• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    edit-2
    4 months ago

    They imply they have active cracking abilities for all modern phones, that would be neat to see demonstrated.

    It wouldn’t even be hard, just invite third party reporter to bring in a bunch of phones with a capture the flag text file on them. Take each phone one by one behind a screen, break it, bam you don’t have to give away any secrets but you prove that you can break the phone

      • ShortN0te
        link
        fedilink
        arrow-up
        6
        ·
        4 months ago

        That is mostly good enough, a password that does not get cracked if it is generated randomly.

        • umami_wasabi
          link
          fedilink
          arrow-up
          6
          ·
          4 months ago

          But how are you going to remember a 16 chars mix alpha num symbol password that’s randomly generated?

          Yeah the key space is vast but it’s hard for most brains to handle it.

    • fmstrat@lemmy.nowsci.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 months ago

      Why would they do this when they already make millions? The general public isn’t buying their product. They’ll only do private demos.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        There is competition amongst the phone cracking companies. And there’s a limited amount of municipal money available. So they need to differentiate themselves from each other somehow.

        There is good data that celibrite can break every phone out there right now, except for grapheneos… But I’ve heard no such data about this company. This means we can only speculate.

        So if I was a municipality, and I wanted to decide who got my limited budget, I’d want to compare who’s giving me the best value for money. So I would need some metric, some data point, some way to differentiate them. That’s where reporting, would come in. The websites are public for a reason…

        • fmstrat@lemmy.nowsci.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          The websites are there to get a phone call. No municipality is spending this kind of money without a 3-quote requirement and demos. (Unless there is a preexisting relationship/renewal)

    • Todd Bonzalez@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      4 months ago

      Okay so a company whose entire business model relys on their ability to bypass smartphone security is going to start an arms race with the security community that will lead to their own product losing viability?

      There’s absolutely no incentive to do this. They have absolutely no reason to want smartphone security to improve, or to show off how they do what they do.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        I agree they don’t want smartphone security to improve. But they also have to let their customers know which phones they can break.