←back to thread

Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)
455 points akyuu | 1 comments | 30 Oct 25 23:12 UTC | HN request time: 0s | source
Show context
derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #
IncreasePosts ◴[31 Oct 25 21:45 UTC] No.45777056[source]
Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?
replies(5): >>45777082 #>>45777144 #>>45777155 #>>45779084 #>>45779157 #
markus_zhang ◴[31 Oct 25 21:48 UTC] No.45777082[source]
I read from an old HN post that three letter agencies hate graphen OS. The author heard it from defcon or some similar conference. I couldn’t find the post anyway :/ I think it is buried under one of the posts that discuss Defcon and Blackhat.
replies(1): >>45778143 #
overfeed ◴[01 Nov 25 00:19 UTC] No.45778143[source]
Wouldn't it be a total mindfuck if it turns out that Graphene is less secure[1] than stock Pixel, and this is all part of an ANOM-style honeypot operation that has Feds hyping it up, to trick interesting targets into adopting a less-effective security posture.

1. Such as via slower 0-day responses, for instance. This is a thought experiment, I'm nor alleging that this is what it is.

replies(9): >>45778164 #>>45778257 #>>45778894 #>>45779099 #>>45779207 #>>45779908 #>>45779962 #>>45780866 #>>45783723 #
jmnicolas ◴[01 Nov 25 07:59 UTC] No.45779962[source]
I use graphene not for security but because it doesn't come with any Google surveillance stuff.

Let's be realistic if some 3 letters agency really want some data about me, there's not much I can do to counter that unless I'm ready to go to extreme lengths.

replies(3): >>45780014 #>>45782759 #>>45783604 #
yinznaughty ◴[01 Nov 25 16:06 UTC] No.45782759[source]
>Let's be realistic if some 3 letters agency really want some data about me, there's not much I can do to counter that unless I'm ready to go to extreme lengths.

I once thought like you. You do not need to go to extreme lengths to make things difficult and that is what is important. The fact is that the 3 letter agencies are increasingly fucking with normal people in a race to the bottom. Do not be defeatist - that only hurts everyone. The more people protecting themselves the safer everyone is from these people. If people just give up on privacy it puts a spotlight on normal people protecting themselves. The current state of which is so bad I have trouble putting it into words.

replies(2): >>45782968 #>>45783620 #
1. 0_____0 ◴[01 Nov 25 16:28 UTC] No.45782968[source]
I think their comment is rightly pointing out that if a TLA or other state intelligence actor takes an interest in you specifically, they can do quite a bit of classic spycraft that is considerably more expensive i.e. direct surveillance. No alternative handset OS will protect you from an agent who bugs your house, or someone firing a polonium pellet into your leg from a modified umbrella.