I'm working with bunch of lawyers in Germany hand in hand on the encro and sky ecc cases. This is our work here:

https://www.fairtrials.org/articles/legal-analysis/german-courts-refer-the-legality-of-encrochat-evidence-to-the-cjeu/

We went through bunch of stuff related to extracting data and hacking devices. In Germany it is impossible to grab any data or hack a device without telling all the details to the court. Encro and sky are exceptions. They ship around providing the raw data because the law in France is different. If there ever would be a case breaking the BFU of a pixel in Germany by law enforcement i will get access to the whole technical data.

    matchboxbananasynergy Y'all can correct me if I'm wrong here, but assuming the phone is in BFU state when the advesary gets a hold of it, and assuming that you use a password that distrusts the secure element (90+ entropy password/passphrase), I fail to see how they can get anything from it, seeing as everything is at rest and cannot be bruteforced.

    I imagine from a forensics perspective it's already extremely difficult to succeed without this type of setup, so this would make it so much more. I'd still never say never and assume anything can be exploited with enough time. GrapheneOS already does a lot to make certain extraction methods not possible in comparison to Stock.

    Nuttso you're one of the very few people that seem to understand what kind of importance data integrity has Infront of a court.

    Thanks. While I focus on information security now I used to do Mobile forensics, hence how I am qualified for using UFED (A Ruggedized UFED Touch2 to be exact). Luckily never been to court but know many people who have.

    I read the thread and the conclusions you make are about the same as mine, although I think Cellebrite are less capable than both what they describe and what people think they might have, mainly because when things get as sophisticated as this, they simply aren't for Cellebrite to deal with. I also made a post a while ago about how GrapheneOS features make Cellebrite unintuitive and why they would likely avoid using them entirely here:

    https://discuss.grapheneos.org/d/4727-graykey-countermeasures/30

    Oftentimes I find the overhype being just people grouping Cellebrite with intelligence-agency level threats which isn't comparable or realistic. These tools quite literally exist so investigators can do the work with minimal knowledge, time, and effort while maintaining forensic integrity. I would not be inclined to think an intelligence agency who will classify everything would give a shit about ANY integrity considering they would kill to get information on some people depending what state it is. Plus, sometimes knowing information on a target could be so good for their operations it doesn't matter if the evidence is invalid to them or not.

    Nuttso I'm working with bunch of lawyers in Germany hand in hand on the encro and sky ecc cases. This is our work here:

    I can't say a lot about these since my knowledge basically boils down to hyped news articles. From what I've seen these devices have always been total garbage, and the fact they could get away with making a phone that essentially relies on trusting a centralised, targeted and at-risk source to function is really bad... not to mention their insecure hardware.

    I don't remember where this was said but I remember hearing that GrapheneOS gets targeted by companies who sell that crap because the existence of a real, open and secure mobile OS like this one puts these criminal markets out of business. Big reason why I donate and support this project.

            final I'd still never say never and assume anything can be exploited with enough time

            Even AES? I mean with enough time. But who cares that happens after trillion years passed.

                Nuttso When quantum computing reaches maturity it will crack AES, RSA, etc. Also, NIST has begun planning the transition to quantum-resistant encryption algorithms.

                Intelligence agencies have been hoarding data to be decrypted once their quantum capabilities are sufficient. Crazy times.

                    Kryptos That is not true. AES isn't really in any danger. Quantum just reduces the time needed to crack it by half. Symmetric encryption is quantum safe. Asymmetric encryption not. This is why we try really hard to get funding for molly to implement a quantum safe algorithm.

                        Kryptos Nuttso
                        For further reading, I found this paper to be really valuable:
                        Post-quantum cryptography - dealing with the fallout of physics success (Bernstein and Lange)

                        From table 1 on page 3:

                        Name: AES-256
                        Function: block cipher
                        Pre-quantum security level: 256
                        Post-quantum security level: 128 (Grover)

                        Name: RSA-3072
                        Function: encryption
                        Pre-quantum security level: 128
                        Post-quantum security level: broken (Shor)

                        Name: RSA-3072
                        Function: signature
                        Pre-quantum security level: 128
                        Post-quantum security level: broken (Shor)

                        Keep in mind that the definition of "post-quantum" is fuzzy and uncertain. There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

                        As far as I am aware, there are no reputable expert quantum physicists in the field that expect this to happen sooner than 10 years from now, but most of them expect it to happen within the 21st century.

                              Nuttso

                              Not sure if I should answer this but,

                              Sweden.

                              The iPhone 12 Pro was in lockdown mode, latest OS at the time.

                              But I noticed that some apps I opened after starting it up, asked for new permissons about notifcations after booting it up. Weird.

                              Both phones had long passcodes.

                              I assume they couldnt extract anything from any phone since I would 100℅ be in jail by now if they gained acess to neither of them.

                              I Think Pixel was in lockdown mode only.

                                thetraveller1

                                They are now allowed to use violence here for FaceId and fingerprint unlock. Which is why I always make sure I use lookdown mode before putting my phone away.

                                . They never asked for my passcode because they probably knew my answer would be "I dont remember my password".

                                    Nuttso Symmetric encryption is quantum safe. Asymmetric encryption not. This is why we try really hard to get funding for molly to implement a quantum safe algorithm.

                                    Thought I sent a reply about last replies, guess it didn't.. I don't think AES with a good enough key size is weak by any means, I just think:

                                    • Science can be very unpredictable sometimes
                                    • Most people wont go out of their way to target the encryption, but the systems that make the encryption possible. While I think this is completely miniscule of a risk for a securely designed system like Pixels, all about time, budget and interest.

                                    I would love to see Kyber or other NIST PQ algorithms get tried out in messaging applications soon. I'm not much into the quantum/science stuff though so I can't comment.

                                    zzz There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

                                    As someone in there this is true. Too much obsession with commercial trends, and creating useless solutions from a lot of junk put together (eg. Blockchain technologies + something like Childcare).

                                    V1king They are now allowed to use violence here for FaceId and fingerprint unlock.

                                    Personally if I was at risk of violence I'd only use GrapheneOS + everything on a profile so I can delete that profile during a tough time, although I'm not at risk of either so maybe I can't think of any better plan.

                                            V1king I reinstalled the OS and verified that nothing was tampered with and all is good.

                                            For the Pixel the auditor app and the remote attestation service are supposed to warn you when the phone get tampered. You don't use them ?

                                            You verified that nothing was tampered after new OS install ? In case of hardware tampered, fresh GOS and attestation install not sure if the auditor and attestation service will detect this.

                                              It's unfortunate that people that are educated on privacy and value their privacy from "big tech", that software like GrapheneOS is known outside of the privacy community as used by "criminals" or "hackers", etc..

                                                The ignorant are ruled by their perceptions.

                                                Everything is used by criminals, and laws only stop those honest enough to obey them.

                                                spiral Honestly, I don't know what GOS stands for, so I am not sure how to take that response. My response was very neutral and my true feelings on the subject. My apologies if I have offended you.

                                                    zeroNULLvoid it's unfortunate that people have to break the law so we could gain equal rights for everyone on this planet. The war on drugs is a joke. The only solution is legalization of every substance. Nothing else will change what is happening now. As long as this doesn't change. Criminals will use gos or similar.

                                                    And having high ranking criminals use grapheneos is the best that can happen to grapheneos. Free forensic and penetrating testing against the OS.

                                                      6 months later

                                                      Nuttso

                                                      Europol sent packages to their partner countries of skyecc hacks and evidence.
                                                      In one of the packages it could be seen how the hack was done because they sent more than just raw transcripts. I emailed the evidence to the owner of crimesit- he was astonished, said he would publish, but never did. Which i find weird. It was a pretty sophisticated method with cooperation by the network provider and the server hosting company. Def was not like sky owner claimed that they sold already rigged phones to customers and that users who have original phones are safe.
                                                      Also it was not a virus like in the encro case.
                                                      I will give you a hint that Location was extracted by simply reading the apn of the cellular provider. So stupid and simple.
                                                      Only mystery was if they could read all the messages or only the ones on those particular servers that they seized. Sky was said to have 5 servers and 2 of those were seized.
                                                      Somebody more tech savy maybe can answer the q since i am not aware how servers and users are dispersed.
                                                      The same hack can be replicated on all centralized servers, so the question is just if its different scenario with signal because of US legislation, because its broadly used or its just a matter of time…
                                                      Until then i stay away from apps with centralized servers.