circlingdante I don't want to spread misinformation, but the last post quoting the GOS page may mean that your approach works as intended since the Owner profile is privileged as in, all other profiles depend upon the Owner being unlocked?
Security from bruteforce
I think the question comes down to (which still isn't clear to me): would a brute-forcing adversary need to FIRST have cracked the Owner user profile in order to brute force attack the secondary user profiles, if the device was obtained when turned off? It seems like the answer is yes based on the documentation.
[deleted]
I would say, you are welcome to try it to see if it fits your needs. But it hasn't received any updates in a while, so I am afraid what you see is what you get and that is it.
To brute force a secondary profile, you don't need access to the first profile.
treequell Are you sure about that?
If the entire data of the device is extracted into external storage, then naturally the data belonging to each profile is gonna be encrypted with its own key. To then decrypt the data of one profile you'd theoretically not need the key for the other profiles. Why is this not the case?
User2288 Not exactly. Brute forcing the keys is pointless, it would take too long so it's not a feasible approach. Usually they brute force passwords, PINs that made by humans and often has less entropy. However on Pixel that doesn't work because Titan holds the keys and implements rate limiting so you can't quickly loop through all possible PINs, passwords.
To revive this topic, just 3 days ago a “banker”was arrested in greece by greek authorities on the request of the dutch which were present on spot. His pixel phone was opened by the dutch and his threema was decrypted.
If anyone is interested i can post the link, or you can search for details online. So i would say brute force in afu mode def possible.
Sorry to double post but its a different topic. If anyone from graphene is reading this, why don’t you implement a toogle where if turned on if a usb connection is made on the phone(besides charger) all data will be wiped in the same moment?
An app called wasted is offering this option, but would rather see it as built in service.
- Edited
Dangor link that it was a pixel pls. They may have found a way to bypass the titan m1 on older phones. The murderers of the journalist I'm Netherland also used a pixel and they decrypted it. This would only help with 6 digit Password. An 96+ entropy password can't be decrypted. This is why I say don't rely on tpm
- Edited
Excerpt is from 4 days ago
You need to understand something. As long as we don't see court documents you can't extract any useful information from the media. He may not have a password. Hey may had a 6 digit Password. He may have used biometrics. His phone might be seized shortly after he unlocked it (they sometimes do arrests like that. They wait till you open it and steal it from your hand.) We don't know how he setup threema. A password no password. All this media stuff is sensationalism. Court files is the only thing that actually would tell us something. My court files in my case are 250 pages just that they didn't succeed in opening several pixels I owned. All of them seized in BFU and with very strong passphrases. They still have the phones and didn't succeed. They used BKA tools, greyshift and cellebrite.
GrapheneOS What best practices would you recommend for protection against SMS-based exploits?
This thread is mostly about protection against physical access, AFU and BFU... but it is my understanding that SMS-based attacks are becoming common, and - for many - a far greater risk.
It is my understanding that there is NO way to ONLY have calls and SMS in a secondary profile to avoid access to the owner profile with all its device-wide privileges. There is also NO way turn off mobile data in the owner profile and turn it on in a secondary profile. This is a security risk - much as I understand why it's like this.
I also noticed that once I grant the phone app mic permission for that one time, mic access stays ON, and I have to go into the menu again and turn it off. Isn't there a way to automatically turn off mic and cam access after a certain time? (like with wifi and bluetooth)? Or when I only grant it for a single time?
I recently set up a secondary profile without calls and SMS on my Pixel 4a (5G) in GOS, and a call got through to that profile asking for mic access. An SMS message did not, I only got a notification. How can I prevent that? It was the phone app in the owner profile that handled that call, as it did not appear in the call history in the secondary profile, and the phone app there has all permissions removed. As I said, calls are turned OFF in that secondary profile, and a call broke through from the owner profile, instead of me getting a notification about it.
Could you recommend solutions or work-arounds for the above?
desperatemouselives separate the phone from the network with a modi router. Also the baseband is isolated on the pixel. And don't use 4a. You're lacking important security updates.
Nuttso I have a 'bramble' device, not 4a. Not yet EOL (about to be).
Did you mean a Mudi mobile router? In any case, that would be a separate device which I would have to carry with me, and I guess a dumbphone is cheaper, smaller and more hassle-free.
[deleted]
Nuttso
Explain more please. Would you completely lose call and sms functionality from the phone by doing this?
- Edited
[deleted] ofc you would. Only data will be available. Read this:
https://www.srlabs.de/blog-post/blue-merle
Srlabs are luminaries in the field of mobile security.