• corvi@lemm.ee
      link
      fedilink
      arrow-up
      21
      ·
      edit-2
      29 days ago

      PSA hitting your power button (5)? times in a row (however many it takes to bring up the SOS screen) on an iPhone will disable biometric login until you’ve entered your password again.

      You can also hold to power down but not actually go through with it, I believe.

      • ericjmorey@discuss.online
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        29 days ago

        That’s not how it works on Android phones. Different Android phones will work differently based on the manufacturer and customization of the installed OS.

      • asudox@programming.dev
        link
        fedilink
        arrow-up
        5
        arrow-down
        8
        ·
        29 days ago

        That does not encrypt your storage. It simply disables the biometric authentication methods. Which means they can see your stuff if they get into the phone via a exploit.

        • Lem Jukes@lemm.ee
          link
          fedilink
          English
          arrow-up
          17
          ·
          29 days ago

          I mean, they can do that if biometrics are disabled altogether too. Encryption isn’t really what’s at issue with biometrics vs. passcodes. In the US police can force you to put you to input a biometric but they can’t force you to enter a passcode.

          • asudox@programming.dev
            link
            fedilink
            arrow-up
            8
            ·
            edit-2
            29 days ago

            You didn’t read the article you linked to, did you?

            The encryption by default you speak of is before the first unlock, that is, locked with something like a password or PIN. After the first unlock, the decryption key is stored in memory and your filesystem is pretty much vulnerable to anyone that can get access to the memory. That is why you can even unlock your phone with your face or fingers, because all that is a simple boolean value that indicates whether you logged in or not. You can’t “generate” or get a key from your face nor fingers.

            • pivot_root@lemmy.world
              link
              fedilink
              arrow-up
              6
              ·
              edit-2
              29 days ago

              In a lot of modern phones, and particularly iPhones, the encryption key is stored in the TPM. The TPM itself handles the encryption and decryption of data. If someone manages to get read access to the system memory, the most they’re getting is whatever cleartext data is stored in memory for cache or process memory.

              Citing my Claims:

              I’m not going to bore myself or anyone else with whitepapers and PDFs, but Apple themselves summarize how T2 (TPM) works with disk encryption on Mac devices. The iPhone has the same chip and an even stricter threat model. In M-series Apple devices, they rolled its functionality into the SoC.

              • asudox@programming.dev
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                28 days ago

                Correct, though it still is saved somewhere. Just like how TPMs in Computers can be exploited as well, this also can be. What I meant in my original comment was that the emergency mode did not clear that hardware chip’s storage, which others said otherwise.

                edit: corrected mistake according to ethan

                • pivot_root@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  edit-2
                  29 days ago

                  Ah. Then yeah, emergency mode won’t suffice for protecting the full contents of the disk.

                  I can’t say Apple actually does this, but it is possible to protect important data by further encrypting user data with a separate encryption key derived from the passcode, and then clearing the key whenever the screen is locked.

                • Ethan@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  29 days ago

                  do a full encryption of the storage

                  That’s not how disk encryption works. Data in storage is always encrypted. That’s the whole point. When an app requests data, it is decrypted on the fly. Decrypted data is never stored outside of RAM.

        • OfCourseNot@fedia.io
          link
          fedilink
          arrow-up
          7
          ·
          29 days ago

          iOS encrypts the storage by default. Don’t know about android but I’m sure if not by default it can be enabled.

          • asudox@programming.dev
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            29 days ago

            I never said anything about the phone not being encrypted by default. I am talking about the emergency mode iOS devices have.

            • OfCourseNot@fedia.io
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              29 days ago

              You literally said ‘that doesn’t encrypt your storage’. I’ve read some other comments of yours about it being decrypted after entering a pin or passwords in memory…that’s not how it works (again at least in iOS), it’s managed by hardware. Basically a chip enters your password for you. So no, an attacker can’t access your storage, it’s still encrypted, or your password that easily.

              • asudox@programming.dev
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                29 days ago

                PSA hitting your power button (5)? times in a row (however many it takes to bring up the SOS screen) on an iPhone will disable biometric login until you’ve entered your password again.

                I responded to that with:

                That does not encrypt your storage. It simply disables the biometric authentication methods. Which means they can see your stuff if they get into the phone via a exploit.

                That emergency mode that is activated by hitting the power button 5 times does not encrypt the storage. It merely disables the biometric authentication methods and possibly other things related to security, but it does not encrypt the storage. The phone stays in the AFU state and therefore the decryption keys are still somewhere in the hardware chip’s memory.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      29 days ago

      Fun fact: You can have two factor authentication where a PIN and a Fingerprint are required on android.

      This can be done with work profiles! Set a pin for the normal phone unlock, and a biometric for the work profile. To get to any data in the work profile, someone would need both factors.