←back to thread

Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)
455 points akyuu | 7 comments | 30 Oct 25 23:12 UTC | HN request time: 0.875s | source | bottom
Show context
derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #
tranq_cassowary ◴[01 Nov 25 03:40 UTC] No.45779079[source]
GrapheneOS isn't made by volunteers. They have a team of around 10 paid developers. They are a nonprofit foundation that receives donations and uses those to pay developers, infrastructure etc.

Ars Technica has update its article to rectify that mistake. It doesn't mention that anymore.

replies(2): >>45779993 #>>45780476 #
isodev ◴[01 Nov 25 08:07 UTC] No.45779993[source]
It’s still a valid question. We have this huge corporation that’s doing so many things, constantly lobbying for policy, obscene revenue all while people are exploiting the apk out of their OS.

In fact, looking at the news this week, the same question applies to Microsoft and Apple as well. Are they too big and distracted to care about security?

replies(6): >>45780770 #>>45780944 #>>45780965 #>>45781040 #>>45781433 #>>45782747 #
1. graemep ◴[01 Nov 25 11:51 UTC] No.45780944[source]
> In fact, looking at the news this week, the same question applies to Microsoft and Apple as well. Are they too big and distracted to care about security?

Yes, of course they are, but its more rational than just being distracted. If not caring does does not lose you a significant amount of revenue why should you care? The same applies to big players in the industry with regard to security and quality in general.

In this case they have something to gain by keeping phones open to software used by government agencies.

replies(2): >>45781454 #>>45781517 #
2. isodev ◴[01 Nov 25 13:24 UTC] No.45781454[source]
> If not caring does does not lose you a significant amount of revenue why should you care?

Sounds like it's time for heavy regulation. These corps are not "normal" businesses anymore, I think special (and stricter) rules should apply to them.

replies(2): >>45782547 #>>45783548 #
3. cogman10 ◴[01 Nov 25 13:32 UTC] No.45781517[source]
I don't think you can rule out international government pressures to keep these OSes vulnerable.

I agree that not caring happens a lot in the industry. Plenty of places where you'd think security was a high priority shockingly it isn't. Instead, C-levels will dedicate just enough resources to pass security audits clients demand and not a a penny more.

replies(1): >>45784235 #
4. graemep ◴[01 Nov 25 15:42 UTC] No.45782547[source]
They are hard to regulate and I really doubt governments have either the willingness or the competence to do so effectively. The businesses are very heavily motivated to find ways around regulations, or manipulate them to to their advantage.

Regulation is a very poor substitute for competition, and for well informed customers.

Some of what I said in this comment is relevant: https://news.ycombinator.com/item?id=45780529

replies(1): >>45784256 #
5. raw_anon_1111 ◴[01 Nov 25 17:34 UTC] No.45783548[source]
Yes because government regulation when ur comes to technology never makes the situation worse. What are the chances that the government is going to pass laws to increase user privacy and security?

Especially with the current administration that is all about grift and publicly accepting bribes - see Paramount, Disney, Google, Meta, Apple. Twitter

6. BobbyTables2 ◴[01 Nov 25 18:48 UTC] No.45784235[source]
Not sure if any big conspiracy is needed.

Financial pressures cause this to happen well enough on its own.

The marginal gain from making a really secure phone is outweighed by the engineering cost and degraded user experience. (General public would rather the phone support every streaming video and graphics format under the sun than just a few securely implemented ones).

When was the last time you saw a FIPS mode option on a home WiFi router? Or even just the ability to turn off internal services? Oddly, just a single option to disable all management would often by useful and fairly trivial but never exists…

7. isodev ◴[01 Nov 25 18:51 UTC] No.45784256{3}[source]
> Regulation is a very poor substitute for competition

I've been following tech for my entire adult life. For more than 30 years now, competition or waiting for customers to become informed has never worked.

The only tools we have against mega corps are the ones the EU is currently applying via DMA and similar. But it will take a global effort in order to permanently shift priorities towards "earning money while doing the right thing" (as opposed to "earning money" state of today).

Corps like Google, Apple and friends are more similar to countries than businesses. The only problem is, international law and political pressure doesn't work on them as they're similar to countries governed by cartels.