6 digit pin and in BFU state question.

Beamproton

Hey,
I have read that Polish law enforcement bought in 2023, for 1600000 USD license for:
UFED 4PC Ultimate, UFED Cloud Analyzer, UFED PREMIUM and Cellebrite Inspector.
With this software (and with other software maybe) are they able to crack let's say: pixel 6, with 6 digit pin and in BFU state?
Is there evidence that any company has ever managed to get into a pixel phone above the 6 series with 6 digit pass and in BFU state?

GrapheneOS

Beamproton Cellebrite's non-public documentation states that they cannot do brute force attacks bypassing the secure element throttling on the Pixel 6 or later. They also state that they cannot exploit GrapheneOS BFU or AFU when the security patch level is beyond late 2022. If you don't want to depend on the secure element throttling in case a forensic company develops an exploit for the secure element as they did for iPhones and legacy Snapdragon Pixels, you can use a strong random passphrase with 7 diceware words.

matchboxbananasynergy

Even with a 6 digit PIN, as the phone is in BFU state, it will require a secure element exploit, which I've personally not heard being used for Titan M2. If it does exist, it probably costs a fortune.

If they did have a secure element exploit, they could unlock the device, but that's not really likely.

If the USB-C port setting is set so that the port isn't active when the phone is in BFU, that would make things even harder for anyone trying to get in.

If someone wanted to rule out the possibility of a secure element exploit affecting them, all they would have to do is use a 90+ bit entropy passphrase instead.

[deleted]

matchboxbananasynergy How do i have the usb not active?

fid02

[deleted] Go to the app called Settings > Security > USB-C port and choose your desired setting.

[deleted]

fid02 thanks!

spiral

fid02

It's not super clear to me what these settings mean.

Mine is set to "Charging only when locked" which I assume means, for both BFU and AFU, that the usb-c port will only work to charge the phone when the phone is locked. Does my description sound accurate?

fid02

spiral No. With "Charging-only when locked" (notice the hyphen there), the OS will always disable all USB functionality when the phone is locked, except for charging. Then, the phone can charge regardless of being locked or unlocked, and regardless of being in a BFU or AFU state.

The community manager summarized the various options in this post which, incidentally, I see that you replied to and engaged with: https://discuss.grapheneos.org/d/11178-grapheneos-version-2024022800-released/12

[deleted]

fid02 So if i wanted to use android auto wired with the phone locked what option should I do? Sorry I don't know why I can't grasp this.

spiral

fid02

Did we not just write the same thing?

And yes, I remember engaging in this conversation before, that is beside the point. When I look at the options on my phone for usb-c, many weeks after having them explained to me in this forum, they still present unclearly to me.

Xtreix

[deleted] The phone must be unlocked to use Android Auto, so the default setting "Charging-only when locked, except before first unlock" or "Charging-only when locked" is OK.

[deleted]

Xtreix okay I think i get it!

fid02

spiral Did we not just write the same thing?

That wasn't clear to me. I'm sorry if my explanation isn't helpful.

spiral And yes, I remember engaging in this conversation before, that is beside the point.

True, it was irrelevant of me to make a remark about that. To be clear, I didn't mean that as a criticism. It was a throw-away comment, but I see now it's irrelevant.

It seemed to me that you found the post by matchboxbananasynergy that I linked to to have previously helped you understand this, so I thought it would be helpful as a reminder in case you had forgotten the content, and perhaps useful to others reading this thread. I can't really put it any more clearly than they did.

spiral

fid02

Sure, I understand what you're saying and thanks for your help.

I'm wondering if perhaps it could be worded more clearly in the settings. Maybe it cannot and maybe the problem lies with me, however I'm betting that if I can look at those settings options and find myself confused, unable to explain them to another person, other people probably find them to be confusing too.

xuid0

GrapheneOS

Would this Diceware Password Generator be okay to recommend? https://diceware.dmuth.org

I'm sorry for reviving old forum post too.

[deleted]

Just genuinely curious, but i would love to move to 6 pin when i switch to grapheneos. Currently i use a 20+ character password for my iPhone but curious who hear uses the six pin an relies on the secure element?

Eirikr70

[deleted] I do, but I'm neither a drug dealer nor an iranian journalist.

Murcielago

Eirikr70

I have read and really appreciate many of your well written, thoughtfull and helpful comments here in the forum. So I'm sure you didn't want to paint a black and white picture dividing the world into Iranian journalists and drug dealers on one side and the rest of the world on the other. But as others maybe don't know, i wanted to add on:

I agree with you that relying on the secure element may be enough for many users here. However, in addition to the groups you mentioned above, there are people whose threat model may require a strong password.

As we saw with Pegasus (Pegasus != Cellebrite, just as a quite well documented example of misuse), it's not always just governments that have the financial means to deploy powerful state-of-the-art tools. And even in countries with a more constitutional state than maybe Iran, exploits can be misappropriated and used outside of democratic legislation.

Long things short: I think the much-cited threat model and a little reflection on whether you can and want to rely on the secure element is probably a little more helpful than considering whether you belong to one of the two groups mentioned.

Eirikr70

Murcielago You are right. I just wanted to state that protecting my privacy is not a life concern (sorry for my poor english but I think you understand) but more a kind of a political posture. I don't want my data in the hands of the Big Tech. I would say in a way I have no threat model since I bear no threat. I am just a "Français moyen" willing not to give away their privacy. So all I want to achieve is put a higher entry price to my data than what it would be worth for anyone not authorised by me. If in the end, someone is still willing to spend enough effort to enter my phone, then I would just like them to tell me why.

Murcielago

Eirikr70
Merci beaucoup pour l'explication, citoyen français! That's more or less my approach too. I hope I haven't offended you - i also didn't want to derail the discussion too as this threat is about 6 digit pin and BFU.

GrapheneOS

xuid0 No, we certainly can't recommend using a website. The whole point of diceware is that you can use dice. Until we integrate into the OS, use dice.