listen to me, harry. my new thing is eating steak with my fingers. its so munchie uhm. slice it up real nice and then just sit there and rip the pieces apart. fork and knife are dead to me now.
good to see you on here man.
salute brother #freesamourai
#GrapheneOS uncovers leaked documentation for smartphone exploits by Cellebrite.
XRY and Cellebrite say they can do consent-based full filesystem extraction with iOS, Android and #GrapheneOS. It means they can extract data from the device once the user provides the lock method, which should always be expected. They unlock, enable developer options and use ADB.
Cellebrite's list of capabilities provided to customers in April 2024 shows they can successfully exploit every non-GrapheneOS Android device brand both BFU and AFU, but not GrapheneOS if patch level is past late 2022. It shows only Pixels stop brute force via the secure element.
Cellebrite has similar capabilities for iOS devices. This is also from April 2024. We can get the same information from newer months. In the future, we'll avoid sharing screenshots and will simply communicate it via text since to prevent easily tracking down the ongoing leaks.
Pixel 6 and later or the latest iPhones are the only devices where a random 6 digit PIN can't be brute forced in practice due to the secure element. Use a strong passphrase such as 6-8 diceware words for a user profile with data you need secured forever regardless of exploits.
Pixels are doing a bit better on the secure element front and iPhones are doing a bit better against OS exploitation, but not by much.
As always, this shows the importance of our auto-reboot feature which gets the data back at rest after a timer since the device was locked.
Our focus in this area is defending against exploitation long enough for auto-reboot to work. It's set to 18 hours since the device was locked by default, but users can set it as low as 10 minutes. Since around January, we massively improved security against these attacks.
By default, our recently added USB-C port control feature disallows new USB connections in AFU mode after the device is locked and fully disables USB data at a hardware level once there aren't active USB connections. Users can set it to also do this in BFU or even when unlocked.
Users with a high threat model can fully disable USB including USB-PD/charging while the OS is booted to only allow charging while powered off or booted into the fastboot/fastbootd/recovery/charging modes.
GrapheneOS on 8th gen Pixels is ideal due to hardware memory tagging.
Consent-based data extraction (FFS) is not in the scope of what we're trying to defend against beyond shipping our secure duress PIN/password implementation to replace insecure approaches via apps. Data users can backup is inherently obtainable with consent, which is nearly all.
Within the past 24 hours, there has been an attack on GrapheneOS across social media platforms misrepresenting consent-based data extraction as GrapheneOS being compromised/penetrated. The person doing it is pretending to be multiple people and falsely claiming we covered it up.
GrapheneOS is the only OS having success defending against these attacks. We could do more with a successful hardware partnership such as having encrypted memory with a per-boot key instead of relying on our kernel memory zeroing combined with auto-reboot and fastbootd zeroing.
New versions of iOS and Pixel OS often invalidate their existing exploits, but devices in AFU are stuck in AFU mode waiting for new exploits.
Random 6 digit PIN is only secure on a Pixel/iPhone and only due to secure element throttling. Use a strong passphrase to avoid this.
If you wonder why duress PIN/password is taking so long, it's because we aren't doing it for show like existing implementations. It needs to work properly and guarantee data will be unrecoverable with no way to interrupt it. Slowly rebooting to recovery to wipe isn't acceptable.
See https://x.com/GrapheneOS/status/1775305179581018286 for our thread covering the firmware improvements we helped get implemented in the April 2024 release for Pixels. It doesn't currently really help the stock Pixel OS because they haven't blocked the OS exploits that are being used yet but it helps us.
Our hope is that our upcoming 2-factor fingerprint unlock feature combined with a UI for random passphrase and PIN generation will encourage most users to use a 6-8 diceware word passphrase for primary unlock and fingerprint + random 6-digit PIN for convenient secondary unlock.
Cellebrite documentation and has stated they'll upload future versions of it if you want to look at the rest of it:
We have info on XRY, Graykey and others but not the same level of reliable details as this.
How secure is it to use fingerprint / face recog on a pixel with graphene?
I've avoided both but i must admit this is at the cost of less secure pins.
a bitcoin paid mullvad VPN, hows that?
#asknostr how biometrics are stored on a pixel running #GrapheneOS
Is it safe to use?
Agree, but how do you balance making it not feel like a ghost town and also making it interesting content.
Dangerous move. What would you do if you received more zaps than expected on this note. 😂
This clip from Jared Bernstein, Chair of the council of economic advisors, may help alleviate a fear to those who believe “those in power” are smarter than you.
https://youtu.be/RRJ7NUWYyEM?feature=shared
Economics is simple….1) prices fall to the marginal cost of production in a free market and 2) We trade with each other (all over the world) to gain more value.
It just looks hard through a system trying to deceive you to retain its power over you.
this cannot be a real video
I agree its maybe overused. My definition of FUD is deliberately using debunked critiques of bitcoin to win an anti-bitcoin argument
Yes, question is, if you think separate profile on a pixel running graphene is enough separation or if you think there is reason for a low threat model person to separate into different phone altogether?
re: threat model, I think as "early" bitcoiners we by default have a somewhat raised threat model.
iOS ? You still use that?
Is just a matter of time until Apple will close the access to all your bitcoin apps. And you can do shit about that.
YOU HAVE BEEN WARNED
Bookmark this guide because you will need it soon.
https://darth-coin.github.io/beginner/bitcoiners-mobile-device-en.html
"I personally do not recommend going back to ANY Google apps, not even using Aurora Store."
You wouldnt do this on a separate profile either? For us mere mortals we still have a fuckload of government and traditional bank apps we need to access.
These even require google play, as they wont work from aurora store.
I have a profile for regular daily use. Basically only have protonmail and primal on it. No link to my identity.
Then a profile for bitcoin specific stuff.
A profile for Aurora apps, which is google apps that work without being logged in to google.
And a profile for full blown google, where Im logged in to google play with a doxxed account. This is the one for government apps and bank apps etc.
Thoughts?
Umbrel isnt over tor by default is it?
im just hitting a "no sponsors" page
It feels incredibly satisfying to be using phoenix through obtainium today.
#funny