JamesBrickley

Meh... Who cares it's encrypted. People don't realize it but when Amazon AWS experienced a US East data center outage half the Internet stopped working. Many companies host on AWS at least part of their infrastructure. Amazons most profitable business is AWS not retail. I believe I read somewhere that Apple pays Amazon like $30M/mo. That plus Google and Microsoft must be a considerable amount.

Definitely need some patent law reform.  This is crazy...

Cellebrite's previous exploits used USB via Lightning cable to brute force the passcode (4-6 digit PIN).  Then Apple disabled USB access unless the user trusts it. Now they say they can get around that and they already got around the erase after 10 attempts restriction.  It would be possible for Apple to alter iOS 13 either during this beta cycle or with a dot release soon after.  Setting a very strong password instead of a 4-6 digit passcode is recommended.  I mean using 16-20 characters or more using upper/lower/numeric/symbols and not containing dictionary words. A really good password will cause brute force attacks to likely fail even for the fastest computers.  You can then use TouchID/FaceID most of the time.  You can also engage emergency mode and that will lock the device or turn it off/reboot it.  Going through US or Australian Customs you may be asked to unlock your devices.  The devices can be seized if you refuse and you may not get them back any time soon if ever.  So what's a savvy person to do? Well with an iPhone that is iCloud backed up using a strong iCloud password and multi-factor authentication.  Well, you wipe your iPhone and setup as new. Give it a simple PIN and perhaps text a few people, etc.  Don't login to iCloud.  Then hand it over and give them the passcode.  When you get it back, connect to wifi and restore your backup.  Yes, it is a pain in the arse but it may be necessary.  Otherwise do not travel with your laptop and smartphone.  Buy a burner.  Already do that when going to China, Russia, etc.  Just too risky.  

It is obvious that Cellebrite will continue it's pursuit and may already have many zero day exploits in it's bag of tricks waiting to be implemented only one at a time as Apple closes the loopholes.  Their entire business model depends on it.  That is also why their products are so insanely expensive and have moved into a subscription model.  One day it will all stop working, they need the money for R&D which is not cheap.  

You can thank Snowden for releasing the knowledge that pretty much all mobile phones and most computers were hackable by the NSA.  Once word got out all the manufacturers and operating system providers started patching the zero day exploits.  Not to say that ALL communications and transportation are not monitored already.  If not actual data being intercepted at the very least, metadata is being collected which is almost as valuable.  Traffic cameras, license plate readers, vehicle GPS, mobile device GPS, cellular tower connections, Internet backbones, international phone trunks, email, SMS, all digital financial transactions, etc., etc., etc.  You can go fully dark with technology and hide in the woods but then you are seen on satellite.  This is the world we live in.  Just make sure the bad guys don't abuse it. Already happening in China and Google is helping them build it.  Obama's admin opened up access to the NSA systems to multiple agencies to the point that FBI contractors were running queries and unmasking US Persons (normally redacted by the NSA).  All this is starting to be investigated because these tools were never allowed prior to 9/11.  The addition of the FISA courts was to get a warrant to allow spying on US Citizens on US soil.   Except, the NSA has been doing it for decades they just weren't allowed to use it directly.  They might know a spy was operating and they could track that person, etc.  But they would have to do something like make an anonymous tip to the FBI, etc.  But now, it's almost wide open and there is serious evidence it's been abused.  It will all hit the fan in the next year if there is any hope of actual justice in this world.

You are only paranoid if they really are not out to get you.

Been using FaceID with iPhone XS for months as well.  It is far superior to TouchID.  Apple made the correct choice.  As to Samsung's sensor being fooled?  Same happened with TouchID when it was announced.  Security researchers captured a finger print off the touch screen, extracted the print, created a mold, formed a model and used heat transfer from another finger through the mold.  It unlocked the iPhone.  You want real security, set a strong passcode and either do not use TouchID/FaceID or be prepared to disable it quickly.  

The event was rather lame.  But we aren't the target audience.  Hollywood and TV Networks were the target.