←back to thread

Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)
446 points akyuu | 3 comments | 30 Oct 25 23:12 UTC | HN request time: 0.001s | source
Show context
derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #
bigyabai ◴[30 Oct 25 23:43 UTC] No.45766778[source]
Short answer: Google is a business that can be compelled by the federal government in ways that nonprofits are resistant to. Ron Wyden identified one of these weaknesses in 2023: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
replies(3): >>45768420 #>>45776776 #>>45777359 #
windexh8er ◴[31 Oct 25 04:24 UTC] No.45768420[source]
Let's be very clear: this is still Google's choice. Google could build a phone that they can't be compelled to do anything to after the phone is sold to their customer, but Google alone chooses to not invest in the security of the phones they're selling to their customers. Because: what is good for the government is now equally good for Google.

Do we not remember how Google immediately enabled TLS everywhere, internally, post-Snowden [0]? Remember when Google was "outraged"? Where are those people now? They surely don't work at Google anymore. It's amazing how enshittified Google and Apple have become in a decade.

[0] https://www.bbc.com/news/world-us-canada-24751821

replies(3): >>45768795 #>>45777143 #>>45777841 #
harambae ◴[31 Oct 25 05:49 UTC] No.45768795[source]
> how enshittified Google and Apple have become

I don’t know about pop-ups or whatever, but as far as mobile security Apple appears to be running the table. Last cellebrite leak showed they couldn’t do anything in BFU, and you can tell Siri to put it back in BFU without hands while being arrested.

replies(5): >>45773540 #>>45776660 #>>45776770 #>>45776906 #>>45777007 #
immibis ◴[31 Oct 25 21:13 UTC] No.45776770{5}[source]
Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.

Apple sells the illusion of security and privacy, but they're not meaningfully more secure or private except from the device's owner. Remember when they made a big deal of blocking Facebook tracking, while simultaneously adding their own intrusive tracking?

replies(2): >>45776915 #>>45777050 #
tredre3 ◴[31 Oct 25 21:29 UTC] No.45776915{6}[source]
> Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.

So we agree: it's puzzling that Google can't manage to do it.

replies(2): >>45777858 #>>45779086 #
1. immibis ◴[31 Oct 25 23:31 UTC] No.45777858{7}[source]
Google being bad doesn't mean Apple is good.
replies(1): >>45778765 #
2. Mehvix ◴[01 Nov 25 02:24 UTC] No.45778765[source]
Aye but it is good Apple is safe out of the box. BFU is a low bar, and the shame is on Google.

>Lots more devices are safe BFU than just Apple's

Really? Secure against the exploits and methods these tools 3 letter agencies employ? I hate to cry source, but base Android isn't secure. What devices have similar hardware-level security, or have their Android flavor shipping with these Graphene-OS-level patches?

replies(1): >>45780103 #
3. big-and-small ◴[01 Nov 25 08:32 UTC] No.45780103[source]
> Really? Secure against the exploits and methods these tools 3 letter agencies employ?

Before First Unlock data on your device is as safe as your password safe. It doesn't really matter if you use Android, iOS or any other devices as long as it have modern crypto on it.