de0u a small radio beacon that would transmit only a little bit rarely.
What could this beacon transmit?
de0u Of course, the same is true of an iPhone, or an electric toothbrush... or an LED light bulb... or a key fob for a car...
I know this problem is not limited to Pixels, it is a more generell problem, especially for a hardware that include less trustworthy countries in their supply chains.
de0u Tampering with the smartphone parts of a smartphone, thus getting files stored on the device
Do you mean getting my files from the device to the attacker or do you mean get a backdoor from the attacker to my device?
de0u But if somebody is willing to spend $100,000 to get data on you in particular they probably will, at least unless your opsec is stellar all the time, which is a heavy cost.
If the coasts are so high then its safe enough cause my data is not so valuable (for the attacker).
de0u GrapheneOS on a Pixel makes it hard for random entities to cheaply harvest lots of data from lots of people, and provides quite good resistance against a variety of focused attacks. But it's genuinely difficult to protect against a well-resourced attacker focused on a specific target, especially an attacker who isn't in a hurry.
How could GrapheneOS prevent for example the CCP to just backdoor every electronic component that goes through their factory?
locked A Chinese manufacturer probably could implant a hardware backdoor somehow, and likely not anything software related, and to do so would be very risky. Should Google discover this it on a large scale, it would likely be game over for that supplier.
I did some research on if hardware components like CPUs can audited and it seems that its very difficult even for big tech firms or government agencies to audit hardware components and make sure that there is no backdoor.
23Sha-ger Nobody will go to that length of complexity for a "nice to have" thing.
There are lower hanging fruits, such as all the Chinese phones, you can implement backdoors in software
and it can stay under the radar for years.
But every person that care a at least a little bit about privacy and security would not use this stuff, the only people they get with these, are people that have all their stuff easy accessible (for every organization who really wants to) anyway.
Software backdoors are a lot easier to detect and/or to prevent then hardware backdoors.
Open Source software is if reproducible (if not then its not really open source) very easy to audit even for not so technical person, in a way that they can make sure that they have the same code running that is on Github and if the projects is big enough they can reasonably assume that someone would have audited the code itself.
And even closed source software is a lot easier to reverse engineer then it is to reverse engineer hardware components. And even if this fails, you can at least make sure that all the binaries have the same checksum so you have the same code as everyone else and also as inspecting government agencies who maybe able to reverse engineer if they have a suspicion.
With hardware all this is not really possible.