Sounds like this only affects phones that have been unlocked since the last restart, so unless they have kept them plugged it is unlikely that this attack would be successful.
Some discussion elsethread[0] suggests that that may only be the case for devices that are encrypted, as the passcode in that case would be part of the key for unlocking the contents.
If that's the case, it's possible that this attack may still work from a fresh boot for unencrypted devices.
I am always skeptical of these "lawtech" companies that sell magic unlocking devices. Are we really to believe that there are unpatched security holes in all major devices (both Android and iOS) that allow this kind of backdoor access?
I find it rather convenient that the "detailed support matrix" is only available for current customers only, seems to me like the actual amount of supported devices/operating systems would be limited to things such as outdated Samsung Galaxy phones and similar.
It's complicated, but yes there are a lot of ways to unlock devices some of which include straight up exploiting the device. Keep in mind btw that a lot of the sorts of criminals local LE is going after with these devices are not usually running fully patched iphones or pixels.
>Are we really to believe that there are unpatched security holes in all major devices (both Android and iOS) that allow this kind of backdoor access?
If you are at all familiar with the histories of jailbreaking, previous exploits, and the gray unlock market, it’s unreasonable you would not consider this this to be the default case.
It works. It's basically a software brute force that works great for 4 digit pins, takes longer for longer passcodes. Other offerings are a keylogger for the pin/passwords after they "return" the device to the suspect.
> It's basically a software brute force that works great for 4 digit pins, takes longer for longer passcodes
Since the pin/password isn't actually the encryption key and is instead just the code that is provided to the security module/TPM on the device, I fail to see how this can be bruteforced. Unless there is also a magic hardware backdoor in Android phones, but in that case why would there need to be private companies and how would they even have access to this.
Confiscated phones often have been confiscated for months and are therefore on a relatively old patch level. If at any point old vulnerabilities come out these can be used. Keeping the phones on and connected to a charger in the evidence lockers doesn't seem like too much work.
If the phone is setup for automatic updates it'll restart within a month (most of the phones I've had do monthly security patches) and you'll be in a fresh boot state. You can't turn off the updates without first unlocking the phone giving you a rather limited window to attempt to exploit the device.
If I had to guess: not everyone can buy this software and A/G are not wanted by the sellers. Even the usual customers (law enforcement) are not very likely to pass exploits to them, because their work would become more difficult.
