Comment by jnwatson
1 month ago
The attack is simple: the attacker downgrades the phone to a version of firmware that has a vulnerability. The attacker then uses the vulnerability to get at your data. Your data is PIN-protected? The attacker uses the vulnerability to disable the PIN lockout and tries all of them.
There's over a 10x difference in fence price between a locked and unlocked phone. That's a significant incentive/deterrent.
Don't pixels have a security chip that is supposed to make that infeasible?
It has some increasing timer for auth, and if you try and factory reset it - it destroys all the data?
As I said its less important that the thief can boot a new os, the security of my data is more important. How is that compromised?
It feels like a thief is just going to opportunistically grab a phone from you rather than analyse what device it is.