ShortN0te

Obviously the USB port will not be usable after you blow the fuses in the SoC.

Actually worse than I thought.

So basically the USB is the point of entry? When you could permanently fuse the data connection in the SoC it would be a huge improvement in security. OFC you could only use the port for charging anymore.

If you expect ongoing maintenance, are you saying you feel entitled to the devs’ continuing work in perpetuity, and at no cost? Because that’s called slavery and we have laws against it.

Stop putting words in my mouth.

They only need the biggest contributors. Small contributions like single line or even a few lines edits etc. are not eligible for copyright. Also minor contributions can be easily rewritten.

Most ppl you will get with a paycheck.

How do you think encryption works?

What do you think does a lockscreen?

As i guessed. You are evading the question by again babbling nonsense and questioning my knowledge instead of actually proving anything you are saying.

You have shown that you have a bad understanding of what you are actually talking about (see the ‘cracked’ TPM discussion) and constantly shifting the discussion away from what you are saying : “Basically every device can be accessed without major problems” and what i am trying to explain to you.

You are acting in bad faith.

Bye

While true it is not impossible to relicense a software project.

Yep and eventually there will be a paid proprietary version. That’s usually how it goes. I hope I am wrong.

If you think TPMs are always encrypted, a key can be encrypted “with itself” and still be any use to you and android system pin is secure you are right. Might also believe in santa

Not sure what you are rambling about the TPM.

Then prove that the Lockscreen is insecure.

The device needs to be physically accessed and modified and then unlocked in order to exploit it.

Yes it is a vulnerability but with those steps you could also just solder a keylogger to the keyboard.

Similar outcome.

Isn’t it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible

You stated in your original comment: “pretty much every system”. So no, any modern phone if android or iOS is by default encrypted.

If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)

TPMs are by design encrypted.

Keys are not stored unencrypted at least not when you encrypt your storage with modern solutions and set it up reasonably. You use either your TPM to store the key or store it on the drive and have it encrypted by itself or use a KDF.

Also also: encryption only helps if the device is off, which is seldom the case with phones.

No this assumption is wrong. You still would need to circumvent the Login into the device which is mostly secured by a pin or password or biometrics.