US immigration agents will have access to one of the world’s most sophisticated hacking tools after a decision by the Trump administration to move ahead with a contract with Paragon Solutions, a company founded in Israel which makes spyware that can be used to hack into any mobile phone – including encrypted applications.
The Department of Homeland Security first entered into a contract with Paragon, now owned by a US firm, in late 2024, under the Biden administration. But the $2m contract was put on hold pending a compliance review to make sure it adhered to an executive order that restricts the US government’s use of spyware, Wired reported at the time.
That pause has now been lifted, according to public procurement documents, which list US Immigration and Customs Enforcement (Ice) as the contracting agency.
6 digit pin will be broken in less than 40 minutes by a graybox. A 6-digit pin is way more vulnerable than someone who uses a 30-digit password + biometrics
edit: sorry it’s instantly in 2025 https://www.hivesystems.com/blog/are-your-passwords-in-the-green
Sure bro, put a 30 character password into your phone every time you want to find the nearest fucking coffee shop.
edit: I guess I should explain. I’m into privacy not necessarily absolute security. If a cop wants in my phone I forgot my PIN. There’s no biometric to get into it so he’s going to have to get a warrant if he wants anything to actually stick. With face ID he just holds it up to my face. With fingerprint he can force my finger onto the sensor. In the USA, don’t know about Europe.
I just needed this info out there, I don’t really care what you do - I just need to make sure Lemmy stays safe and you’re spouting leaky insecurity disguised as best practices.
Best of luck
I think I just leaked a little right now. I don’t believe you have a 30 character unlock on your phone. That doesn’t make sense on a device someone uses multiple times a day in one hand at like a bus stop or something.
And I’m no security professional, just some dumbass out in the street.
30 characters is like five words. Entirely doable. You can take your favorite TV show, sort character names by some logic and mispell a few of them to make a very strong very long password.
I use a 15 character pw with a mix of upper and lower case, numbers, and symbols, which according to that link is pretty damn good.
On a phone. On the lock screen. Every time.
Nah, I don’t buy it.
You don’t need to buy it, but I ain’t lying. I am 100% a psychotic outlier tho. 😂 The way I see it, this is a computer that is almost always on me with tons of personal information inside. The chances of it being compromised is WAY higher than any other computer I own. I take that very seriously. Like I said tho, I’m a psychotic outlier.
Cool story bro. I’m just out here smokin’ endo sippin’ on ginanjuice
This means you only enter the password when your phone restarts, you access specific settings, or I think one or two other rare cases. Personally I only need to enter my pin maybe once a week
What, no bro. You give them your shit. Stop doing it, that’s all I’m saying
Man, reading must be hard, considering they said 30char password PLUS BIOMETRICS
What the actual fuck>!><!>>!>!
Are you assholes actually inputting 24+characters plus biometrics into your phone to unlock it?
Fuck you, no you are not.
Of course I do. FaceID allows me to input it exactly once a week, sometimes less.
What don’t you understand?
Wait, so you’re using faceid but you think you’re secure?
Are you stupid?
If you’re in the USA and a cop gets your phone they’re going to pop it onto a graybox and will be digging through your shit up to their elbows. I wish I were wrong
That’s fine. I didn’t help them.
Hope your high horse can get a job and feed your family when you lose your government career over an edgy Modern Warfare 3 chat lobby
how does my high horse feel when it’s riding over you, sub bitch?
With biometrics I only enter it once a week, at the very most. It’s insane to me that people want their phones to be less secure, but best of luck to you and your super secure TSA lock on your phone lol
'the fuck kind of biometric unlock is that? I’m actually curious what you’re using.
FaceID on an iPhone
So the cop can just use that FaceID to unlock your phone?
No? I quint-click my power button through my pocket any time there’s even a whiff of sketch. Now biometrics are 100% off. And even if a cop was holding my phone I’d have to open my eyes, keep one shut at all times and after 2 bad scans biometrics turn off completely.
I don’t understand your argument in the least, maybe you could read about how current biometrics work and give me your feedback once you’re caught up?
I heard elsewhere that anything less than powering down can leave data in memory that can be used to hack your device. So while the quintuple click is better than nothing, powering down is better.
Source on that? Because it doesn’t make sense to me
Removed by mod
Yes but they have to do it before they beat you up
Has that been shown? Has some MMA fighter not been able to unlock their iPhone after a fight?
Otherwise, nope. Still gonna recognize you.
Idk i dont want to take a selfie everytime I want to check the internet
That’s for breaking a bcrypt hash, and I don’t believe there’s any way to extract the pin hash from a phone since it happens inside a secure hardware layer (like a TPM). If it is possible, the attacker would most likely have to physically destroy your phone to get at it. To bruteforce a 4 digit pin with retry lockout timers, it takes 16 hours to try all combinations, according to a tool I found that auto-enters pins via usb keyboard emulation.
What lockouts? https://appleinsider.com/articles/21/06/22/iphone-hacking-tool-graykey-techniques-outlined-in-leaked-instructions
The linked article doesn’t mention whether it can bypass the max attempt lockout or not. I’m not saying you’re wrong, but the article you linked does nothing to support your claim.
That said, an alphanumeric password is certainly more secure than a PIN, no doubt.