FBI is working to break into the phone of the Trump rally shooter

Could statistically be an iPhone considering the guy’s demographics (2022 graduate, young, in the US) (source). But yeah wildly speculative indeed, since he is already a statistical outlier by acting like this.

I also think the guy did not have any safe/secure device or proper OpSec anyways, and probably used a.) A common pin/pattern, b.) Biometrics, or c.) Public/Semi-Private information based password, since feds did not take too much time to get his phone unlocked. Otherwise this situation also seems sensitive enough to bring out a zero-day (which are otherwise very precious since if they get out they become usually useless). I don’t think it could have been a Graphene OS Pixel, since as far as I have seen around me, mobile forensics in some non-EU, non-US nations still hate finding out someone they want is using it. All speculation though.

Looks to be most likely a Samsung device, maybe A series from the pictures I’ve seen.

4 Likes

Everyone and their dog has an iPhone in the US, and agents in Pennsylvania weren’t able to get into his phone, so either agents in Pennsylvania aren’t very capable or the phone wasn’t just a random Android from Xiaomi, Samsung, OnePlus, etc.

XRY and Cellebrite historically didn’t have much trouble with Apple’s secure elements. Meanwhile, the custom RISC-V Titan M2 secure element that comes with Pixel 6 and later is just a literal titan.

XRY and Cellebrite don’t have the capability to exploit it, and there is zero evidence that anyone else has, even if someone did, such an exploit is worth A LOT of money.

All of this makes me to believe that it was an iPhone.

I just counter all the shilling, marketing, and nonsense that Apple is somehow good or better for privacy than Google and the others, my criticism or “hate” makes it balanced as all things should be.

You can look at Apple shilling as Yin and my criticism or “hate” as Yang. Both are needed to keep the balance.

1 Like

1 Like

Saturated image from Matrix room.

If someone is an expert on phones OSINT, please tell us what model you think the phone is.

1 Like

A54:

A34:

I guess they both look the same from the back, but they’re the best matches I can think of.

2 Likes

It looks like an A series Samsung to me. I wonder how A series phones compare to S series phones in terms of security.

Baseless speculation (which ended up being incorrect) was not needed to maintain “balance” in this thread. You’re tilting at windmills.

2 Likes

I had my own reasons to believe that it was an iPhone, which I explained above.

As for my semi-sarcastic reply about “balance” to the post that called me an “Apple hater," take a look at this:

I pointed out the fact that Apple applies proprietary DRM to all of the apps on the App Store. Because of that, Signal can’t provide reproducible builds for iOS. You also can’t use some licenses if you want to publish your app to the App Store:

And my criticism got classified as “random Apple hate." This is pure and factual criticism, not hate. Everyone is free to look up the definitions of criticism and hate.

Also, both people who classified my posts about Apple as hate are using multiple Apple products, just something to think about.

This post further demonstrates the point I was making. These criticisms of Apple have literally zero relevance to the topic of this thread. You’re not balancing out anything. You’re tilting at windmills on a personal crusade.

4 Likes

FBI used Cellebrite and it is a Samsung device.

4 Likes

I’m not sure if there is a way to protect non-GrapheneOS devices even if you use a 7 word diceware passphrase. It seems like auto-reboot is crucial if you’re an individual with a high threat model.

The only way would be to try and reboot the phone when going outside, leaving it alone or not using it at the moment, etc. If the feds get hands on the phone in AFU state, then it’s basically over.

I’ll note that auto-restart is a standard feature on many Samsung devices, although:

Your phone will only restart when:

  • The screen is off.
  • The phone isn’t being used.
  • The battery is above 30%
  • The SIM card lock is off.

It’s probably feasible that they’d prevent this from happening, if they were aware it’s a possibility.

The battery one confuses me, you’d think it would be a good way to save battery? :rofl:

One strong mitigation against forensic labs is restrict USB mode. All of these unlocking tactics start by plugging in the phone. Restrict USB in developer settings.

Or place epoxy over the ports, only charge via wireless charging.

They could remove the epoxy manually, and re-solder a new charging port. But it will significantly slow them down.

Another mitigation for communications is to set your disappearing message timer to the length needed to transport it to a lab and unlock it.

Here they took a few hours to transport it to the FBI lab, plus 40 minutes to unlock. Disappearing message timer of 1 hour should be good.

Edit: If the case wasn’t so high profile, the phone likely would have sat in a lab for a few weeks to months before attempting to open it. These labs are bureaucratic and slow moving.

While restricting USB is a good thing, it’s not enough.

Epoxy over the USB port and mix the epoxy with thermite dust. Any attempt to solder out the epoxy could ignite the thermite and melt the phone.

I’ve heard of people doing this before with their devices, but I haven’t personally tested this.

Depends on how much they want your data I suppose. Virtually all the exploits are USB based right now, but they could easily switch to finding vulnerabilities in, for example, your wireless radios (Wi-Fi, Bluetooth, Cellular) if USB wasn’t an option.

2 Likes