• Announcements

  • Claims made by forensics companies, their capabilities, and how GrapheneOS fares

matchboxbananasynergy Random 6 digit PIN is only secure on a Pixel/iPhone and only due to secure element throttling. Use a strong passphrase to avoid this.

Is this implying that iPhones have some sort of secure element throttling? If so, which iPhone models?

      spiral They've had it long before Pixels but it's been getting bypassed. These companies are successfully bypassing secure element throttling from Apple for years along with the recent Samsung and more recent Qualcomm implementation.

      Pixel 2 introduced this for Pixels, with an NXP secure element, Pixel 3 moved to a custom ARM secure element. Pixel 6 moved to a custom RISC-V secure element a while after the launch of the OpenTitan project Google is heavily involved in that's developing open source RISC-V secure elements. Moving away from the standard ARM Cortex secure element cores appears to have blocked these companies from successfully exploiting the secure element for several years. That's a huge success since these companies have a lot of resources and are heavily targeting Pixels due to their widespread use among people who want private phones, far beyond this kind of privacy community. iPhones having far more overall users doesn't necessarily mean they care about them more. They'll likely eventually find a way to exploit it, which is why it's a good idea for people to use a strong passphrase.

      Our 2-factor fingerprint unlock feature will allow people to combine a strong passphrase with convenient fingerprint+PIN unlock to get the best of both worlds. We expect that to massively increase the proportion of our users using a strong passphrase, especially when we add our planned UI for generating random passphrases automatically where it can give you a few choices and you pick the one you like.

        They're successfully bypassing the secure element throttling on 2nd through 5th generation Pixels. Titan M2 has held up so well that it appears they didn't have a working exploit for it at any point, so they can't even brute force a random 6 digit PIN on a Pixel 6 with the initial release of the OS shipping with the device. They're likely only trying to attack the latest firmware version, so unless they succeed at some point they won't end up with the capability even for older devices. It would be a waste of their resources to develop exploits which only work against older OS/firmware versions. These companies are likely quite unhappy with the recent improvements we got done upstream for Pixel firmware in the April release but they still haven't added enough OS level hardening to defeat their reliable AFU OS exploits even temporarily. You can see the latest iOS has made changes which require them to make adjustments, which they'll likely get done pretty quickly, but they appear to have an easier time stock Pixel OS.

        GrapheneOS does far more hardening than iOS against these attacks so the results make sense. We also have auto-reboot so even if they do develop a successful exploit, their window of opportunity to use it to get data from user profiles is 18 hours from when it was locked, or significantly less if users lowered the value which can go as low as 10 minutes. Our new USB-C port control feature is also a really big deal for this. We became aware of them specifically targeting GrapheneOS and have been focusing on improving things as much as we can as one of our highest priorities. Duress PIN/password was delayed since we focused on anti-exploitation approaches benefiting everyone first, but it'll ship soon, as will the 2-factor fingerprint unlock feature which surprisingly is close to done due to a new contributor we plan to hire.

          I'm very excited for the prospect of a secure diceware passphrase generation UI for user lock screen. Do you have any information on what wordlists will be used, minimum passphrase size, or a simplified entry screen. Where if GrapheneOS knows it generated a secure passphrase for the user it might search the list as letters are typed and autofill the word or offer suggestions for words that match the entered prefix?
          Endless thanks for all the hard work and careful thought you put into GrapheneOS.

          Hathaway_Noa Thank you for your contributions to the community and the enlightening info you provided. Do you know how supersonic BF differs from regular BF on iOS?

              matchboxbananasynergy XRY and Cellebrite say they can do consent-based full filesystem extraction with iOS, Android and GrapheneOS. It means they can extract data from the device once the user provides the lock method, which should always be expected. They unlock, enable developer options and use ADB.

              So this feels like a dumb question. But I fail to see -- probably due to my lack of technical understanding -- how that is supposed to be noteworthy (by XRY and Cellebrite)? It just sounds like the equivalent of "we have the key to the door so we're able to enter and look around". Like no shit Sherlock. Am I missing something vital here or is this just marketing fluff?

                  This is very fascinating! Since the graphic shows a list of phones with stock OS, and a table with GrapheneOS specifically, does this mean that GrapheneOS is the only alternative OS that can be a match against XRY and Cellebrite? I know very well that the GrapheneOS team is doing amazing security work, but to see it like this? It seems like XRY/Cellebrite is threatened by the existence of GrapheneOS 😄

                    DeletedUser29 How that is supposed to be noteworthy (by XRY and Cellebrite)?

                    It's one thing for somebody to have a way to extract data from a phone. For the data to be used in court proceedings it is important to claim a chain of custody from the device as obtained by law enforcement to the screen shot (or other evidence) appearing in testimony. If an officer testifies that a generally-accepted tool was used, that helps.

                      stereo3441 Cellebrite says Supersonic Brute Force is about 40x faster than the traditional brute force speed.

                        This news makes me glad I swapped my SIM back to my Pixel 8 running GrapheneOS.

                        OnePlus does a really good job with hardware but OxygenOS is kinda gimmicky and OnePlus phones are too big anyways.

                        Great read and thanks for sharing.

                        I know you stated that mitigating full filesystem extraction via (most likeky) ADB is not planned nor in focus right now, but wouldnt locking developer options (or at least ADB) behind a seperate, secure element protected, password be a viable option.

                        This would protect people in a scenario where either Pin was snoopped or the Phone snatched unlocked.

                          If these companies can make a full extraction of the devices when having access to the password why isnt it possible for us/seedvault to have a built a full backup solution that can do the same for us users also that includes full backup of apps and settings which is flagging against that?