ig88dsJul 17, 2024
Joseph Cox
I've verified that a set of leaked documents which show what phones Cellebrite can (and can't) unlock are authentic. Shows company could not unlock a sizeable chunk of modern iPhones just recently. Also shows some issues with Google Pixels 6-8 https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/
Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock

The leaked April 2024 documents, obtained and verified by 404 Media, show Cellebrite could not unlock a large chunk of modern iPhones.

404 Media
Jul 17, 2024 at 5:40pmWeb
Show threadocdtrekkieJul 17, 2024
@josephcox So this pretty much confirms what everyone who's got infosec chops already knows: The best defense is a regularly updated iPhone.
Show threadOrca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 18, 2024
@josephcox
https://grapheneos.social/@GrapheneOS/112462758257739953
GrapheneOS (@[email protected])

Attached: 2 images Cellebrite's list of capabilities provided to customers in April 2024 shows they can successfully exploit every non-GrapheneOS Android device brand both BFU and AFU, but not GrapheneOS if patch level is past late 2022. It shows only Pixels stop brute force via the secure element.

GrapheneOS Mastodon
Show threadMartin SeegerJul 18, 2024
@josephcox AFAIK they circumvent the brute force detection. But they still use brute force attacks. If you don’t use a simple PIN, that severely dampens their chances.
Show threadmav Jul 18, 2024
@josephcox
Nice work.