Most active commenters
  • dotancohen(3)
  • latentsea(3)
  • ExpertAdvisor01(3)

←back to thread

Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)
455 points akyuu | 19 comments | 30 Oct 25 23:12 UTC | HN request time: 1.44s | source | bottom
Show context
derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #
IncreasePosts ◴[31 Oct 25 21:45 UTC] No.45777056[source]
Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?
replies(5): >>45777082 #>>45777144 #>>45777155 #>>45779084 #>>45779157 #
tranq_cassowary ◴[01 Nov 25 03:41 UTC] No.45779084[source]
All of the listed features significantly raise the bar for exploitation ;

https://grapheneos.org/features

replies(1): >>45780669 #
1. dotancohen ◴[01 Nov 25 10:48 UTC] No.45780669[source]
So Graphene is actually more secure than most stock ROMs, but e.g. banking apps won't run on it "for security"?

Why can't the stock ROMs use these features and be more secure also?

replies(8): >>45780702 #>>45780934 #>>45780961 #>>45780971 #>>45781297 #>>45781306 #>>45781450 #>>45786054 #
2. latentsea ◴[01 Nov 25 10:54 UTC] No.45780702[source]
My banking apps run on it, but my concert ticket app doesn't, so I have a separate phone just for that one app.
replies(2): >>45781537 #>>45786076 #
3. rfoo ◴[01 Nov 25 11:49 UTC] No.45780934[source]
> Why can't the stock ROMs use these features and be more secure also?

Some of the features may hurt user experience in some way and people made different trade-off.

For example, GrapheneOS disables USB before unlock so that there's no chance that some driver codes in Linux kernel run in response to a device being plugged in, for attack surface reduction. Then, say, if you have a cracked screen, the touchscreen no longer works and you don't want to fix it, if not for this mitigation, you can use an USB-C OTG cable to connect a mouse / keyboard to the phone, unlock it and export all your data. With this mitigation the keyboard won't work so you are forced to fix the screen first just to get your data out.

replies(1): >>45784736 #
4. cft ◴[01 Nov 25 11:55 UTC] No.45780961[source]
Most American banking apps run on Graphene https://privsec.dev/posts/android/banking-applications-compa...
5. gf000 ◴[01 Nov 25 11:58 UTC] No.45780971[source]
A good deal of banking apps will run on it just fine.

Some of these features are backported to mainline android, others may be deemed too advanced or just the incentives don't match (e.g. being able to disable networking by the user could cut into Google's earnings, e.g. limited ads in apps).

6. etatoby ◴[01 Nov 25 12:58 UTC] No.45781297[source]
For what its worth, all of my local banking and e-government apps work flawlessly on GrapheneOS. The only unsupported feature or app I've found so far is Google Pay. (I'm from Italy)
7. bjackman ◴[01 Nov 25 13:00 UTC] No.45781306[source]
If apps refuse to run on graphene it's not because of graphene's content it's just a question of whether the attestation is recognised. It's not signed by Google.

I guess one reason you'd want to avoid that is that makes it harder to e.g spoof your location or falsely tell the app that screenshotting is disabled.

replies(1): >>45786071 #
8. chasil ◴[01 Nov 25 13:23 UTC] No.45781450[source]
Wells Fargo runs on my Grapheme device.

It also runs on Lineage with Mind The Gapps.

9. dotancohen ◴[01 Nov 25 13:37 UTC] No.45781537[source]
Can concert tickets not be bought in a web browser?
replies(2): >>45781883 #>>45782634 #
10. spencerflem ◴[01 Nov 25 14:25 UTC] No.45781883{3}[source]
No they can’t. It’s very frustrating.

I had to get my friend to buy them for me when I was on Graphene

11. latentsea ◴[01 Nov 25 15:52 UTC] No.45782634{3}[source]
Nope. This is eplus in Japan, and if you try go through the website it tells you you have to use the app. It's cos a lot of shows these days don't use paper tickets, but smart tickets on your phone. It is what it is.
replies(1): >>45785038 #
12. kube-system ◴[01 Nov 25 19:50 UTC] No.45784736[source]
That also sounds like a nonstarter for a lot of kiosk and embedded use cases
replies(1): >>45786132 #
13. dotancohen ◴[01 Nov 25 20:28 UTC] No.45785038{4}[source]
What about people who do not have a smartphone?
replies(1): >>45787675 #
14. ExpertAdvisor01 ◴[01 Nov 25 22:36 UTC] No.45786054[source]
Because these apps use google play integrity which only google certified devices pass
15. ExpertAdvisor01 ◴[01 Nov 25 22:38 UTC] No.45786071[source]
It's mostly preventing apps to be botted . As each device has its own certificate and can be banned exclusively, if it's google certified. This certificate( also called keybox/keybox.xml) is stored in the secure enclave in the device.

If you want to dive deeper you can checkout droidguard/play integrity.

16. ExpertAdvisor01 ◴[01 Nov 25 22:39 UTC] No.45786076[source]
They do it to prevent botting . They use play integrity ( i think ex safety net ).
17. subscribed ◴[01 Nov 25 22:45 UTC] No.45786132{3}[source]
Okay? Then switch that off? :)
replies(1): >>45787391 #
18. ◴[02 Nov 25 02:25 UTC] No.45787391{4}[source]
19. latentsea ◴[02 Nov 25 03:34 UTC] No.45787675{5}[source]
They don't get to go to concerts in Japan.