I wonder if the iOS vulnerability used by celebrite has been fixed in 18.3.1. Apple’s description of the patch is that it is related to accessibility:
A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Bozo Although we wouldn't know until we have updated leaks from Cellebrite, it kind of sounds like both Apple and Google might now this past month have patched the vulnerabilities Cellebrite were exploiting. Maybe.
If that is the case, GrapheneOS probably loses one of its major sales points of being the only OS to resist these attacks. Even if GrapheneOS is still doing it better, by actual hardening to prevent whole classes of vulnerabilities, not just fixing a specific vulnerability.
I am actually a bit surprised why neither Apple nor Google have fixed this earlier. For companies like them, surely, it shouldn't be that hard to get access to the Cellebrite software, one way or another.
ryrona Apple appears to have patched a bypass for their USB restricted mode mitigation. They do not appear to have stopped Cellebrite exploiting USB when it's still enabled. Look up the details of USB restricted mode, it's a weaker variant of what we're doing for USB attack surface reduction and is off by default so it doesn't help most users.
There was a recent upstream Linux kernel patch for one of the Linux kernel vulnerabilities being exploited. We don't know which company/government was exploiting it. It's unlikely that each of these groups is using the same USB peripheral vulnerability and they're almost certainly each aware of at least one other vulnerability they can use. There are a lot of USB peripheral drivers including ones with very low quality code.
It seems as long as apple does not do a similar approach as GOS, it will never be in the same league. Apple keeps the usb port wide open 60 minutes after last lock, regardless if you toggled usb accessories off.
What Cellbrite tool are used for a Physical Extraction (with user consent)? Physical Analyzer?
A few months ago, I was given a "behind the scenes" tour of a US forensics lab. Part of this included viewing their Faraday vault and mobile extraction solutions. I didn't pry too much but was told that unless the device was setup improperly (bad screen lock, only fingerprint, etc), "modern pixels running GOS" were not in their scope. I offered to have them test my phone but unfortunately all their units (confirmed cellebrite, unsure on further details) were being used.
GrapheneOS Can you point to a fuller explanation of the fingerprint+code unlock?
My fingers are quite calloused (I assume that's the reason) and frequently fail on fingerprint unlock.
I'd hate for this to be the unchangeable default method of accessing my device. I'd be locked out 80% of the time.
rocky-planet It is manually enabled after you've added a fingerprint.
https://discuss.grapheneos.org/d/18585-2-factor-fingerprint-unlock-feature-is-now-fully-implemented
GrapheneOS when you say 'support for the new iOS versions', do you mean AFU only?
I have a few questions. Apologies if this has been stated already... (if it has, pls refer me to the post)..
GrapheneOS How is the security of Linux against these exploits as compared to macos?
n2gwtl It depends what you mean by Linux. If you mean traditional desktop Linux distributions, they're much worse than macOS which is much worse than iOS. We'd say that the stock Pixel OS is slightly worse than iOS overall right now but GrapheneOS does much better. Please bear in mind ChromeOS, the stock Pixel OS and GrapheneOS are Linux distributions too.
GrapheneOS I should be more specific. I have been on the market for a new computer for some time, and I cannot decide between another macos laptop or the framework desktop. I have looked at this site which covers full disk encryption, TPM 2.0, systemd-boot, and secure boot. I thought if I enabled all of this on Fedora, I would have a reasonably secure system without all of the Apple privacy concerns.
n2gwtl Fedora on a Framework laptop will provide essentially zero physical security with no protection against data extraction after you've entered the encryption passphrase. It will only protect your data while the device is powered off. macOS on a Mac will provide far better physical protection. macOS will also be harder to exploit.
TPM 2.0, systemd-boot, and secure boot
The implementation of secure boot and attestation by both that hardware and the OS (Fedora) is incomplete and insecure. It provides no real world security benefits. It neither provides against attacker persistence after exploitation or physical attackers. It's work towards real security features without getting to the point that it actually works. It's similar to locking your front door on a house where there are no walls, just a wooden frame people can step through. It does not deter an attacker.
According to this specialist, iPhones running iOS 18 are not exploited
https://m.youtube.com/watch?v=Wan4CdDAqUs&pp=ygUKZ3JhcGhlbmVvcw%3D%3D
Locart According to this specialist
He is not a specialist and his video contains errors, that said, he seems to be acting in good faith, yes a modern iPhone is pretty good when it comes to security (much better than most Android devices) and he cites GrapheneOS as the best solution currently, he says he'd rather make a dedicated video of it, which will probably also contain errors.
The comment section is 99.9% full of nonsense and inaccuracies.
n2gwtl I should be more specific. I have been on the market for a new computer for some time, and I cannot decide between another macos laptop or the framework desktop. I have looked at this site which covers full disk encryption, TPM 2.0, systemd-boot, and secure boot. I thought if I enabled all of this on Fedora, I would have a reasonably secure system without all of the Apple privacy concerns.
As it looks, Cellebrite has relied solely on USB exploits when attacking Android. Most traditional Linux desktop distributions, including Fedora, does not implement any security against USB exploits at all. The only desktop operating system I am aware of with strong USB security is QubesOS. QubesOS protects against USB exploits to a similar degree as GrapheneOS, it is a very adequate protection. QubesOS also offers some protection against you unknowingly plugging in a malicious USB device when your screen is unlocked, which GrapheneOS does not. USB security was a primary design goal for QubesOS.
Still, you shouldn't expect that much physical security on a desktop computer while it is running and your encrypted disk is unlocked. Phones have always been far ahead in physical security, since the likelihood is far higher that a phone gets taken while powered on. Computers are usually only located in trusted places while powered on, such as your home or workplace. Phones you always carry with you, while they are powered on. So there have never been much priority to implement strong physical security for computers, as there have never been the same need for it. This means, the hardware and firmware itself often lacks support for implementing proper physical security in the desktop world.
Solution, power off your computer whenever you don't use it, so that the disk encryption key gets unloaded, and all your files become inaccessible without knowing your passphrase.
