Leaked: Which Pixel Phones Are Vulnerable to Cellebrite Hacks
▼ Summary
– Smartphones historically lacked security but have improved, though companies like Cellebrite provide law enforcement tools to bypass some device security.
– An anonymous individual accessed a Cellebrite briefing and obtained a list of vulnerable Google Pixel phones, sharing screenshots on the GrapheneOS forums.
– GrapheneOS is a security-focused Android-based OS with enhanced features and no Google services, which Cellebrite included in its support matrix due to its popularity.
– The Cellebrite data covers Pixel 6 through Pixel 9 models, excluding the recently launched Pixel 10 series, and categorizes support into three unlock states.
– Phone security varies by state: “before first unlock” is most secure with encrypted data, “after first unlock” allows easier extraction, and an unlocked phone is fully accessible.
A recent leak has exposed which Google Pixel smartphone models remain susceptible to data extraction tools developed by Cellebrite, a company known for providing digital forensics solutions to law enforcement agencies. While modern phones feature robust security measures, specialized equipment can sometimes circumvent these protections. An anonymous individual, using the online alias rogueFed, reportedly accessed a private Cellebrite briefing and subsequently shared screenshots detailing the vulnerability status of various Pixel devices. This information was posted within the GrapheneOS community forums, drawing attention from technology watchdogs.
The leaked materials, originating from a Microsoft Teams presentation, specifically outline Cellebrite’s capabilities concerning the Pixel 6, Pixel 7, Pixel 8, and Pixel 9 series. Notably absent from the disclosed list is the recently released Pixel 10 lineup. For each vulnerable model, the briefing categorized access into three distinct security states, providing a clear picture of potential exposure points.
Understanding these device states is crucial for assessing risk. The “before first unlock” (BFU) condition represents the most secure scenario, where the phone has not been unlocked since its last reboot, keeping all data fully encrypted and theoretically inaccessible. The “after first unlock” (AFU) state follows the initial successful authentication, at which point certain data extraction methods become feasible. Finally, a phone that is simply unlocked presents the lowest barrier, effectively making personal information readily available to such forensic tools. This stratification highlights how a device’s security is not a single setting but varies significantly depending on its current operational status and user interaction.
(Source: Ars Technica)
