I read recently about this cellebrite thing, and I would like to know if the librem 5 may be vulnerable to it? Some say pixel 6 and up using grapheneOS are not vulnerable, it’s always interesting to comprare.
2 Likes
Yeah, it’s vulnerable. Because if it’s not, someone would just pay the Cellbrite to find a way in.
With enough money, and enough lawyers, any big government supported cybersecurity firm could hit you with a stick until you give them your password.
And that’s how – as a layperson myself, with no knowledge of Cellbrite – I conjecture that if you have to ask and if the answer is a question of subjectivity and corporate branding, and not of publicly published technology exploits – then the answer is inevitably yes.
Edit:
Pixel 6 and up using GrapheneOS are also vulnerable to the government stick.
2 Likes
Related discussion:
3 Likes
What if there’s no password to give? If this is genuinely your threat model then that is one defence.
For example, and this is just one application, an entity looking to transport an encrypted device across an international border might hand the device to a courier but not provide the passphrase to the courier. If the courier and the device are intercepted by the authorities then no amount of torture will extract the passphrase. Of course that could have, um, negative consequences.
Don’t take this too seriously though because most of us don’t face that threat.
I encrypt my Librem 5 root file system for the far more mundane reason that the phone might get lost or stolen and in that scenario if some low life wants to sell the phone then I want them to be selling the phone, not the data on it.
3 Likes
Cellebrite + Corellium: Cellebrite gets virtual with $170M Corellium buy • The Register
“With Cellebrite’s offerings, users have ‘blueprints’ — technical schematics of what is on a device. With the addition of Corellium’s technology, users will virtually walk through the device, explore every room and open every door safely and without altering a thing in a forensically sound manner.”
(“Users” being law enforcement/government agents, of course.)
3 Likes