• General

  • Has anyone opened the pixel to see if anything nefarious?

I ALWAYS have baseband turned off. I usually don't have anything with a sim card in it either.

  • K8y replied to this.

    K8y Has anyone physically fully taken apart the Google Pixel models to see if there's any extra batteries or shady firmware or hardware things?

    Thousands of repair shops worldwide have taken Pixels apart. Also iPhones, Samsung Galaxy phones, etc.

    Taking the firmware and the chips apart is harder.

    In the other direction, one problem with conspiracies is that people talk. Bigger and longer conspiracies require more people to keep silent for longer.

        locked

        locked I ALWAYS have baseband turned off.

        Does this simply mean you click "off" in the mobile Sim section in Settings/Internet and Network, or something else is required?

        de0u Taking the firmware and the chips apart is harder.

        Is it any harder than reviewing the open source OS codes to see if anything is nefarious there?

                K8y

                Airplane mode is what you probably would want to activate:

                . Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio.

                and

                Airplane mode is the only way to avoid the cellular network tracking your device and works correctly on the devices we support.

                source: https://grapheneos.org/faq#cellular-tracking

                  K8y Without source code, examining firmware requires reverse engineering, which is laborious and subject to legal issues in various jurisdictions.

                  Finding out exactly what a chip does is really hard. It requires a scanning electron microscope / scanning tunneling microscope, and then massive amounts of labor.

                      de0u Finding out exactly what a chip does is really hard. It requires a scanning electron microscope / scanning tunneling microscope, and then massive amounts of labor.

                      That sounds very difficult, so I would think an expert that can detect this would actually own the Telecom security market to help secure devices for heads of state/VIPs.

                      I hope something like this chip in the link below could be discovered much easier if it has charactaristics that normal chips don't have:

                      http://www.actionindiahomeproduct.com/audio-device/spy-mobile-battery-gsm-bug.html

                      • de0u replied to this.

                          Not that anyone cares, but I’m quite disappointed by the overall response in this thread.
                          I first wanted to answer @K8y questions, and maybe hint at the fact he should have searched more – @de0u recently gave him this advice – , or think about the questions thoroughly first, but, in the meantime, some answers have been given, some of them useful, fortunately.

                          raccoondad

                          Your sarcastic tone is really uncalled for.

                          raccoondad

                          This is quite a twisted response here.

                          First, no, people were not being aggressive, it was only a response from @0xsigsev that had been perceived as aggressive, and your response, justifying aggressiveness from @0xsigsev and non-existent people.

                          Secondly, @K8y had at no point been assertive, nor he claimed to understand the subject. He merely asked questions and tried to understand.
                          Are you new to the courteous part of the Internet?

                          This kind of harsh and uninformative response is not helping the project. This hostility is fuelling the ‘conspiracy theories’ that you denounce in this very thread.

                                K8y No, it means I have AIRPLANE mode ALWAYS turned ON, and NEVER a sim card inserted or eSim activated on my GOS phone.

                                • K8y likes this.

                                  leafnose Was this really an 'aggresive' type of response? I did explain in the first reply why would this not prove anything, and his reply was 'Its google afterall'.. Going by this analogy, you'd need to tear down any piece of hardware because it's made in China. Problem is, just because one piece of equipment is clean does not mean the other is..

                                  Another problem is, how would someone recognize if anything is sus.. it does not have to be on hardware level, how would one discover an implant in for example a modem..

                                  I don't buy the entire narrative, simply because it's very difficult to do such attack, and even if, it would not be Google doing this.

                                      0xsigsev "imply because it's very difficult to do such attack"

                                      Also imagine how many people would be required to make such an exploit, a firmware level attack that would voiolate the user agreement, with no one saying anything whisteblowing wise? The legal issues alone...

                                      This is why Google is very transparent about the data they collect (as much as the law requires at the very least), its just no one (myself included) reads the user agreement...

                                        0xsigsev You say China, but let me remind you the US government has and probably still does conduct supply chain attacks. Lets assume that China is suspect, however. You don't think Google checks their phones? You state how would anyone. Well google is not just anyone. They have advanced laboratories and the trained personnel to check this stuff.

                                          0xsigsev

                                          Was this really an ‘aggresive’ type of response?

                                          No, it was not, that’s why I wrote, ‘perceived as aggressive’. The ‘nonsense people parrot’ part, however, might have been unpleasant to read. My subject was more about justifying aggressiveness on the forum, and for so little at that, which was not your doing.

                                          As for what Google might do or not, I don’t want to speak at length here, and getting accused of dabbling in conjecture, which is not appreciated by the GOS team, and with good reason. I’ll just say the following:

                                          I don’t fall for the American Dream garage start-up success story narrative; some people seem to overlook the deep ties between Google and the DoD that exist, and the budget of the latter.
                                          The book When Google Met WikiLeaks by Assange might be enlightening for some.

                                          That doesn’t mean I don’t trust my GOS device, but should, for instance, Russian or Chinese high-profile targets trust any kind of Pixel devices? They probably have good reasons not to, besides pride.
                                          A Russian dissident may take advantage of using a Pixel device; a GRU operative being actively targeted by the U.S., probably not so much. Where are the threat model people when we need them?

                                          I’m not saying Pixel devices are different when it comes to high-profile targets: I acknowledge that the U.S. have other capabilities when it comes to non-Google devices or non-U.S. devices, of course.
                                          But those are out of scope considerations.

                                            K8y No I would not, what for? It's not like I would be a me to reverse every piece of hardware and / or software. and majority do not either. Because it would be too costly. Besides attacks are done without such approaches that are far more successful and cost much less resources.

                                            No one really implants such stuff into every device. They don't want it to be burned.

                                                i am wondering, would the grapheneOs installation detect if the wrong firmware is on the device? (And flash the correct one), since it does proivde firmware updates

                                                like if for some reason you get a pixel and the frimware has been changed for another. Is is verifyable that the correct version is on the device (not just version number, i mean cryptographical verified)

                                                • de0u replied to this.
                                                • K8y likes this.

                                                  I took apart a cheap phone with a removable battery once and found a battery on the motherboard. It was not a Pixel.

                                                  Pixels are repaired all the time. Surely the schematics match the insiders, right? A phone mechanic would notice.

                                                  de0u thank you

                                                  GrapheneOS GrapheneOS provides all of the firmware images as part of flashing the OS and provides the updates to them. Not doing that would be completely broken and insecure.

                                                  so if i dont missunderstand, that means that it atleast should not be possible to get weird firmware in a supply chain attack?

                                                  and furthermore, considering the firmware would have to be the correct one, this should also make it harder to modify the hardware, wouldnt it