Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)

446 points akyuu | 5 comments | 30 Oct 25 23:12 UTC | HN request time: 0.001s | source

Show context

derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]▶

They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."

replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #

IncreasePosts ◴[31 Oct 25 21:45 UTC] No.45777056[source]▶

>>45766747 #

Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?

replies(5): >>45777082 #>>45777144 #>>45777155 #>>45779084 #>>45779157 #

zb3 ◴[31 Oct 25 21:56 UTC] No.45777144{3}[source]▶

>>45777056 #

It physically disables USB ports when locked which significantly reduces the attack surface + can be configured to automatically reboot.

replies(2): >>45777712 #>>45778612 #

fph ◴[31 Oct 25 23:08 UTC] No.45777712{4}[source]▶

>>45777144 #

Two fixes that would be trivial to backport to mainline Android.

replies(3): >>45777832 #>>45777836 #>>45779218 #

vbezhenar ◴[31 Oct 25 23:27 UTC] No.45777832{5}[source]▶

>>45777712 #

You can configure USB port for charging only in the developer options.

replies(5): >>45777859 #>>45778136 #>>45779058 #>>45779241 #>>45781153 #

1. giantg2 ◴[01 Nov 25 00:18 UTC] No.45778136{6}[source]▶

>>45777832 #

I think that's at the OS level. I think there are things that could be done through the firmware level.

replies(2): >>45778518 #>>45779248 #

2. wakawaka28 ◴[01 Nov 25 01:29 UTC] No.45778518[source]▶

>>45778136 (TP) #

Since no phone on the market has open-source firmware, and the firmware likely has all the capabilities of the base system, I think arguing for a firmware lock on that is kind of pointless. Sure, every little bit of security helps, but ultimately you still need to trust a lot of stuff to use a smartphone or most other modern hardware.

replies(1): >>45781283 #

3. strcat ◴[01 Nov 25 04:28 UTC] No.45779248[source]▶

>>45778136 (TP) #

That standard Android toggle doesn't turn off USB support at the OS level but rather controls the default USB gadget mode. USB gadget functionality is one part of the high level USB functionality. That doesn't block USB peripherals, USB-C alternate modes, etc. and leaves nearly all the kernel attack surface being exploited by Cellebrite intact.

See https://news.ycombinator.com/item?id=45779241 which explains this.

replies(1): >>45781275 #

4. giantg2 ◴[01 Nov 25 12:56 UTC] No.45781275[source]▶

>>45779248 #

Sorry, I had the wrong terminology.

5. giantg2 ◴[01 Nov 25 12:57 UTC] No.45781283[source]▶

>>45778518 #

I had the wrong terminology. Your sibling comment explains it better.

↑