GrapheneOS does the police even use this? I heared that the police don't even look into a computer even if its fully open sometimes. even if they took it because the person was accused to be in possetion of realy bad pictures. It was a known person like an influencer. In the press they sayed "the convicted is so famous, if he would had this kind of pictures on his computer, than people would know. That must be a lie in my opinion because it was the people who called the police on the person and they wanted to know and the whole reason for the police to come and take his pc was that so many people called the police after he did a lot of suspicious things online, while under watch of thousands of people.
So if the police dont look into a normal win 10 computer which is not encrypted, even in a case with high interest of the public, even if the data on the pc is the only thing case related, do they actuall use things like cellebrite, where they actually have something to do like plugin the device and probably have some work to do, even the ai scans the content?

I ask also, because i heared a few times, that the police is not able to access an iphone 6 with an 8digit passcode.
I heared that from people, from whom the police took they're phones.

Or is cellebrite brand new?

Or am i right and the police just don't use it even if they could because mabe they have too much on schedule and only use cellebrite when there is pablo escobar himself?

      DeletedUser119 We have the latest January 2025 documentation, we just don't want to risk having the leak closed by continuing to publish it directly even as screenshots rather than only publishing the information.

      They have support for the newer iOS versions. The new iOS releases either don't create new barriers for them or don't hold up to beyond a few months at most and that hasn't changed. Pixel 9 stock OS hasn't been exploited by Cellebrite yet as of January 2025 but that's likely only because they have to add support for the specific Linux 6.1 kernel branch it's using and haven't done it yet. No reason to think it's going to hold up for more than a few months, there haven't been any major improvements.

          PiNizz-Va-J-J

          You're posting a lot of highly inaccurate speculation and claims. Not clear why you think devices don't have data extracted. Cellebrite has been around offering this for years and their tools are widely used around the world by governments, not only for law enforcement. There are several other forensic data extraction companies with widely used tools, mainly MSAB (XRY) and Magnet Forensics (Graykey). The tools are widely available and widely used. They are not only used in special circumstances but rather as standard operating procedure around the world. It's also not limited to law enforcement. These are not the only type of widely used commercial exploit tools, but remote exploit tools are much more rarely used and not generally going to be widely distributed / accessible to low-level cops, border guards, etc.

          I ask also, because i heared a few times, that the police is not able to access an iphone 6 with an 8digit passcode.

          This is generally the case with an iPhone 12 or later / Pixel 6 or later if the device is turned off. That's shown by the Cellebrite Premium documentation we posted here and is still the case in the January 2025 Cellebrite Premium documentation. If the device isn't in the Before First Unlock state, they can get all the data with Cellebrite Premium for either an iPhone or Pixel regardless of the lock method unless it's a Pixel running GrapheneOS. We have an 18 hour locked device auto-reboot timer by default and Apple recently added a 72 hour timer in October 2024 for iOS 18.1 likely at least indirectly inspired by our feature since several of them followed us on Twitter (may not be active there anymore) and the idea was propagated around everywhere after we shipped it in June 2021.

              GrapheneOS If the device isn't in the Before First Unlock state, they can get all the data with Cellebrite Premium for either an iPhone or Pixel regardless of the lock method

              Don't they still need to brute force the PIN or passphrase, even if not throttled by the secure element/enclave?

                  Titan_M2 If they exploit the OS while in the After First Unlock state, they get all the data from profiles that are not at rest with the exception of a small amount protected by hardware keystore keys set up to require the device being unlocked, etc.

                    GOS I was wondering how mac os would fair against cellebrite, would BFU on mac os make any difference in ease to gain access? I was also gonna ask as I saw in an earlier post you mentioned mac os's "brute force" security was improving and could be nearly compared to an early phone model. Do you see a future where mac os has "brute force" security that can rival modern iphone's? (I know sandboxing is an issue currently) Thanks.

                      jamesman3932 The hardware and firmware security is similar to iOS but credential-based encryption is opt-in and the software is significantly less secure. It should already have largely comparable brute force protection to iOS. It is easier to exploit it though and it doesn't have the recently added locked device auto-reboot feature added in iOS 18.1 in October 2024.

                          14 days later

                          • BBozo

                            • Post #122

                            I wonder if the iOS vulnerability used by celebrite has been fixed in 18.3.1. Apple’s description of the patch is that it is related to accessibility:

                            A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

                              Bozo Although we wouldn't know until we have updated leaks from Cellebrite, it kind of sounds like both Apple and Google might now this past month have patched the vulnerabilities Cellebrite were exploiting. Maybe.

                              If that is the case, GrapheneOS probably loses one of its major sales points of being the only OS to resist these attacks. Even if GrapheneOS is still doing it better, by actual hardening to prevent whole classes of vulnerabilities, not just fixing a specific vulnerability.

                              I am actually a bit surprised why neither Apple nor Google have fixed this earlier. For companies like them, surely, it shouldn't be that hard to get access to the Cellebrite software, one way or another.

                                  ryrona Apple appears to have patched a bypass for their USB restricted mode mitigation. They do not appear to have stopped Cellebrite exploiting USB when it's still enabled. Look up the details of USB restricted mode, it's a weaker variant of what we're doing for USB attack surface reduction and is off by default so it doesn't help most users.

                                    There was a recent upstream Linux kernel patch for one of the Linux kernel vulnerabilities being exploited. We don't know which company/government was exploiting it. It's unlikely that each of these groups is using the same USB peripheral vulnerability and they're almost certainly each aware of at least one other vulnerability they can use. There are a lot of USB peripheral drivers including ones with very low quality code.

                                    It seems as long as apple does not do a similar approach as GOS, it will never be in the same league. Apple keeps the usb port wide open 60 minutes after last lock, regardless if you toggled usb accessories off.

                                    What Cellbrite tool are used for a Physical Extraction (with user consent)? Physical Analyzer?

                                      HarryB Cellebrite UFED is the forensic acquisition tool, Cellebrite Physical Analyzer is the forensic processing tool. UFED is for extracting devices while PA reads/examines the extraction.

                                        5 days later

                                        A few months ago, I was given a "behind the scenes" tour of a US forensics lab. Part of this included viewing their Faraday vault and mobile extraction solutions. I didn't pry too much but was told that unless the device was setup improperly (bad screen lock, only fingerprint, etc), "modern pixels running GOS" were not in their scope. I offered to have them test my phone but unfortunately all their units (confirmed cellebrite, unsure on further details) were being used.

                                        GrapheneOS Can you point to a fuller explanation of the fingerprint+code unlock?

                                        My fingers are quite calloused (I assume that's the reason) and frequently fail on fingerprint unlock.

                                        I'd hate for this to be the unchangeable default method of accessing my device. I'd be locked out 80% of the time.

                                            GrapheneOS when you say 'support for the new iOS versions', do you mean AFU only?

                                            I have a few questions. Apologies if this has been stated already... (if it has, pls refer me to the post)..

                                            1. What access, if any, does celebrite have to data on an iOS with 8 (or more) digit alpha numeric, 10 login limit, in BFU?
                                            2. What iOS versions is data able to be accessed (as per above question).
                                            3. When the matrix refers to BFU - Yes, BF - no. What is the BFU exploit that is happening? and is this exploit available for 8 (or more) alphanumeric login in BFU?
                                            4. Are there any devices that celebrite can access the data when in BFU mode with 8 (or more) alpha numeric passcode?
                                            5. can we access the latest celebrite support data anywhere?