this post was submitted on 26 Jun 2024
8 points (100.0% liked)

GrapheneOS [Unofficial]

1713 readers
1 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
 

https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/

"counterterrorism operation being conducted by a U.S.-allied Western government"

Selectively leaking info to sway public opinion is a classic move. Over 3 years after https://technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/, no info about which US ally or supposed terrorist group.

Here's an example of a "counterterrorism operation" by a U.S.-allied Western government targeting political opponents with NSO exploits:

https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/

Is this what's being referenced? Perhaps they mean the Polish government targeting the political opposition this way.

https://theguardian.com/world/2022/feb/17/more-polish-opposition-figures-found-to-have-been-targeted-by-pegasus-spyware

Is this the "counterterrorism operation" by a U.S.-allied Western government that's being referenced? If saying the country and "terrorist" group involved paints a flattering picture of these exploit tools, why aren't they saying which ones are involved?

A more extreme example of a US ally doing a "counterterrorism operation" using NSO exploits:

https://en.wikipedia.org/wiki/Assassination_of_Jamal_Khashoggi

Sure, not a "Western government". Does "U.S.-allied Western government" include Hungary, Turkey, Israel, Japan and South Korea? "Western" meaning what exactly?

Forensic data extraction tools are similar. They use exploits to extract data from devices. Many people claim that since they're primarily used by law enforcement it means they're primarily used for good. They're widely used to target arbitrary people at protests, borders, etc.

GrapheneOS is heavily focused on defending against both remote exploitation and local data extraction. As part of that work, we recently reported 2 vulnerabilities being actively exploited by forensic companies. These are now fixed for Pixels, but not yet other Android devices.

For more information on those 2 vulnerabilities:

https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reportshttps://discuss.grapheneos.org/d/13494-cve-2024-32896-wipe-without-reboot-added-to-aosp-due-to-reports-by-grapheneos

For detailed info on Cellebrite's capabilities based on leaked documentation which explicitly covers GrapheneOS:

https://discuss.grapheneos.org/d/12848-claims-made-by-forensics-companies-their-capabilities-and-how-grapheneos-fares

We certainly support fixing these bugs...

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here