1012 sats \ 0 replies \ @final OP 21 Jul \ parent \ on: REVEALED: Here's the Cellebrite Premium Device Support Matrix for July 2024 security
Rest of the glossary is here:
-
BFU Yes - BFU Extraction (extraction of data only available in BFU), so list of installed apps (NOT the data of the apps), network configuration and metadata.
-
FFS - Full File System extraction (all current profile user data and privileged data like application data)
-
FBE - File-based Encryption (current Android encryption)
-
FDE - Full Disk Encryption (legacy Android encryption not in use anymore)
-
SPL - Security Patch Level ("up to [date] SPL" means they are only able to do it on that patch level or earlier)
Tools like Cellebrite are designed to either bypass, retrieve, or brute force the device credential to unlock the device and perform data extraction. They exploit the devices they target to do this. Where AFU has FFS support but no Brute Force, it can suggest they have a way to extract data without needing to brute force the device credential.
For example, the Stock OS has FFS extraction for AFU despite not having support for brute forcing the Titan M2 secure element in Pixels, this would imply a stock OS vulnerability of some kind. GrapheneOS cannot be extracted because that exploit doesn't work, and they also cannot brute force the device credential to find a way to unlock. It's the only device / OS combination that hasn't been broken into, excluding ones they haven't had time to target yet like 5th generation iPad Pros.
In cases where Brute Force is available, having a strong passphrase that cannot be bruteforced would make that impossible anyhow.
Unlocked doesn't mean much because that situation involves when you successfully brute force (not possible) or if the target gives away his PIN/password (out of scope).
It's entirely possible a powerful government can extract data from an After First Unlock state device via sending it to a lab where they can get data directly from RAM or tamper with it to get control of the device. Mobile devices don't have encrypted memory yet. Main SoC is much more resistant to tampering than a desktop CPU / motherboard but that's not saying a lot. It's not tamper resistant in the same sense as the secure element.