We hear a lot about open source OS code, but what about the firmware and hardware of devices...is not this just as important?
Has anyone physically fully taken apart the Google Pixel models to see if there's any extra batteries or shady firmware or hardware things? This should be mandatory with each new model that comes out.
K8y And? See this is the exact kind of nonsense people parrot just because they think Google will go out of their way to implant hardware to spy on people.. they don't have to they get enough data willingly by others via their ecosystem. Also it's not easy to just plant "extra battery" or "malicious firmware"..
I get that you may be afraid, but really, stop watching all those doomsday yt channels that claim that evul corporations are after us.
0xsigsev I don't think it's fair to call it fear, but rather just doing device due diligence. Consider your team worked for a head of state or CEO...surely you'd go the extra mile to check.
I would just like to know if any neutral inspector has looked under the hood of modern pixels. There's no need to get aggressive.
K8y Yes, I found a tiny green man who called himself "Tod" who was in charge of reading the contents of the flash and decrypting it using his magical gnome powers and giving it to google.
He said in exchange for a small berry or nut, he will stop.
K8y "There's no need to get aggressive." People are being aggressive because its fairly clearly this is a subject you don't really understand
extra batteries in the device would be illegal, since it would violate shipping standards/warning labels
This is because batteries are glorified little bombs and laws are fairly strict about them
raccoondad some devices have been shown to have additional micro batteries that still operate part of the device even if the larger battery is dead, so your snarky reply is also wrong as it is rude.
Really surprising to see the odd reactions for such a simple common sense question.
Someone with experise should just have a look.
K8y "Really surprising to see the odd reactions for such a simple common sense question."
Its not one, any device that has extra batteries is going to have it in its specifications...you can also just watch tear down videos of the Pixel of which there are hundreds (including Ifixit)
Your question is based on belief of conspiracy theories that only serves to harm peoples security and placement in reality.
K8y If some hardware-level "shady thing" was implemented for all Pixels, I assume an "inspection" of the hardware won't be enough to identify it - I guess you can look up a repair guide or teardown video for your Pixel and see what they say the various parts are to verify this...
A more targeted hardware-level attack will probably be easier to see, but then "inspecting" a random Pixel won't help anyway.
I don't think there's a reason to be aggressive, but your questions are vague and the answers are not hard to find.
raccoondad Lol, i'll go get the popcorn while this thread evolves.
So if it is the case that someone has done this and checked the hardware and firmware that's all that was needed to say.
I haven't seen any videos of a someone looking to verify that nothing is out of place with pixel firmware or hardware. Better than this though would be if graphene, which aims to be the most secure phone in the world, do this and publish the results, like it does with the cellbrite results.
Trust by verify.
You can buy a battery replacement kit on ifixit easily and see for yourself if you are really worried.
As for firmware, firmware blobs are always questionable, I don't like them as much as anyone else, but I seriously doubt there's a realistic way to use firmware for analycis, at the very least, I think GOS would rather use their actual methods (of which you consented to if you use google services) than some kind of firmware level data collection and transmission that would cost way more than just making it done on the software level as an android app.
K8y Why do you assume this? I think every part of the device's hardware and firmware should be crystal clear in its function. Just as we want the open source code to be.
The hardware and firmware are not open, so understanding them at the level you want would require someone to reverse engineer them.
I don't think it is reasonable to expect the GrapheneOS project or some other group/indvidual to undertake the amount of effort it would take to do this, especially not for every new Pixel that comes out.
raccoondad You can buy a battery replacement kit on ifixit easily and see for yourself if you are really worried.
Yes, this is a fair idea, though I would prefer an expert do this who knows what exactly to look for, just like I trust my mechanic more than myself with engine repairs : )
mrket I didn't realize verifying firmware and hardware is nearly impossible...if that's accurate then we just have to trust whoever makes our phones and firmware.
If there is an expert out there though who has a talent for this sort of thing, I hope they are warmly welcomed and encouraged to provide their results.
If you are concerned about malware being injected into the hardware of the pixel, this is probably highly unlikely, and if there were any units out there in high numbers, it would certainly be discovered, and undermine it's intended purpose. Besides, should firmware be doing something it's not supposed to do, it could be detected by network analyzing tools such as Wireshark. Let me add that any such malicious attack would likely require a bypass of signed firmware enforcement. It's not something that it's likely easy to do...
if google would for some reason have hardware different than the specifications, it wont be something that you can see.
If i remeber correcrly, one of the apple processors had a secret hidden register, which wasnt documented at all and was found by chance.
And yes the firmware is not open source and really hard to check, but there is no other option.
In theory all of it can be malicouse, but that doesnt mean that it is so in reality. For google and almost all these companys, normal software is already enough to get the data they desire.
If you really want to know you probably have to either learn the skills to do so yourself or pay someone who can to do it.
I dont think the grapheneOs developers, who already make an whole OS which we dont have to pay for, can be exspected to also verify firmware and hardware, im a way that would statify this level of assurance.
this is my opinion on this
There were similar discussions before, for example:
