←back to thread

Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)
446 points akyuu | 2 comments | 30 Oct 25 23:12 UTC | HN request time: 0.472s | source
Show context
derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #
IncreasePosts ◴[31 Oct 25 21:45 UTC] No.45777056[source]
Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?
replies(5): >>45777082 #>>45777144 #>>45777155 #>>45779084 #>>45779157 #
tranq_cassowary ◴[01 Nov 25 03:41 UTC] No.45779084[source]
All of the listed features significantly raise the bar for exploitation ;

https://grapheneos.org/features

replies(1): >>45780669 #
dotancohen ◴[01 Nov 25 10:48 UTC] No.45780669[source]
So Graphene is actually more secure than most stock ROMs, but e.g. banking apps won't run on it "for security"?

Why can't the stock ROMs use these features and be more secure also?

replies(8): >>45780702 #>>45780934 #>>45780961 #>>45780971 #>>45781297 #>>45781306 #>>45781450 #>>45786054 #
1. bjackman ◴[01 Nov 25 13:00 UTC] No.45781306[source]
If apps refuse to run on graphene it's not because of graphene's content it's just a question of whether the attestation is recognised. It's not signed by Google.

I guess one reason you'd want to avoid that is that makes it harder to e.g spoof your location or falsely tell the app that screenshotting is disabled.

replies(1): >>45786071 #
2. ExpertAdvisor01 ◴[01 Nov 25 22:38 UTC] No.45786071[source]
It's mostly preventing apps to be botted . As each device has its own certificate and can be banned exclusively, if it's google certified. This certificate( also called keybox/keybox.xml) is stored in the secure enclave in the device.

If you want to dive deeper you can checkout droidguard/play integrity.