We reported vulnerabilities being exploited by forensics companies in January 2024, ...

2024-09-05 19:40:04

We reported vulnerabilities being exploited by forensics companies in January 2024, but we lacked access to their exploits so we couldn't provide full details. We suggested implementing 2 major security improvements:

1) firmware-based reset attack mitigation zeroing memory on boot
2) wipe-without-reboot support in the OS to avoid needing to reboot to recovery to perform a wipe, which could be trivially interrupted by an attacker

They ended up shipping both of these.

Author Public Key

npub1kwarc5z9lwhen05uknd2nuwhhthd4ws0cku3t9j3rchm0fcd6luslse0nj

Seen on

wss://relay.noswhere.com

Show more details

Published at

2024-09-05 19:40:04

Kind type

1 Short Text Note

Event JSON

{ "id": "84de9b80bf6164db31dc16ebaec5f92e7652bff6e9b46447ee53fca6c0950289", "pubkey": "b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9", "created_at": 1725565204, "kind": 1, "tags": [ [ "p", "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102" ], [ "p", "b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9" ], [ "proxy", "https://grapheneos.social/@GrapheneOS/113086641258528169", "web" ], [ "e", "6421b34a2959503c7567dccc3f57ebb776d9c47681a781cf2c30706fbf2b142c", "", "root", "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102" ], [ "p", "51ae1009e4403d821fc1c12e14bf4b40de44c7dc6177898840ca1ef9f9ebc768" ], [ "e", "b84f53c6b20a27b9afdba2bd89744d79118c9133ee651ab370a6b5b5719048e7", "", "reply", "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102" ], [ "proxy", "https://grapheneos.social/users/GrapheneOS/statuses/113086641258528169", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://grapheneos.social/users/GrapheneOS/statuses/113086641258528169", "pink.momostr" ], [ "-" ] ], "content": "We reported vulnerabilities being exploited by forensics companies in January 2024, but we lacked access to their exploits so we couldn't provide full details. We suggested implementing 2 major security improvements:\n\n1) firmware-based reset attack mitigation zeroing memory on boot\n2) wipe-without-reboot support in the OS to avoid needing to reboot to recovery to perform a wipe, which could be trivially interrupted by an attacker\n\nThey ended up shipping both of these.", "sig": "62ea30a1c8d75c2a12c4e24aadf374978deb5740df25ab694b5157244a10ef8f1daaa762a758d895bdcd53934b9c721060bad9730b1dfa79f9b4889bc51d12db" }

GrapheneOS on Nostr: We reported vulnerabilities being exploited by forensics companies in January 2024, ...