GrapheneOS Organization Counters Claims Made By Forensic Companies
GrapheneOS Organization Counters Claims Made By Forensic Companies
For more information on those 2 vulnerabilities: https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reports https://discuss.grapheneos.org/d/13494-cve-2024-32896-wipe-without-reboot-added-to-aosp-due-to-reports-by-grapheneos For detailed info on ...
https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/
"counterterrorism operation being conducted by a U.S.-allied Western government"
Selectively leaking info to sway public opinion is a classic move. Over 3 years after https://technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/, no info about which US ally or supposed terrorist group.
Here's an example of a "counterterrorism operation" by a U.S.-allied Western government targeting political opponents with NSO exploits:
Is this what's being referenced? Perhaps they mean the Polish government targeting the political opposition this way.
Is this the "counterterrorism operation" by a U.S.-allied Western government that's being referenced? If saying the country and "terrorist" group involved paints a flattering picture of these exploit tools, why aren't they saying which ones are involved?
A more extreme example of a US ally doing a "counterterrorism operation" using NSO exploits:
https://en.wikipedia.org/wiki/Assassination_of_Jamal_Khashoggi
Sure, not a "Western government". Does "U.S.-allied Western government" include Hungary, Turkey, Israel, Japan and South Korea? "Western" meaning what exactly?
Forensic data extraction tools are similar. They use exploits to extract data from devices. Many people claim that since they're primarily used by law enforcement it means they're primarily used for good. They're widely used to target arbitrary people at protests, borders, etc.
GrapheneOS is heavily focused on defending against both remote exploitation and local data extraction. As part of that work, we recently reported 2 vulnerabilities being actively exploited by forensic companies. These are now fixed for Pixels, but not yet other Android devices.
For more information on those 2 vulnerabilities:
https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reportshttps://discuss.grapheneos.org/d/13494-cve-2024-32896-wipe-without-reboot-added-to-aosp-due-to-reports-by-grapheneos
For detailed info on Cellebrite's capabilities based on leaked documentation which explicitly covers GrapheneOS:
We certainly support fixing these bugs...