Does anybody know what are the bruteforce attempts rate of CAS against a Snapdragon gen 2 in BFU (phone without graphene)?
Does the latest models of snapdragons have a kind of timeout/limiter when it comes to bruteforce attacks?
This leaked chart of Graykey supported devices makes me believe snapdragon is not safe.
Actually my phone is not in that list.
But anyway my question was another, we know that if a relatively modern encrypted phone is locked before first unlock the regular ufed canât do sht⌠So the only option is to ship the device to cellebrite headquarters in order to try a bruteforce attack on the password (CAS), so with one of the latest flagship whatâs the rate of the bruteforce attempts? Has the SoC some sort of bruteforce rate limiter like time-out or other kinds?
Knowing the speed of their platform can reasonably assess whether our password is safe or not.
1 Like
I did a lot of research into cellebrite/graykey cracking rates about a year ago and the best info I was able to find was from 2018:
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
â Matthew Green (@matthew_d_green) April 16, 2018According to his estimates, a 4-digit passcode can be unlocked by GrayKey at around 6.5 minutes, 6 digits at 11, 8 digits at 92 days and a 10-digit passphrase at around 4,629 days (thatâs still 12 years and 8 months!)
That works out to about 25 guesses/second. Thatâs for GrayKey obviously, not for cellebrite as youâre asking.
If anyone has any more recent information, Iâd love to know!
A 10 digit pin is not a passphrase.
Modern iPhones (12 or later) resist brute forcing making a 4 digit pin viable for security assuming the secure element cannot be exploited.
You are forgetting about Cellebrite Premium program. It has bruteforce capabilities built in. If they have hardware exploit (that chart is a high indictor that they do) then they probably can bypass the limit enough to render any 6 digit password useless. Alphanumeric password always your best bet.
Feel free to read my thread Chat Logs of Cellebrite/Graykey/etc. Users/Staff
2 Likes
Premium if Iâm not mistaken is just a CAS âin-houseâ as they download the tools of CAS and make the unlocking attempts on their own not needing to ship the device to cellebrite, and is available also to others than LE.
Ok we know Apple has the security chip which slows significantly the bruteforce rate, but Iâm talking about android and recent snapdragon 8gen and newer chips, what do we know about that cellebrite speed capability?
If we answer this question we can reasonably assess our password is good enough since it would be too time consuming even with the most used option to try to unlock.
I think when i saw LE officer post this he was complaining it could not be bruteforced or something. Maybe this has changed 
Thatâs interesting, so even with premium a Samsung Galaxy s24 (snapdragon 8gen3) with Android14 canât even be attempted a bruteforce, i imagine if it was just possible to try at least a bruteforce the rate would be slow.
Why does it say complete access though?
Whereâs that post?
Analyzing the hardware of the few latest Qualcomm flagship SoCs it emerges that they do have a secure element, i think itâs more or less the same (perhaps a little bit less efficient) of what the Appleâs and Googleâs chipsets do.
Iâm positive to believe they employed some kind of rate limitation when they detect malicious attempts to break through via bruteforce or similar⌠If anybody knows better please let us know