Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://grapheneos.social/users/GrapheneOS/statuses/114671501636966322">GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 13-Jun-2025 02:28:54 JST</a><a href="https://grapheneos.social/@GrapheneOS" title="grapheneos@grapheneos.social"><img src="https://gnusocial.jp/avatar/99224-48-20240219114657.webp" width="48" height="48" alt="GrapheneOS" style="position: absolute; left: 0; top: 0;">GrapheneOS</a><div><a href="https://grapheneos.social/@GrapheneOS/114671497885267554" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://freesoftwareextremist.com/users/Suiseiseki">@Suiseiseki</a> It's also trivial for an attacker with temporary access to the phone to take over both the baseband and the main SoC, for similar reasons. There's no attempt at providing any kind of security against an attacker obtaining an After First Unlock state phone where the encryption passphrase was entered. There's no secure element so only users with their phone powered down with a strong encryption passphrase will have their data safe from attacks. Many OSes for it don't even have that.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5190127#notice-10182688">In conversation</a><time datetime="2025-06-13T02:28:54+09:00" title="Friday, 13-Jun-2025 02:28:54 JST">about a month ago</time> <span>from <span><a href="https://grapheneos.social/@GrapheneOS/114671501636966322" rel="external" title="Sent from grapheneos.social via ActivityPub">grapheneos.social</a></span></span><a href="https://grapheneos.social/@GrapheneOS/114671501636966322">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 13-Jun-2025 02:28:54 JSTGrapheneOS
in reply to
- 翠星石
@Suiseiseki It's also trivial for an attacker with temporary access to the phone to take over both the baseband and the main SoC, for similar reasons. There's no attempt at providing any kind of security against an attacker obtaining an After First Unlock state phone where the encryption passphrase was entered. There's no secure element so only users with their phone powered down with a strong encryption passphrase will have their data safe from attacks. Many OSes for it don't even have that.
In conversationabout a month ago from grapheneos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice