Cellebrite Premium July 2024 documentation

Alllus

GrapheneOS https://discuss.grapheneos.org/d/20401-grapheneos-improvements-to-protection-against-data-extraction-since-2024 is a thread about recent improvements to the defenses.

https://discuss.grapheneos.org/d/20402-cellebrite-exploits-used-to-target-serbian-student-activist

You are very convincing in your arguments! Today, the Pixel 9 order). I have a question - I used the Honor MAGIC 6 Pro (Quallcom Snapdragon 8 Gen 3, MagicOS 9.0 Android 15, with descret security chip S1, MagicOS-8.0-Security-White-Paper.pdf ) and use processes automation - "Macrodroid" on the phone. I provided this application with all possible access. I write triggers under my phone model:

turning off the phone in 15 seconds when turning off the mobile network (Faraday box);
blocking the phone when stealing a phone from my hands;
Turning off the phone within 10 seconds when connecting the USB cable;
the second factor in the authorization of PIN when unlocking with a finger;
turning off the phone if not unlocked within 1 hour,
turning off the phone after 2sec clicking the volume button up and other safety macros.

This is a good set of security addons functions. Therefore, is it possible to use a macrodroid on your OS for extra experiment for me?
My profession is an activist ... And every day it can be dangerous for my work. All information in my phone.

troika

Alllus I asked Macrodroid to format the phone without unlocking it for a certain period of time, but they didn't agree.

Alllus

troika no any problems. Example trigger actions - Run "settings" applet, Enter search "factory reset", click confirm button...

P. S. Its very simple example.. You can make it more complex. For example, add a screen sensor lock, multiple retries, etc.

Fartimoji

GrapheneOS are you saying, that a pixel 7a with grapheme is less secure than a newer Pixel device? If so, which is the safest device for graphene?

de0u

Fartimoji Are you saying, that a pixel 7a with grapheme is less secure than a newer Pixel device?

Correct.

For example, the 8's and 9's have MTE. More information: https://grapheneos.org/faq#recommended-devices

Alllus

If I bought a Pixel 9. I install GraphenOS, install all Google programs (google translate, Play Market, Chrome, Google Drive, Google Photos and others), completely disable the USB port, set an 18-character password and a fingerprint (for convenience), set the device reboot time to 1 hour. I am not interested in anonymizing the phone. What is important to me is counteraction to hardware complexes UFED, GRAYKEY, etc. Will this be enough? Will this be a protection mode similar to the iPhone downlock mode?

Finik

GrapheneOS Does Windows protect better than Linux? Microsoft has more resources to implement security technology

GrapheneOS

Finik Depends on what you mean by Linux. It's not nearly as secure as ChromeOS or Android. It's easily more secure than Debian. Some traditional desktop Linux distributions are doing a lot better than Debian. The topic of the thread is forensic data extraction and essentially no traditional desktop OS other than macOS and ChromeOS have any serious defenses against it but ChromeOS is generally on hardware without serious defenses against it. If you're talking about security from data extraction on a laptop, there isn't much more choice than a Mac with macOS as long as you had some kind of locked device auto-reboot set up. Anything else is not able to defend seriously against it while powered up and locked.

Alllus

Here's the Cellebrite Premium 7.73.1 Pixel Support Matrix from February 2025.

Pixel 6-9 with GrapheneOS - the best! No any access to BFU/AFU state

DeletedUser343

Alllus what is is the 2022 SPL?

Alllus

DeletedUser343
It's GrapheneOS not updated from 2022 year.

DeletedUser343

Alllus oh awesome. So any current update is good?

Exhort14

DeletedUser343 Yes.

Stayjuice

I assume that Cellebrite needs a usb/data connection to get in to phones, couldn’t a non data port be installed on a device? A port that only charges and gives no data access just wondering

All attacks I thought went through the usb port if it couldn’t handle data it would be safer at hardware level

GrapheneOS

Stayjuice USB-C port is a non-data port on GrapheneOS when configured that way. It disables USB-C data at a hardware level when set to "Charging-only" mode. The default is "Charging-only when locked" which immediately blocks new USB-C connections at both a hardware and software level after locking followed by disabling USB-C data when existing connections end. It's implemented by setting the USB controller to act in a certain way. There's even support for fully disabling it while booted into the regular OS mode to block charging including USB-PD too.

Stayjuice

GrapheneOS I wasn’t very clean sorry, I mean on the apple devices that Cellebrite can attempt to get in to. I’m weaning myself off of apple anyway. I will use the pixel as my main and I might invest in a pixel tablet to replace my iPad mini and sell that as it doesn’t get used rarely anymore.

final

Stayjuice Forensic experts are trained in device repair, they'd just replace the port with a functional one.

Stayjuice

final rumour has it that future devices may not have a data port at all and just wirelessly charge then they couldn’t solder one on

Aeon

not sure if someone posted it already but here is an article that contains the celebrite support matrix from February 2025

https://osservatorionessuno.org/blog/2025/03/a-deep-dive-into-cellebrite-android-support-as-of-february-2025/

dc32f0cfe84def651e0e

Stayjuice How are we supposed to install GOS on thos devices?

de0u

Stayjuice rumour has it that future devices may not have a data port at all and just wirelessly charge then they couldn’t solder one on

"Rumor" indeed. That seems unlikely given the amount of work Google has been putting in on getting desktop environments to display over USB-C. I think it will be a while before it's feasible to transmit monitor-quality display output without a physical connection. I guess in theory UWB might do it, but I'm not aware of monitors supporting UWB input.

« Previous Page Next Page »