Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)

446 points akyuu | 2 comments | 30 Oct 25 23:12 UTC | HN request time: 0s | source

Show context

derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]▶

They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."

replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #

IncreasePosts ◴[31 Oct 25 21:45 UTC] No.45777056[source]▶

>>45766747 #

Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?

replies(5): >>45777082 #>>45777144 #>>45777155 #>>45779084 #>>45779157 #

markus_zhang ◴[31 Oct 25 21:48 UTC] No.45777082[source]▶

>>45777056 #

I read from an old HN post that three letter agencies hate graphen OS. The author heard it from defcon or some similar conference. I couldn’t find the post anyway :/ I think it is buried under one of the posts that discuss Defcon and Blackhat.

replies(1): >>45778143 #

overfeed ◴[01 Nov 25 00:19 UTC] No.45778143[source]▶

>>45777082 #

Wouldn't it be a total mindfuck if it turns out that Graphene is less secure[1] than stock Pixel, and this is all part of an ANOM-style honeypot operation that has Feds hyping it up, to trick interesting targets into adopting a less-effective security posture.

1. Such as via slower 0-day responses, for instance. This is a thought experiment, I'm nor alleging that this is what it is.

replies(9): >>45778164 #>>45778257 #>>45778894 #>>45779099 #>>45779207 #>>45779908 #>>45779962 #>>45780866 #>>45783723 #

Andromxda ◴[01 Nov 25 07:46 UTC] No.45779908[source]▶

>>45778143 #

GrapheneOS releases patches very quickly, often even faster than OEMs do. But patches are only useful for fixing individual known vulnerabilities. GrapheneOS additionally focuses on defending against whole classes of vulnerabilities. [1] For example, in addition to fixing memory corruption bugs in individual system components, GrapheneOS has deployed memory protections for the entire OS in the form of hardened_malloc [2] and by enabling the ARM memory tagging extension for the kernel, most system processes (with very few exceptions) and all user-installed apps.

The honeypot theories don't make sense, since GrapheneOS is fully open source, and very transparent about developers, funding, infrastructure, and other internal stuff.

[1] https://grapheneos.org/features#exploit-protection

[2] https://github.com/GrapheneOS/hardened_malloc

replies(2): >>45780184 #>>45780685 #

MYEUHD ◴[01 Nov 25 10:51 UTC] No.45780685[source]▶

>>45779908 #

> GrapheneOS is fully open source

Not really. There is a bunch of proprietary firmware running on those phones, which can be exploited with or without the help of the manufacturer.

replies(2): >>45780955 #>>45780983 #

gf000 ◴[01 Nov 25 12:01 UTC] No.45780983[source]▶

>>45780685 #

Show me any device on earth that can run a browser that has no proprietary code whatsoever (including hardware) on it?

replies(1): >>45781584 #

1. SXX ◴[01 Nov 25 13:43 UTC] No.45781584[source]▶

>>45780983 #

AFAIK older Talos Secure Workstation with Power CPUs was it. Everything open including CPU firmware.

Not sure about smartphones though - they mostly struggle with a fact there are no truly open source baseband.

replies(1): >>45781900 #

2. Andromxda ◴[01 Nov 25 14:28 UTC] No.45781900[source]▶

>>45781584 (TP) #

There is no smartphone fully powered by open firmware. Also keep in mind that the hardware itself is proprietary too.

↑