believe the vulnerability to be related to the lack of a secure hardware biometric / encryption module.
The problem here is that we're all just speculating. We suspect this to be the case, but we can't be sure. And we probably never will be.
To take this a step further, the FBI has also learned the lesson to never take this public again. If you are worried about law enforcement attacks against any device protected by they signing keys of a US company, it is only prudent for you to ASSUME that a FISA court has or will soon compromise the signing keys of your device. Jonathan Zdziarski has already shown the enclave to be useless in this case of compromised keys.
At this point, the work being done by Joanna Rutkowska, Coreboot, Purism, and others are our only hope now. And even there, we'll never own our chipsets, ethernet controllers, or CPUs.
Investigation is either made completely public after the fact or partially marked secret for certain years. Now if someone intentionally hide the investigation details, well, that's a whole different story and I wouldn't be surprised at all. Writer chooses what to write in their investigation log reports.
Anyway, we really don't know what method they used to gather the information and what kind of information they pulled off for sure.
The problem here is that we're all just speculating. We suspect this to be the case, but we can't be sure. And we probably never will be.
To take this a step further, the FBI has also learned the lesson to never take this public again. If you are worried about law enforcement attacks against any device protected by they signing keys of a US company, it is only prudent for you to ASSUME that a FISA court has or will soon compromise the signing keys of your device. Jonathan Zdziarski has already shown the enclave to be useless in this case of compromised keys.
At this point, the work being done by Joanna Rutkowska, Coreboot, Purism, and others are our only hope now. And even there, we'll never own our chipsets, ethernet controllers, or CPUs.
May as well give up, we've already lost.