Protection against GrapheneOS infrastructure compromise

horde

I came across this thread https://discuss.privacyguides.net/t/suspicious-services-used-by-le-to-intercept-data-cloudfare-gandi-ovh-hetzner-etc/18889 where LE controlled the whole Encrochat infrastructure and shipped malware to all Encrochat users through its update servers.

While GrapheneOS (GOS) is not marketed to criminals, but there might be some people using GOS to do illicit stuff which might also attract LEAs which will target all GOS users to catch them. So, I was wondering what are the protections employed by GOS to protect against infrastructure compromise as shown in the linked thread.

From https://grapheneos.org/articles/grapheneos-servers it says that you guys are using OVH which was involved with the interception of Encrochat traffic, I know that all VPS services would do the same like Hetzner and Linode did with xmpp.ru if required by law as mentioned in the thread. What protection is taken against cold boot attacks and where they remove the RAM and do a quick memory dump and just steal the keys etc.

Please reply with all mitigations taken by GOS against attacks mentioned in the thread + more advanced attack vectors, thanks a lot for developing this awesome project.

de0u

horde So, I was wondering what are the protections employed by GOS to protect against infrastructure compromise as shown in the linked thread.

People can't break in to GrapheneOS servers to steal confidential user data because there isn't any, beyond 10 days of access logs: https://grapheneos.org/faq#privacy-policy

Breaking in to the update server to implant fake GrapheneOS releases won't work because fake GrapheneOS releases won't pass the signature check on GrapheneOS devices.

horde What protection is taken against cold boot attacks and where they remove the RAM and do a quick memory dump and just steal the keys etc.

Which "keys etc."?

de0u

horde What protection is taken against cold boot attacks and where they remove the RAM and do a quick memory dump and just steal the keys etc.

What protection should you use against cold-boot attacks against your refrigerator? Probably no precaution is necessary, if your refrigerator's RAM doesn't contain confidential data.

GrapheneOS

horde Updates have their signatures verified and downgrades are prevented. GrapheneOS releases for the OS and apps are signed with keys unavailable to any of the servers. An attacker getting access to any servers can't release a malicious upgrade or ship an old version as a downgrade. We don't build or sign releases on the server infrastructure. There's a clear list of the default connections at https://grapheneos.org/faq#default-connections. There are the update connections which do not trust the update server and the network services which don't send sensitive data to them and are only to get the current time, PSDS data for satellite-based geolocation, etc. Chromium component updates are signed.

matchboxbananasynergy

Start with https://grapheneos.org/usage#updates.

What happened to Encrochat doesn't apply to GrapheneOS. We don't operate a chat service which requires storing user data.

Updates don't trust the infrastructure. Someone who seizes or compromises the infrastructure cannot ship a valid update, as they wouldn't have access to the keys.

This doesn't apply to how GrapheneOS does things.

I'd also suggest reading our FAQ entry on default GrapheneOS connections:

https://grapheneos.org/faq#default-connections

[deleted]

matchboxbananasynergy I believe the keys were changed with the mentioned networks and that's how they were able to push malicious malware. So them 'not having the keys' is irrelevant if they could change them like they have done previously.

[deleted]

I believe OVH was also the sky network which was used by criminals which also got hacked in similar fashion.

Worrying that GOS uses there too as no doubt LE are looking at it especially when innocent users may be caught up in it if something was pushed onto the phones.

matchboxbananasynergy

[deleted] Worrying that GOS uses there too as no doubt LE are looking at it especially when innocent users may be caught up in it if something was pushed onto the phones.

I hope you realize that OVH is the biggest EU cloud provider in the world. I guarantee you a huge majority of services you use likely at least partially use OVH.

Please look at the reply above. Unlike these scam products marketed to criminals which operated chat services that could be compromised by compromising the cloud they were hosted at, GrapheneOS hosts no such thing. I've linked to very specific documentation that lays out how we do things; please take a look.

[deleted]

matchboxbananasynergy I will read it and thanks for your reply.

matchboxbananasynergy

[deleted] How would "they" change the keys, please? I think there's a fundamental misunderstanding of how things work. None of the infrastructure has access to any keys at any point. "They" can't change the keys, because "they" don't have access to them.

Where "they", substitute any adversary with the capability of compromising the infrastructure.

horde

de0u Encryption key while it is still in RAM.

GrapheneOS

de0u It's up to 10 days of web server access logs but it's only 4 days for the network services and authoritative DNS services. It might get reduced to 4 for the update servers too, but first we need to implement generating statistics from the logs on a daily basis so we can still figure out how approximately how many devices installed a given update, etc.

de0u

horde Encryption key while it is still in RAM.

Key to encrypt what?

Communicating with a GrapheneOS web server via SSL involves an ephemeral session key per client. If somebody gets one, they can see which part of the completely public GrapheneOS web site you were fetching.

If the GrapheneOS servers don't contain confidential data, breaking in to one won't reveal confidential data.

boldsuck

horde Encryption key while it is still in RAM.

Why should an opensource OS that anyone can download be encrypted?

The SSH keys for committing and signing @Github are with the devs. I have my Fido2 SSH keys on OnlyKeys and NitroKeys, for example.

horde The drives, I thought that's what everyone does (FDE), right?

That depends. Nobody encrypts the Tor exit server, on purpose.

horde

de0u

Key to encrypt what?

The drives, I thought that's what everyone does (FDE), right?

de0u

de0u Key to encrypt what?

horde The drives, I thought that's what everyone does it (FDE), right?

That is unrelated to your original question about VPN session keys -- so, mostly no.
I don't encrypt the drives on my refrigerator, because my refrigerator -- like the GrapheneOS servers -- doesn't store confidential data. Do you encrypt the drives on your refrigerator?

GrapheneOS

de0u The servers do use encrypted swap with a per-boot key in case session keys, etc. end up there to avoid it persisting indefinitely. We're not handling sensitive user data with these services though. There are no accounts or stored user data for the default services. This discussion forum has user accounts and user generated content but it has no private messages, so the only private data are passwords / emails / IPs, and it's not something used by the OS so it's not really relevant to it.

It's not clear what threat model FDE would be protecting against for the services. An attacker obtaining access to them wouldn't be stopped by FDE. They're always running so the data would never be at rest. It makes little difference to this whether we use or VPS or managed dedicated server since a compromise of the provider's control plane would give access to either. FDE would only defend against someone grabbing drives out of servers or taking the whole servers. There's no user data on the default enabled services, just access logs, and all those really show is that an IP had a GrapheneOS device using it. Does that really matter even for people not using a VPN provider?

raccoondad

horde Applications for GOS and OS updates are signed, not encrypted, because there is no reason to encrypt them.

Keys can't be changed, for the OS, the device has a signing key it checks for when updating. This key is set and can't be changed without a factory reset (once the bootloader is locked, so go do that if you have not)

Also what are 'the drives'?

GrapheneOS

horde Our official builds machines are local machines under our physical control. Those of course those have full disk encryption along with the keys being encrypted to keep them at rest when the machines are booted which they are nearly all of the time. We don't build or sign any releases on servers in any data centers or anything like that. This is also clearly documented.

None of the default services used by the OS store any user data in the first place. They have web server access logs, but there's no sensitive data recorded as part of those. Someone who can monitor the encrypted traffic over the network obtains nearly the same metadata: source IP, destination IP and domain name via SNI. The logged paths don't contain any sensitive data. They're standard paths. Our FAQ explains this:

https://grapheneos.org/faq#default-connections

We could add some basic info about the machines we use to build and sign GrapheneOS but that wouldn't be on the server page since it's an entirely separate thing.

horde

boldsuck

Encryption key while it is still in RAM

Why should an opensource OS that anyone can download be encrypted?

I meant the OVH VM server

There's a lot of misunderstanding here to what I meant, perhaps I should have elaborated in the initial post.