orangecola I have Control Center disabled when phone is locked on my iPhone. I wish that GrapheneOS would implement this feature. currently, you cannot.
Cellebrite Premium July 2024 documentation
horde Pixel (GrapheneOS) devices are protected from https://oxygenforensics.com/en/resources/extract-and-decrypt-android-keystore/ ?
That article lists two extraction approaches.
One approach relies on the device being unlocked, or on adb being enabled and available. The GrapheneOS project frequently warns users against leaving debugging on, especially wireless debugging, on the grounds that it increases attack surface (it does).
The other approach is described as working for certain hardware types, not including Pixels. This is consistent with other information that Pixels, especially if up to date on patches, are more difficult to exploit. Again this is consistent with the project's insistence that at present the Pixel platform is the only platform with sufficient hardware security plus the ability for third-party OSs to effectively use that security.
Though I am not an expert on the Android Keystore, based on what I see in that piece, a GrapheneOS device that is up to date and configured in accordance with recommendations (e.g., USB and wireless debugging off), is likely not subject to the described key extraction.
There might be another leak soon https://xcancel.com/awawawhoami/status/1815142941800747076#m author is known for dumping data and leaks.
There was a leak of Cellebrite Mobilogy and Cellebrite Team Foundation Server from 2022. Did GrapheneOS devs take a look at these? They could request access from DDoSecrets as they classify as researchers.
horde It's not relevant to GrapheneOS.
[deleted] The latest iPhones and iPads can be exploited by Cellebrite. They're likely going to continue keeping up with the latest iOS versions and new hardware models unless there's a major change to how they function. They sometimes have a couple months of delay for certain new Android and iOS versions when they have to update their exploits for major changes or replace them completely.
Lukas You'll be able to do that, but the intended purpose is making it possible to use a strong passphrase while having the convenience of fingerprint unlock + short PIN for secondary unlock.
[deleted] It's likely simply implied by AFU exploitation capability on iOS. If they lose the capability on newer iOS versions they may start listing where they have it again.
orangecola we don't have access to the iOS and Android support matrix documents at the moment because it's what we requested from one of our sources. We didn't ask for the rest. We don't plan to publish the documents ourselves anymore, but there was a user on our forum who published the extended documentation before and they may do it again.
[deleted]
GrapheneOS Even if you have the newest iPhone? I am confused what "available in cas" means?
[deleted] CAS is a service that Cellebrite offers where you send the device to them to get into it, rather than using the tool in a self-serve manner.
[deleted] They probably just haven't shipped the functionality in Cellebrite Premium yet.
What does "FFS Yes, BF No" mean for stock OS Pixel in AFU? Do they get access to all user data unencrypted without the need to brute force the password?
Thank you for providing the screenshots, although make sure the source is not compromised as it'd be nice to see them in future. I suggest rewriting table manually, there are fingerprinting methods available :P But i'm sure you are aware.
It's very surprising to see that they have some sort of patent for newest iOS, i thought that recent iOS AFU unlocks were more like exception than normal thing. It seems that these devices can't be widely considered unlock-safe anymore.
As part of my final year work, I tested Cellebrite against a Pixel 4A phone with GrapheneOS... it was incredibly underwhelming. I'll just say the results were very basic, nothing very useful. I didn't have access to XRY, though.
jellybean BFU refers to exploiting a device Before First Unlock. BF refers to whether they can brute force lock methods after BFU exploits., which they cannot for Pixel 6 or later / iPhone 12 or later due to the more hardened secure elements. AFU refers to exploiting a device After First Unlock, which obtains access to nearly all the data.
Added a glossary with terms used in the documentation to the end of the post.
Can they exploit Bitlocker or Filevault?
Upstate1618 There are no exploits for encryption involved in this. Windows and desktop Linux distributions along with typical laptop/desktop hardware are extremely more vulnerable to these kinds of exploits. macOS on modern Mac hardware is not as protected against this as an iPhone but certainly more than those.
[deleted]
GrapheneOS Is there a simple explanation of why computers are considered less secure, and more vulnerable to attacks than mobile devices?