Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)

452 points akyuu | 2 comments | 30 Oct 25 23:12 UTC | HN request time: 0.412s | source

Show context

derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]▶

They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."

replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #

bigyabai ◴[30 Oct 25 23:43 UTC] No.45766778[source]▶

>>45766747 #

Short answer: Google is a business that can be compelled by the federal government in ways that nonprofits are resistant to. Ron Wyden identified one of these weaknesses in 2023: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...

replies(3): >>45768420 #>>45776776 #>>45777359 #

windexh8er ◴[31 Oct 25 04:24 UTC] No.45768420[source]▶

>>45766778 #

Let's be very clear: this is still Google's choice. Google could build a phone that they can't be compelled to do anything to after the phone is sold to their customer, but Google alone chooses to not invest in the security of the phones they're selling to their customers. Because: what is good for the government is now equally good for Google.

Do we not remember how Google immediately enabled TLS everywhere, internally, post-Snowden [0]? Remember when Google was "outraged"? Where are those people now? They surely don't work at Google anymore. It's amazing how enshittified Google and Apple have become in a decade.

[0] https://www.bbc.com/news/world-us-canada-24751821

replies(3): >>45768795 #>>45777143 #>>45777841 #

1. Veserv ◴[31 Oct 25 21:56 UTC] No.45777143[source]▶

>>45768420 #

Ah yes, Google could make a unhackable phone secure against state actors, they just do not feel like it.

Not at all a problem that is viewed as so impossible that the very notion of it is beyond belief to the overwhelming majority of software developers. Google can just waltz on down to the corner store and get a jug of unhackable phone software. They just do not want to.

The fact of the matter is that they are incapable of making systems consistently secure against even moderately funded professional cyber demolitions teams. This is true across the entire commercial IT industry with literal decades of evidence and proof time and time again.

Could it also be a conspiracy? Could they also have deliberate backdoors? Sure. But even without them their systems and everyone else are grossly inadequate for the current threat landscape which only continues to pull further and further ahead of their lackluster system security.

replies(1): >>45777379 #

2. wizardforhire ◴[31 Oct 25 22:27 UTC] No.45777379[source]▶

>>45777143 (TP) #

I’ll be asking Anwar down at the bodega to start carrying jugs of unhackable from now on! I want to try the new razzle dazzle berry and 4D cool ranch if he can get them…

↑