This blurry screenshot shows which Pixel phones can hack Cellebrite devices.
1 credit
At least according to Cellebrite, GrapheneOS is more secure than what Google offers out of the box. In these briefings, the company tells law enforcement that its technology can extract data from Pixel 6, 7, 8, and 9 phones in unlocked, AFU, and BFU states in stock software. However, it cannot guess passwords to provide full control over the device. The source also notes that law enforcement agencies are still unable to copy eSIM from Pixel devices. Notably, the Pixel 10 series is moving away from physical SIM cards.
In the case of the same phones running GrapheneOS, the police will have to face a much more difficult situation. Cellebrite's table says that Pixels with GrapheneOS are only available using software released before the end of 2022 – after which the Pixel 8 and Pixel 9 were released. Phones in BFU and AFU states are protected by Cellebrite in updated builds, and as of the end of 2024, even a fully unlocked GrapheneOS device is protected from data copying. An unlocked phone can be verified in many other ways, but data extraction in this case is limited to what the user can access.
The initial source of information claims to have received two calls so far that have gone undetected. However, rogueFed also named the organizer of the meeting by name (second screenshot, which we are not reposting). It's likely that Cellebrite will now screen meeting participants more thoroughly.
We reached out to Google to find out why a custom ROM created by volunteers is more resistant to hacking on industrial phones than the official Pixel OS. We'll update this article if Google has anything to say.
