=
st
> > be some mechanism that forces the creation of a rate limit.
> >
> > Obviously the whole issue is a matter of more research and
> > experimentation....
> >
> > Although this whole argument seems to be against certificate authoritie=
s
> > really...
>
>
>

--0000000000002e5366056dcfb1ee
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">ACTUALLY I THINK ANY KEYBOARD CAN HACK AN IPAD.<div>A prob=
lem caused by a lack of rate limiting.</div></div><div class=3D"gmail_extra=
"><br><div class=3D"gmail_quote">On Mon, May 7, 2018 at 2:16 PM, Amul Kalia=
 <span dir=3D"ltr"><<a href=3D"mailto:info at eff.org" target=3D"_blank">in=
fo at eff.org</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks f=
or your thoughts, Ryan!<br>
<br>
Best,<br>
<br>
Amul Kalia<br>
Electronic Frontier Foundation<br>
(415) 436-9333<br>
<a href=3D"mailto:info at eff.org">info at eff.org</a><br>
Become a Member! <a href=3D"https://www.eff.org/support" rel=3D"noreferrer"=
 target=3D"_blank">https://www.eff.org/support</a><br>
<br>
On Fri, 04 May 2018, <a href=3D"mailto:ryacko at gmail.com">ryacko at gmail.com</=
a> wrote:<br>
> <a href=3D"https://www.eff.org/deeplinks/2018/05/bring-nerds-eff-intro=
duces-actual-en" rel=3D"noreferrer" target=3D"_blank">https://www.eff.org/d=
eeplinks/<wbr>2018/05/bring-nerds-eff-<wbr>introduces-actual-en</a><br>
> cryption-experts-us-senate-<wbr>staff "And that=E2=80=99s what co=
mpanies like<br>
<div class=3D"HOEnZb"><div class=3D"h5">> Cellebrite and Grayshift do. T=
hey sell devices that break device<br>
> security=E2=80=94not by breaking the encryption on the device=E2=80=94=
but by finding flaws<br>
> in implementation."<br>
><br>
> Somehow Cellebrite's tools work around rate limits. This implies e=
ither<br>
> the rate limit is on the secure enclave, which can be overwritten, or =
the<br>
> rate limit is not enforced by the secure enclave. So obviously there m=
ust<br>
> be some mechanism that forces the creation of a rate limit.<br>
><br>
> Obviously the whole issue is a matter of more research and<br>
> experimentation....<br>
><br>
> Although this whole argument seems to be against certificate authoriti=
es<br>
> really...<br>
<br>
<br>
</div></div></blockquote></div><br></div>

--0000000000002e5366056dcfb1ee--

More information about the cypherpunks mailing list