This blurry screenshot appears to list Pixel phones that Cellebrite devices can hack.
Credit: rogueFed
This blurry screenshot appears to list Pixel phones that Cellebrite devices can hack.
Credit: rogueFed
At least according to Cellebrite, GrapheneOS is more secure than what Google offers directly. The company tells law enforcement during these briefings that its technology can extract data from Pixel 6, 7, 8, and 9 phones in unlocked, AFU, and BFU states on stock software. However, it cannot force passcodes to allow full control of a device. The leaker also notes that law enforcement is still unable to copy an eSIM from Pixel devices. Notably, the Pixel 10 series is moving away from physical SIM cards.
For these same phones running GrapheneOS, police can expect to have a much harder time. The Cellebrite chart indicates that Pixels with GrapheneOS are only accessible when running software before the end of 2022: the Pixel 8 and Pixel 9 launched after that. Phones in BFU and AFU states are safe from Cellebrite on updated versions, and since late 2024, even a fully unlocked GrapheneOS device is safe from having its data copied. An unlocked phone can be inspected in many other ways, but data extraction in this case is limited to what the user can access.
The original leaker claims to have dialed two calls so far without detection. However, rogueFed also named the meeting organizer (the second screenshot, which we are not reposting). There is a good chance that Cellebrite will now screen meeting participants more carefully.
We reached out to Google to find out why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say.
