That was a MATRIX phone. I'm not sure if they were running stock GOS with their app, a GOS fork, or something entirely different.
They were Pixel devices though, and the Tensor chip would be the same.
I haven't heard of a criminal investigation/prosecution where a Tensor exploit was used to access the phone, but that doesn't mean there isn't one. I would love to see documentation of one though.
Court cases are one of the best places to learn about practical phone security.
JollyRancher Now tell us what made u state it was a matrix phone where did u get the info?
you can look up europool info. its literally what made them start operation passionflower to Start tracking matrix and eventually shut the network down. you can even see its not a graphene phone (or if it is its a clone) when they boot the phones to show off. they have a totally different boot animation and old school full android block based encryption not the newer file based type
I’m slow.
I words of one syllable, does this mean that Element is compromised?
Blastoidea
No, the compromised matrix is an unrelated invite-only cybercriminal network. Check out this thread for more info.
There are no known exploits to the Titan M2 or the SecureElement.
That does not mean that one doesn't exist, just that if it does its existence hasn't been publicly revealed.
To the best of my knowledge, there are no known (or rumored) technical exploits for an up to date Pixel running GOS. Every compromise I have been able to find was a user fault and/or alternative methods being used to gain the PIN.
Again, if you get on the US governments fuck you list (where they will drone strike you or have Delta do a bit of extraordinary rendition) then all bets are off. Otherwise, up to date GOS on a supported Pixel used in line with best practices remains secure.
JollyRancher They were Pixel devices though, and the Tensor chip would be the same.
exactly. I never said it was gos and it doesn't really matter.
Nuttso
Did the government actually crack the SecureElement?
Or did they exploit some weakness in Matrix phones?
And what Pixel model was it?
Like take the breach of a Proton account a few months back. The user provided an iCloud recovery email so the government got that email address from Proton, leaned on Apple, triggered a password recovery, and used that password to get into the Proton account.
The flaw wasn't with Proton's technical security but with the user.
The same applies here. Was SecureElement breached, was Matrix breached, or did user error leave a gaping vulnerability?
JollyRancher And what Pixel model was it?
pixel 5. titan m1.
There have been a handful of exploits of that. Including at least one that was a full compromise of the M1. That exploit was patched before it was publicly released but no clue what Matrix's firmware update policies were (or desire to start investigating all the relevant dates), so that one could have been used.
Pixel 7's are on the M2 so OP should be safe.
Pixel 5's could be cracked via Cellebrite even Before First Unlock and running GOS (if it hasn't been updated since 2022).
Don't trust any hardware for encryption. Use 96+ bit entropy passphrase if you want to be secure. It's always your own fold if you trust any secure enclave.
Nuttso
Well duh. ;)
Honestly, if you want something to basically be guaranteed secure then you want to be using a random password with 256+ bits of entropy.
96+ is absolutely enough. you could go with 128 but that ís absolutely not needed. I'm using 196+ but that is way to overkill
JollyRancher https://discuss.grapheneos.org/d/3873-what-is-current-grapheneoss-security-strength-compared-to-iphone-circa-2016/10
This is why using AES256 instead of AES128 makes sense, but generating a 256-bit entropy passphrase / seed phrase which just gets fed into a key derivation algorithm to derive arbitrary length keys really doesn't make sense.
Sempa Yes AES 256 Bit and larger are generally expected to be quantum safe, where the best known attack leveraging a quantum computer is only expected to effectively halve the key length for example from 256 Bit to 128 Bit. Here having a rather long and complex enough passphrase is recommended to remain steady against this attack.
No one should rely on the secure element throttling by using a 6-digits pin. It's a big mistake.
What is safe today might be exploited tomorrow.
The Titan M2 will not be indefinitely secure against exploitation.
If you are reading this, change immediately your 6-digits pin and use a strong alphanumerical random password with at least 90bits entropy better if 120bits as the main lock method for your profile(s)
Once they have your phone, they can just keep it for years (if permitted by a judge or court) and wait an exploit to be avaible to brute-force your 6-digits pin. It will be then a matter of days before they find the right pin.
grayway2 The Titan M2 will not be indefinitely secure against exploitation
When that happens, we will know in a day because it will be all over the news. In the meantime 6 digit PIN (I only use 4) will suffice,not all of us store national security secrets on their devices. If you worry about that, you should stop using your fingerprint unlock, entropy of which is roughly equal to 5 digit PIN.
