- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or register to comment.
unless they’re running GrapheneOS.
Nice, this is good to know.
To answer the question at the end of the piece: google doesn’t give a fuck.
It’s likely that holes are left intentionally.
I guarantee that on at least one occasion, the US government has blocked the release of a patch because they were actively exploiting a vulnerability and not done yet.
In the bfu columns it says bfu: yes bf: no. And in the other columns it says ffs: yes bf: no. So they can’t access the full file system from bfu, they can only access… bfu? What does that mean? They can clone the encrypted storage? ‘Unlock’ the system partition?
Before First Unlock, After First Unlock: when you first reboot your device, storage is completely encrypted with no background processes unless you enter your password for the first time.
“BFU” exploits are processes that work before first unlock, and can access the full contents of the phone’s storage, communications, account data, etc…
After first unlock refers to the phone after that stage (even if you lock your phone afterwards, it’s AFU. Restart is needed for complete security).
FFS presumably stands for “Full File System [access]”.
BF is Brute Force (cracking the security password without fear of being locked out/data wiped).
I wasn’t asking about the acronyms…
In the afu columns they specify that their tool can get full file system access. But in the bfu columns they only specify if they can or cannot access bfu. They can’t access the full contents of the phone as in that case those would also read ffs: yes. So that means there’s a hack they can do on bfu that doesn’t allow access to the file system but is still useful enough to advertise.
Ah, good catch. In the BFU state the device is fully encrypted, so maybe that indicates that they can’t access encrypted data inside the device without brute forcing the decryption key (which may not be possible). In comparison, AFU should have lower barriers to data access.
(This is why GrapheneOS has a setting that lets you auto reboot after a set amount of time without unlocking the device.)
Would these exploits work even if you had the USB port set to charging only?
Maybe? If they were targeting the boot process it wouldn’t matter
Nothing said about pre pixel 6 phones.
" …can extract data from most Pixel phones if they don’t run GrapheneOS" Stopped right there because it means I am fine 😎
