Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But it’s a fundamentally different type of security bug: these biometrics bypasses require knowing something about the user (lift a fingerprint, picture of a face, etc).

I see this as a different class: I can grab an unknown person’s Pixel they left in a coffee shop and get into it.



Cellebrite sits on a pile of unlock exploits for Apple devices and sells unlocking services to law enforcement, or presumably anyone with money.

https://cellebrite.com/en/cas-sales-inquiry/

Zerodium brokers sales of iOS FCP Zero Click for $2m. I expect they sell to people like Cellebrite who can make a profit selling expensive unlocks and keeping the vuln secret.

https://www.zerodium.com/program.html

All phones are security shit shows. It is just a game of how well known this months exploits are and how much someone has to gain by targeting you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: