Interesting information here. So, Cellebrite can unlock GOS devices but only up to 2022 updates. Stock pixels are still quite vulnerable
rogueFed then posted two screenshots of the Microsoft Teams call. The first was a Cellebrite Support Matrix, which lays out whether the company’s tech can, or can’t, unlock certain phones and under what conditions. The second screenshot was of a Cellebrite employee.
According to another of rogueFed’s posts, the meeting took place in October. The meeting appears to have been a sales call. The employee is a “pre sales expert,” according to a profile available online.
The Support Matrix is focused on modern Google Pixel devices, including the Pixel 9 series. The screenshot does not include details on the Pixel 10, which is Google’s latest device. It discusses Cellebrite’s capabilities regarding ‘before first unlock’, or BFU, when a piece of phone unlocking tech tries to open a device before someone has typed in the phone’s passcode for the first time since being turned on. It also shows Cellebrite’s capabilities against after first unlock, or AFU, devices.
As I understand this then, GOS users who have updated their software have nothing to worry about then, right? (atleast when the phone is locked in BFU or AFU modes)
I’d avoid making definitive statements like that. Cellebrite is just one of many companies developing these kinds of exploits. That being said, it’s clear that the approach GrapheneOS is taking with generic exploit protections and minimising attack surface (like by default disabling USB when locked) is effective.
We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say.
In their defense, they may have been more concerned with accidentally having a screen capture event register with their software and ruining their reputation and trust with the vendor.
