• General
  • Trust in Google Tensor (and G2)

  • [deleted]

I have been trying to find an independent research, breakdown and review of Tensor SoCs in terms of possible security implications. But have found almost nothing. If anyone has such information, would you please kindly share links with the rest of us?

As far as my understanding goes OS that runs on the chip is superior to any other end user OS, like GrapheneOS for instance. And as such it may be/is capable of running instructions that are otherwise undetectable/out of reach of any end user OS. It may be using methods of communications that are not internet based (like mesh network analogy of AirTag, Tile etc.) that have not been reported on or further researched, allowing them to silently call HQ (with device ID and more) regardless of whether the phone is on or off, since battery is not removable and therefore there is always some residual power supply present (even at 0℅). I'd imagine that any such communications can not be detected by regular OS and are run in exclusive privileged memory inaccessible to anything else. I'd also imagine that it's cherry picking its data during normal use and if it does report, it does it when the device is not in use but not necessarily and/or it could be doing it in various time intervals to prevent detectability.

I have to add that I have no formal IT education but subjects of this kind deeply interest me since everybody may be affected. Let's not forget that any developer may (or may not) include features that are not publicly announced and are only known to them.

I am not really looking to find any kind of answer, but perhaps those of you who are more adept could delve into things further and thanks to your research we might learn something new.

    • [deleted]

    [deleted] And as such it may be/is capable of running instructions that are otherwise undetectable/out of reach of any end user OS. It may be using methods of communications that are not internet based (like mesh network analogy of AirTag, Tile etc.) that have not been reported on or further researched, allowing them to silently call HQ (with device ID and more) regardless of whether the phone is on or off

    Could you share your sources for these claims?

    a year later
    • Edited

    Hello,

    I got to this post after googling. I watched a YouTube video about how Google and Apple can now take screenshots every 5 seconds and use these chips to extract text, describe images etc and then send that data back to their servers. It would mean end to end encryption is useless because messages can be read before the encryption even happens.

    I don't think there is proof that they do this. Although Microsoft announced this sort of thing as a feature of their OS recently, so it is possible.

    But my question is - does/can Graphene OS prevent this?

      Ppp

      then send that data back to their servers.

      This would require code to be written and executed. Code that GrapheneOS would not include in their system/software.

      Similar discussion here for the record.

      Ppp I'm pretty sure an app cannot take screenshots unless you give it permission for screen sharing or something. So GrapheneOS should already prevent any Google or Apple app you install from doing this, and more importantly, any malicious app you install from doing this.

      Just responding to @Ppp:

      Assuming that you are right - how do Google and Apple manage, that no networking hardware on the whole world is either

      1) detecting DNS lookups for the servers of these companies or
      2) recording traffic to IPs that can be traced back to these companies or
      3) recording at least unusual big amounts of traffic to IPs that no one knows whom they belong to that appears as long as these devices are connected to the network?

      Lots of security guys have already been observing their devices in terms of outgoing network traffic in different configurations, including full decryption by depositing their own root certificate on the device.

      External proving via accessable network infrastructure has always been a part of validating the trustworthiness of devices.

      Ppp I watched a YouTube video about how Google and Apple can now take screenshots every 5 seconds and use these chips to extract text, describe images etc and then send that data back to their servers.

      Once I watched a YouTube video about how the Earth is flat.

      I think the discussion might be more productive if you could cite your source: which video, which part? Citing sources is a good practice.

        • [deleted]

        de0u yes, I also watched a video how most of the cooking seed oils also are cold pressed, gently prepared, do not oxidize quicky and are absolutely not killing you alive thanks to oxidative stress mainly because shallow frying happens at a very low temperature. Always consider the source.

        Ppp As mentioned above, please specify which video you saw and which part of it, because YouTube unfortunately contains a lot of garbage, and video authors often do this on purpose.

        fid02

        making false claims without solid evidence is easy; disproving them using solid evidence is perfectly doable, but frustratingly time-consuming.

        That is an excellent way to put it. A simple but effective way of explaining something I've never been able to put into words for some reason