Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)

446 points akyuu | 4 comments | 30 Oct 25 23:12 UTC | HN request time: 0.826s | source

Show context

derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]▶

They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."

replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #

IncreasePosts ◴[31 Oct 25 21:45 UTC] No.45777056[source]▶

>>45766747 #

Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?

replies(5): >>45777082 #>>45777144 #>>45777155 #>>45779084 #>>45779157 #

tranq_cassowary ◴[01 Nov 25 03:41 UTC] No.45779084[source]▶

>>45777056 #

All of the listed features significantly raise the bar for exploitation ;

https://grapheneos.org/features

replies(1): >>45780669 #

dotancohen ◴[01 Nov 25 10:48 UTC] No.45780669[source]▶

>>45779084 #

So Graphene is actually more secure than most stock ROMs, but e.g. banking apps won't run on it "for security"?

Why can't the stock ROMs use these features and be more secure also?

replies(8): >>45780702 #>>45780934 #>>45780961 #>>45780971 #>>45781297 #>>45781306 #>>45781450 #>>45786054 #

1. rfoo ◴[01 Nov 25 11:49 UTC] No.45780934[source]▶

>>45780669 #

> Why can't the stock ROMs use these features and be more secure also?

Some of the features may hurt user experience in some way and people made different trade-off.

For example, GrapheneOS disables USB before unlock so that there's no chance that some driver codes in Linux kernel run in response to a device being plugged in, for attack surface reduction. Then, say, if you have a cracked screen, the touchscreen no longer works and you don't want to fix it, if not for this mitigation, you can use an USB-C OTG cable to connect a mouse / keyboard to the phone, unlock it and export all your data. With this mitigation the keyboard won't work so you are forced to fix the screen first just to get your data out.

replies(1): >>45784736 #

2. kube-system ◴[01 Nov 25 19:50 UTC] No.45784736[source]▶

>>45780934 (TP) #

That also sounds like a nonstarter for a lot of kiosk and embedded use cases

replies(1): >>45786132 #

3. subscribed ◴[01 Nov 25 22:45 UTC] No.45786132[source]▶

>>45784736 #

Okay? Then switch that off? :)

replies(1): >>45787391 #

4. ◴[02 Nov 25 02:25 UTC] No.45787391{3}[source]▶

>>45786132 #

↑