Cellebrite can apparently extract data from most Pixel phones, unless they're running GrapheneOS.
See full article...
See full article...
Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking
- Thread starter JournalBot
- Start date
They can at least make this a default off toggle in settings like the disable 2g connectivity one.
Upvote
17
(17
/
0)
I've been running Graphene for about 2 years (currently an 8a) and am absolutely satisfied with it. Unless I missed it there was no mention of Lineage. Is this vulnerable?
Upvote
14
(14
/
0)
Let me begin by saying you are not alone, it can often seem that way. There are many of us who still remember what privacy was.
You need to draw a line in the sand and slowly walk your way back. Start with web browsing, Tor. Move on to communications Signal. Strong arm your friends and family into using it. Then pick your battles, and slowly claw things back.
Here's the hard part for those of us who enjoy our anonymity. You need to go out and meet with the people in your area and educate them why this is bad. And meet with your politicians.
When this spying was only online it was a back and forth game. Now that it has bled into the real world there is no stopping it without changing minds which sadly requires us to step out of the shadows.
I suggest you start by following this YouTuber: https://youtube.com/@rossmanngroup
He has been very informative and has been helping communities to organize.
And finally while you juggle all that, keep on the look out for the next thing to get ahead of it; Digital IDs, IDs required to browse parts of the web, biometric scans to enter/exit the EU. Keep fighting the good fight.
Upvote
9
(10
/
-1)
thomasbeagle
Seniorius Lurkius
The point I always make is - which government?
US activists should use phones spied on by the Chinese government, and vice versa.
I know it's not the complete answer but I think it's at least a useful way of thinking about it.
Upvote
5
(7
/
-2)
Reading this article, there are a number of flaws, mainly, who is vulnerable. While everyone certain can be, so can the sky be clear blue or cloudy. After some additional research in this matter, here is the real breakdown.
For normal users, Google’s default Pixel security is already among the best on the market. Cellebrite tools are designed for law enforcement and require physical possession of the device, plus specialized equipment and legal authorization (a warrant, in most countries). These tools are not accessible to the public or typical hackers.
So unless someone physically has your phone and is a trained forensics analyst, you’re not in danger of being hacked this way.
For regular people:
You’re effectively protected from 99% of what Cellebrite — or anyone else — could do.
For normal users, Google’s default Pixel security is already among the best on the market. Cellebrite tools are designed for law enforcement and require physical possession of the device, plus specialized equipment and legal authorization (a warrant, in most countries). These tools are not accessible to the public or typical hackers.
So unless someone physically has your phone and is a trained forensics analyst, you’re not in danger of being hacked this way.
For regular people:
- Keep your Pixel updated (Google patches vulnerabilities monthly).
- Use a long alphanumeric passcode.
- Reboot before giving up your phone.
- Don’t sideload shady apps.
You’re effectively protected from 99% of what Cellebrite — or anyone else — could do.
Upvote
-14
(6
/
-20)
I'm going to repeat what I said to you in reply: who is making this mythical operating system free from any nefarious corporate interest? Where is the money coming from the fund what will be a very large undertaking?
We can't even get Firefox without Google throwing a half billion dollars their way.
Upvote
25
(26
/
-1)
Upvote
-1
(3
/
-4)
They are wanting something to compete against them, like Blackberry (RIM giving their decryption keys to the RCMP wasn't known to most people, and they fought back against decrypting for other countries, at least publicly), or like Blackphone with PrivatOS that Silent Circle used to sell, but for mainstream consumers.
Upvote
-4
(1
/
-5)
The scenario I worry about is that expert consumers start spreading the expectation that average consumers should have to flash a custom firmware onto their phones to deserve privacy.
Upvote
13
(14
/
-1)
This is the biggest problem today, and unfortunately peripheral device firmware is also the least likely area for GrapheneOS to make an impact.
Upvote
4
(4
/
0)
I get that they want some magical third party to step in. I also want a pony. I'm just trying to look at the reality of where that would come from. If that's your goal, it's just not looking achievable. Just repeatedly calling for it doesn't do any good.
Upvote
6
(6
/
0)
The first half of that is true; the second not so much.
Cellebrite obviously doesn't run on stupid people; but they make and sell tools intended to be fairly broadly usable. "Cellebrite Certified Operator" is 2 days, in-person or virtual, and covers using UFED to do a device extraction to a report.
Obviously there's a great deal of room for additional depth, depending on how typical your setup is and how sophisticated the case is; but using the appliance-ized UFED to do a basic extraction to kick up to an actual analyst is, by design, relatively mook-level. Trickier and more expensive than just...encouraging...you to unlock your phone and looking at it more or less randomly; but easily within the capabilities of a thoroughly unexciting police force or at least somebody at any border control location you are likely to encounter.
It's hands-on enough(and some phones are frankly sluggish enough, even for fully authorized MTP or itunes/ADB backup) that getting enough throughput to just grab everyone coming through the gate is impractical; but the front line extraction process is intended to be pretty streamlined, especially if the phone is in a forensically favorable state.
Easily within the range of a plausible threat to any vaguely-interesting traveler or attendee of officially disfavored causes. A lot more overt than having the NSO guys on you, which is no-touch; but if you get randomly selected for secondary screening the hands on is part of the point.
Upvote
6
(6
/
0)
I'm pretty sure Google could fix this if it wanted to.... You know what I mean?
Upvote
-3
(0
/
-3)
GrapheneOS is a very small start, but it is still 100% dependent on Google Pixel hardware, which means it's NOT free of Google and it exists only so long as Google doesn't feel threatened too much by GrapheneOS. Once they do, you can bet your behind that they'll start using every dirty trick they can think of to make installing and supporting an alternate OS on the hardware as difficult as possible.
Upvote
7
(7
/
0)
Signal requires my phone number to sign up. That makes it, by default, not anonymous
Upvote
-7
(2
/
-9)
We probably could if the Mozilla foundation pulled it's head out of it's arse and actually made Firefox development a focus instead of... whatever they're doing right now.
Upvote
1
(5
/
-4)
It's already here, and has been for some time now....
https://volla.online/en/operating-systems/ubuntu-touch/
Upvote
1
(1
/
0)
At the same time plenty of these surveiling organizations take notice when someone has a noticably smaller foot print/signature.
The same authoritarian states you mentioned are also likely the same to assume you're anti-[them] and must be conspiring against them if you have little to no signature. Paranoia is part.of their modus operandi.
As you point out it's so I ubiquitous at this point the "safest" way may be to fully participate but actively obfuscate containerize your digital life and keep those containers air gapped.
Upvote
2
(3
/
-1)
I am impressed that GrapheneOS is popular enough that spying software creators have to take it into consideration.
Upvote
7
(7
/
0)
Signal App provides a strong defense against Cellebrite attacks. I would love to hear a second researcher validate Moxie's approach.
Upvote
14
(14
/
0)
It might be down to customer demand. Apparently at least some cops consider graphene use to be a drug dealer favorite.
I...don't exactly...trust drug cop statistics; but that might indicate relatively low uptake among normies as much as any actual criminality; or it could indicate that the userbase is a mixture of paranoid but mostly-actually-IT-clock-puncher gearhead users that the cops never have reason to hassle and the main non-techie users are out doing crimes; or that they are just stirring up FUD against the people hardest to do fishing expeditions on.
Nobody say anything impolite about the Catalan Phoenix spying scandal, of course.
Upvote
5
(6
/
-1)
Yes, that is a very good point - Google should be selling secure phones, and their firmwares should be continuously updated to remain secure. Customers should have a reasonable expectation of privacy.
Upvote
7
(7
/
0)
iPhones are also cracked by Cellebrite - they can crack all but the latest version of iOS is the latest I've seen.
Upvote
-1
(5
/
-6)
I think you should hold Google to a higher standard. These things are not difficult to communicate:
Upvote
17
(17
/
0)
Upvote
14
(14
/
0)
Sort of. Signal requires a phone number. There is nothing stopping you from paying cash for a cheap burner phone and using that device and it's "temporary" number to get the activation code for a Signal account.
You can also use a VoIP number to get a Signal account (unlike with WhatsApp, which flags VoIP accounts and won't send activation codes to them).
Upvote
1
(6
/
-5)
I don't think normal users would notice a functional difference. (I thought Android already did that, and had to look up the distinction myself.) The only caveats are USB peripherals like mouse/keyboard/monitor (nice but niche), and Graphene planning* to change their default to not even charge before first unlock, which would be confusing, but makes no difference for Cellebrite protection right now (going by the matching BFU and AFU columns in the table).
*: Planning as of last year according to the link, but don't know if they've gone through with it.
Upvote
2
(2
/
0)
Disabling the USB port is far from the only reason why most Android users would find GrapheneOS inconvenient. It is, however, accurate to say that it is far and away the biggest reason Cellebrite can't get in -- although strictly speaking, not the only reason.
Upvote
11
(11
/
0)
Buy a burner in cash? Or use a free throw away SMS. Now Signal offers a user name option you can enable so you aren't discoverable by phone number.
We are talking the best encrypted communication available, used by spy agencies and politicians to communicate privately. With a little work you can have anonymity too.
We should be encouraging as many people to use it as possible, flood the zone with noise.
Upvote
3
(5
/
-2)
Government censors may block SMS messages from certain services (Russia did it with Telegram and WhatsApp yesterday), which could result in you losing your account.
SMS verification sucks!
Upvote
0
(1
/
-1)
I don't know what the Nederlander equivalent of going to Walmart to buy a $20 flip phone and a $20 90-day prepaid cell phone plan is, but—at least in the United States—your anonymity costs about $45 after sales tax. Go down to the local Starbucks-equivalent with your already hardened laptop and set up your fake account and boom, Signal number.
Upvote
0
(3
/
-3)
A little clarification here. Google has been using eSIM version of Pixels long before Pixel 10. My Pixel 7 uses eSIM (there's no physical sim slot). This may be the case with Pixel phones that are bought directly from Google and use Google Fi (which I do). So if they can't crack phones using eSIM then that means not ALL Pixel phones can be cracked by Cellbright.
Last edited:
Upvote
1
(1
/
0)
as far as I'm aware, there's no such thing as an anonymous burner in the Netherlands and they all require authentication/activation before they can be used. Even if you buy one anonymously with cash, it won't stay anonymous when it's activated
Upvote
4
(4
/
0)
Extremely. If you're using LineageOS then you are almost certainly running with an unlocked bootloader, making attacks like Cellebrite's a lot easier. With physical access to your phone they can load whatever software they like to your phone with no barriers. There are no software-only barriers on Lineage which Cellebrite would be unable to bypass (such as the blocking USB data thing mentioned earlier) just by loading software without the feature. I'm not familiar with GrapheneOS to know if they modified the way encryption worked or anything, but I'm pretty sure LineageOS has not done so, so anything Cellebrite can do with stock OS they'll be able to do with Lineage, and possibly do it easier.
Note this is specifically because of the unlocked bootloader and an attacker with physical access to the device. Against a remote attacker a phone with Lineage will likely be more up-to-date than the stock OS for many older out-of-support phones, and therefore a harder target.
Upvote
3
(3
/
0)
Also great if you want to share state secrets with Jeffrey Goldberg, editor-in-chief of The Atlantic!
Upvote
3
(3
/
0)