We reported vulnerabilities being exploited by forensics companies in January 2024, but we lacked access to their exploits so we couldn't provide full details. We suggested implementing 2 major security improvements:
1) firmware-based reset attack mitigation zeroing memory on boot
2) wipe-without-reboot support in the OS to avoid needing to reboot to recovery to perform a wipe, which could be trivially interrupted by an attacker
They ended up shipping both of these.
GrapheneOS /
npub1kw…se0nj
2024-09-05 19:40:04
in reply to nevent1q…0e38
Author Public Key
npub1kwarc5z9lwhen05uknd2nuwhhthd4ws0cku3t9j3rchm0fcd6luslse0njPublished at
2024-09-05 19:40:04Event JSON
{
"id": "84de9b80bf6164db31dc16ebaec5f92e7652bff6e9b46447ee53fca6c0950289",
"pubkey": "b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9",
"created_at": 1725565204,
"kind": 1,
"tags": [
[
"p",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"p",
"b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9"
],
[
"proxy",
"https://grapheneos.social/@GrapheneOS/113086641258528169",
"web"
],
[
"e",
"6421b34a2959503c7567dccc3f57ebb776d9c47681a781cf2c30706fbf2b142c",
"",
"root",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"p",
"51ae1009e4403d821fc1c12e14bf4b40de44c7dc6177898840ca1ef9f9ebc768"
],
[
"e",
"b84f53c6b20a27b9afdba2bd89744d79118c9133ee651ab370a6b5b5719048e7",
"",
"reply",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/113086641258528169",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://grapheneos.social/users/GrapheneOS/statuses/113086641258528169",
"pink.momostr"
],
[
"-"
]
],
"content": "We reported vulnerabilities being exploited by forensics companies in January 2024, but we lacked access to their exploits so we couldn't provide full details. We suggested implementing 2 major security improvements:\n\n1) firmware-based reset attack mitigation zeroing memory on boot\n2) wipe-without-reboot support in the OS to avoid needing to reboot to recovery to perform a wipe, which could be trivially interrupted by an attacker\n\nThey ended up shipping both of these.",
"sig": "62ea30a1c8d75c2a12c4e24aadf374978deb5740df25ab694b5157244a10ef8f1daaa762a758d895bdcd53934b9c721060bad9730b1dfa79f9b4889bc51d12db"
}