Nuttso the phone was already in AFU and the auto reboot function was not set up on the phone, I've only.just learned about the auto reboot function, but the phone was immediately placed into a Faraday bag, so I'm trying to see how vulnerable the phone is as it was in AFU, the only thing I noticed is sometimes the phone would switch back user when it was in my pocket, so I hope it has randomly rebooted

    Messi2023 nothing will happen with your phone. They don't have a working exploit for pixel with AFU currently no matter who your adversary is.

    • [deleted]

    what about ios? Just curious!

      • [deleted]

      Nuttso brand spanking new 14 pro or 14 pro max?

        @Messi2023 if you need further info pass me a signal number

        [deleted] not that I know of any forensic lab that can access them. Not even grayshift

          I have to revise a statement of mine. I just asked my lawyer if IT forensics companies are present during arrests or searches in Germany and he confirmed it. Only recently at a tax investigation. Does not mean anything, because it is primarily about pc.

            Nuttso if your phone is in AFU mode, and a forensic team has your phone, what can they do?
            I'm just a simple user so I don't know many technical terms

              L8437 afaik at the moment not much. The only thing that is definitely true is that BFU is impossible with a strong 128 bit entropy random pass and AFU is cat and mouse game

                Nuttso ok great thanks

                Does anyone know how vulnerable is the phone in BFU mode with or without simlock for an Esim?

                  Cellebrite has announced bruteforce support for Google Pixel phones (including GrapheneOS) up to gen 5 in one of their private chat groups on discord, this means that they have the ability to bypass the secure element (titan M). Also Dutch NFI (law enforcement) have made it possible to inject malicious code into pixel phones during the fastboot mode in which they are able to extract encrypted keys which can be bruteforced. Again this means they have find a way to bypass the secure element of the pixel phone. The only way to get around this is by:

                  1. Buy a 6th gen Pixel phone or higher and update it always when updates are available.
                  2. Make sure your phone has auto-reboot and turns your phone in BFU state every now and then. (though BFU wont wont help protecting from injecting malicious code during fastboot mode)
                  3. Make sure to use a long, strong and complex alphanumeric password.

                  This is what I can think about for now.

                    Hathaway_Noa they can't bypass the secure element. Cellebrite is full of sh*t. They again described extracting data from an unlocked phone. Same they said about signal. My lawyer is the chairman of the Chamber of Criminal Lawyers in Germany. They are gathering all the information they can. AFU is currently not cracked.

                      L8437 I'm repeating myself here. It's impossible to decrypt anything when the phone is in BFU.

                      Hathaway_Noa Make sure your phone has auto-reboot and turns your phone in BFU state every now and then. (though BFU wont wont help protecting from injecting malicious code during fastboot mode)

                      This is also a myth. By law, such action must be explained in court to the last detail. This is not encrochat or Sky ecc where they can ship around the rule of law. In targeted operations like this, they have to explain exactly how. Which in turn explains the hack still in the trial technically accurate. The reason for this is that there was no data manipulation during it and the data has integrity.

                        Nuttso of you you have fact based evidence like court files or just a number and a name from a lawyer with such a case provide it pls.

                        Hathaway_Noa

                        Nuttso Cellebrite explicitly announced bruteforce capabilities within BFU mode for locked pixel phones, they announced this to their own customers and this will only be available for Cellebrite Premium and NOT ufed4pc! BIG DIFFERENCE! If you believe cellebrite is lying against their customers be my guest, but I'd rather give people this information to be taken into consideration. A lot of people take the titan-m security for granted and use short numeric passwords, this can bite them one day. Bootloader exploits are always a thing and have always been a thing, for both pixel phones and android phones.

                          The real problematic adversaries are pegasus and other unknown companies that are hording vulnerabilities.

                          Hathaway_Noa I know I follow them closely. I also know people that are licensing their products. And no they can't do what they claim. You're overestimating them. They do this quite often. And again. In targeted operations they have to proof unaltered data. This means it must be in the court files how they do it not just that they can do it.

                            A judge at the district court will of course be able to convict without the raw data, but the Federal Supreme Court will overturn the verdict. Because in Germany, the Constitutional Court has ruled that the defendant must have the right to see all methods and raw data. This is mandatory. Encro and Sky is something else. There they have pulled off a clever move. The shipped around German law. With the current law and a targeted operation it's impossible to pull such a hack and not explain absolutely every detail how u did it in court. Same goes for NL.