Hi, just looking for some answers regarding the strength of graphene os to bruteforce from mobile forensic companies like cellebrite, pegasus etc... Also how secure the phone is from brutefoce after first unlock, and also if a phone has been seized by law enforcement to run cold forensic attacks on the phone, how secure the phone will remain as it is now in an offline state with no reception so will not be able to download and receive security updates on the google pixel 4a. Thanks
Security from bruteforce
- Edited
I would start here
https://grapheneos.org/faq#security-and-privacy
- Edited
f13a-6c3a thanks have already done as much research as I could on the website and from articles online, just looking for some answers to the more specific stuff I've asked about, seems to be a lot of smart people who know what there talking about on this forum so just looking for some answers and opinions
- Edited
I can't tell you exactly how brute-force resistant pixel+GOS is but I believe that it is very likely the best choice in android space.
Newer pixels (like newer iPhones) store the decryption keys to the flash storage on a secure element which (to my knowledge) is impossible to extract data from.
One area where the iPhone have an edge over pixel+GOS is that iPhones have the option to auto wipe the secure element after 10 failed password/code attempts.
But if you use a long (+14 characters) and complex alphanumeric screen lock password you've come a long way.
Also, I read somewhere in here that the owner profile is newer at rest and encrypted while the phone is off. Therefore you shouldn't use the owner profile for anything sensitive but rather put it in a secondary profile and power button > end session when you don't use it.
The TLDR is that I think you (or any other person for that matter) will very likely be the weakest link in the security model. I.e. social engineering, mis-configuration of the phone, tortured to give up the password, etc.
Hope that helps.
trilogy6202 Also, I read somewhere in here that the owner profile is newer at rest and encrypted while the phone is off. Therefore you shouldn't use the owner profile for anything sensitive but rather put it in a secondary profile and power button > end session when you don't use it.
Can you explain this a bit more about the owner profile being a risk? What does it mean by "newer at rest"
Cheers
Of course. What it means is that when you have unlocked the phone for the first time after a reboot, the storage allocated to the main profile aren't encrypted again before you power off or reboot your device.
This is different from the additional user profiles you can create and use. On these profiles the storage are encrypted when you use the "end session" functionality to leave that profile and return to the main profile.
This means that (at least in theory) someone could extract data from flash storage from the main profile if they can manage to get physical access to the storage chip without disconnecting power to it (i.e. turning off the phone). Whether this can be pulled off in practice I don't know.
trilogy6202 I've only now learned about the auto reboot which is a great feature, if the phone hasn't been unlocked in a certain amount if time it will automatically reboot back to BFU, this device had an auto wipe function after 5 attempts and I'm wondering can they exploit the the phone to by pass the amount of attempts tried on the phone, from what I've researched the titan chip in the google phone itself has security features to stop this from happening, anymore information would be great, also do you think graphene os themselves have subjected there phones for trial purposes to see can they withstand forensic attacks from the cellebrites pegasus and greyscale etc companies
Have a read of this section of the FAQs. The info about Weaver throttling will be of interest to you:
https://grapheneos.org/faq#security-and-privacy
Also some aspects of the Features page are of relevance too. https://grapheneos.org/features
Yeah I wanted to mention the auto reboot but forgot.
Your curiosity exceeds my knowledge now so I can't help you any more.
My last comment is that GOS+pixel is likely the most secure smartphone setup in the world and if your threat model demand more, I think your better off with a dumbphone.
treequell I've read everything on the websites, is there any graphene os guys on these forums or is it all only just users
Got a question about "Auto reboot" : I suppose if the phone reboots, you loose mobile connection until you enter the sim code again ?
Messi2023 my pixel 3 xl was seized by german authorities and worked on by LKA, BKA and Cellebrite in Munich. No data was extracted. I have a strong alphanumeric password. If you use a strong password and the phone is in BFU state. It's impossible to extract any data. Encryption at rest is no magic. If it is implemented in the right way, which is on pixel and newer android and you use a strong passphrase you're good.
Nuttso yes I heard in BFU its super strong, but when a phone has been taken off someone, I wonder how strong it is with a strong password in a AFU state.
trilogy6202 I read somewhere in here that the owner profile is newer at rest and encrypted while the phone is off
I think this is slightly misleading - ANY profile is not at rest AFU. The difference between owner and other profiles is that other profiles can be put into BFU state by ending their session while owner profile can only be put into BFU by reboot.
Since owner profile must be unlocked almost immediately after reboot to use the phone, I agree with @trilogy6202 that owner's profile is pretty much never at rest just not because of profile defect but because of how it used.
f13a-6c3a so how resistant do you think the phone is after AFU, saying the phone has been took from you in a secondary user profile
[deleted]
Eirikr70
yes
- Edited
Messi2023 hardly unlikely that they would have the time to do anything to the phone. The auto reboot feature is based on a monotonic counter. Never heard of a case that forensic showed up while doing the arrest or the raid. You should be more concerned about hacking the device and having a direct look at it while you are using it than they extracting anything. Nobody could answer that question you are asking. AFU is vulnerable BFU isn't. Change how u use your phone if you're that concerned. I know a lot of people in the German infosec community and some members of the chaos computer club. Even them they didn't raid and arrest with forensic team at the same time. All newer androids and phones use file base encryption instead of FDE. The reason for this is to reduce possible AFU attacks. Imo it's impossible for them to do anything to your phone before it reboots. They need to have a working exploit for titan
- Edited
Nuttso
Somewhere I read that some jurisdictions will immediately place phones into Faraday bags so as to block remote tampering/wiping.
And indeed, hacking and spyware (application or google spyware) are my concerns.
Someone up to no good would use a laptop anyway.
Can you give us a hint of what your concern is?
newbie24689 Faraday is something different. It doesn't affect auto reboot at all. The auto reboot feature is actually my proposal. Make use of this features. It actually is as strong as wiping the keys.