GrapheneOS still not vulnerable to Cellebrite device exploitation as of Feb 2025

Litmus9

Pixels with GrapheneOS remain the only device explicitly mentioned by Cellebrite as being unaffected by their exploits, and remains the only third-party operating system in their documentation entirely.
This blog post explores the current unlocking capabilities, as described in the February 2025 documentation distributed to customers: A deep dive into Cellebrite: Android support as of February 2025

final

that guy sounds familiar

andrej567

mehehe, at least they have the last column, "unlocked" to have at least some yes in the table.. Very good job!

augmented

lovely news, iOS tables would be interesting also

L8437

With regards to pixel standard, the "yes" for BFU, does this mean they are able to bypass the titan m2?

matchboxbananasynergy

L8437 No, it means they're able to get some specific information while the device is in BFU state, such as installed apps etc. What you're thinking of is "BF" (bruteforce)

abdullah

matchboxbananasynergy crazy, why is that information even available before first unlock

matchboxbananasynergy

abdullah Some information has to be available so that direct boot can work. It's the reason you can reboot and have your alarm still ring, as an example.

Fartimoji

matchboxbananasynergy is it possible to turn this off? So nobody van see which apps.are installed?

matchboxbananasynergy

Fartimoji Doing so still requires an exploit, which according to Cellebrite documentation, is not currently possible on GrapheneOS.

We might eventually make it so you can use a pre-boot password, but that would be a complex feature to ship.

grayway2

matchboxbananasynergy yes, it looks like it's a very complicate thing to implement but I hope that the device encryption space protected with the owner profile pin/password will be on the highest priority for the GrapheneOS devs. I want MSAB, Cellebrite, Magnet, Oxygen, MD-Next and others forensics companies to be like "we can't extract anything at all" when they will find a pixel with USB-C port off, random complex password for the owner profile and device in BFU state.