In a series of tweets Green said that his students Max and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were "breaking phone encryption".
It was sparked by a claim that coppers could not break Apple’s Secure Enclave Processor, which would make it awfully hard to crack the password of a locked, recent iPhone.
The pair found that authorities do not need to break phone encryption in most cases, because modern phone encryption sort of sucks.
While the report focused on Apple, Green said that Android had similar issues.
To break encryption on an Apple phone you need to get the encryption keys. Since these are derived from the user's passcode, you either need to guess that -- or you need the user to have entered it. Guessing the password is hard on recent iPhones because there's, at most, a 10-guess limit enforced by the Secure Enclave Processor (SEP).
He said there's good evidence that at one point in 2018 a company called GrayKey had a SEP exploit that did this for the X.
“There is really no solid evidence that this exploit still works on recent-model iPhones, after 2018. If anything, the evidence is against it. So, if they cannot crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? “
Green said that the boring answer is that police aren't guessing suspects' passcodes. They're relying on the fact that the owner probably typed it in before the phone was seized.