43
submitted 3 months ago* (last edited 3 months ago) by henfredemars@infosec.pub to c/android@lemdro.id

I want to share this post because I was disappointed to see this popular smartphone cracking tool works very well across Android versions and devices while iPhone enjoys relative security.

The graphic also shows premium devices specifically are vulnerable to their tools, so one cannot argue that the problem is funding or cheap devices getting owned because of dumb changes by the vendor -- premium devices fare not much better. Even Google controlling the hardware and the software of their Pixel line remains vulnerable to data extraction while the latest iPhone versions aren’t.

To me, this sounds like the state of Android physical security might be inferior. Why? What can be done to fix this? Perhaps is it because Android is more popular globally so they get more work targeting Android?

It could also be coincidental that at the time the documents leaked, the iPhone stuff was being finished up and there is actually not that much difference if you have an attacker who has lots of time and money.

EDIT: Removed wrong information. EDIT: Added more material for discussion.

all 9 comments
sorted by: hot top controversial new old
[-] limerod@reddthat.com 26 points 3 months ago

Don't base security on what one firm can and cannot do.

The same article links to graymagnet from graykey fully supporting the IOS 17, S24 series and pixel 6 and 7 smartphone. Notice the lack of pixel 8 series smartphone. Does that mean pixel 8 is more secure than anything on this planet? Not quite.

Smartphone security is a continued endeavor. There will always be something that can break it to some extent one way or other. That's why you have monthly security updates to fix security issues as they continue pop. The cellebrite article also mentions IOS 17.4 support soon. It's just a matter of time. I wouldn't fret too much.

[-] henfredemars@infosec.pub 7 points 3 months ago

Thank you for the new perspective and level-headed response.

[-] haerrii@feddit.org 16 points 3 months ago

Android, afaik, is less secure by default to begin with. More freedom, more options to customize, more attack surface. Also, just because Cellebrite can't pwn iOS 17.4 yet, doesn't mean it can't do it a month ahead from now.

Another very important factor I can see is Apple's walled garden, where they could literally remote control your device. Through the new rapid security response (or whatever they called it in marketing wank) they can push updates to all active iOS devices more or less overnight - at least if the vulnerability is known to them and they have a patch. Compare that with Android where some devices don't receive any updates after the initial release.

[-] seang96@spgrn.com 3 points 3 months ago

To be fair Android does that now too with mainline and every OS upgrade they make more modules that get updated from the play store rather than OS updates.

[-] Mango@lemmy.world 10 points 3 months ago

Does this mean I can use it to root my phone so it belongs to me instead of the manufacturer?

Checkmate Apple fans.

[-] evo@sh.itjust.works 7 points 3 months ago

As you sort of alluded to timing makes a big difference because it's a cat and mouse game. The last I had heard iPhones were pretty easy targets but some of the top end Android phones weren't. iOS 17.4 is relatively new.

this post was submitted on 19 Jul 2024
43 points (87.7% liked)

Android

17621 readers
289 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS