@GrapheneOS Is there any way now or in the future to get graphene os on a pocket sized device (not the pixel tablet) without cellular? Any ways to securely remove those capabilities from a pixel?
[#]grapheneos
=> More informations about this toot | More toots from fredy_pferdi@social.linux.pizza
@fredy_pferdi Cellular is integrated in a similar way as Wi-Fi and Bluetooth via an IOMMU isolated radio which can be reliably turned off. Samsung makes both the main SoC and the cellular radio. Not clear what you're trying to avoid. If you don't want to use cellular, use airplane mode.
=> More informations about this toot | More toots from GrapheneOS@grapheneos.social
@GrapheneOS And what if the risk of airplane mode for example in pocket or by thread actor gets disabled? This is a fundamental thread for some use cases.
=> More informations about this toot | More toots from fredy_pferdi@social.linux.pizza
@fredy_pferdi @GrapheneOS You can't enable/disable airplane mode while the device is locked on GrapheneOS. Give it a shot. You'll see it asks for authentication.
=> More informations about this toot | More toots from matchboxbananasynergy@infosec.exchange
@matchboxbananasynergy @GrapheneOS That is not true, you can disable it from the lockscreen when attempting an emergency call, @GrapheneOS THIS IS EXTREMELY DANGEROUS.
Same behaviour with disabling the microphone.
Again for a life dead situation some thread scenarios need fallback options especially because issues like that.
=> More informations about this toot | More toots from fredy_pferdi@social.linux.pizza
@fredy_pferdi @GrapheneOS That requires an explicit action on part of the user. What makes a hardware switch different, which could be switched by someone with physical access to the device?
=> More informations about this toot | More toots from matchboxbananasynergy@infosec.exchange
@matchboxbananasynergy @GrapheneOS Never talked about hardware switches here but also there is an actual difference, this can literally happen in your pocket by accident and even if fixed, the potential alone can be dangerous. I'm talking about a device that has not cellular to make completely sure stuff like this can't happen.
Also in case GrapheneOS has a zero day that allows root privileges (I know this is not that likely and a highly targeted attack) and the device itself does not store any dangerous information but becomes an issue if located you have a big problem. So the argument often used that you are fucked anyway is also not really a holistic one.
And yes i know location tracking is also possible in many other ways but this is the main thread for many people for example struggling under repressive regimes.
=> More informations about this toot | More toots from fredy_pferdi@social.linux.pizza
@fredy_pferdi @matchboxbananasynergy That's not true. You can remove airplane mode from quick settings after disabling it to avoid toggling it on by accident. The emergency button does not disable airplane mode. Only explicitly calling an emergency number like 911 after pressing it disables airplane mode. This requires physical access to the device and the explicit intent to call an emergency number.
The threat model you're describing about an attacker already having root access is nonsensical.
=> More informations about this toot | More toots from GrapheneOS@grapheneos.social
@fredy_pferdi @matchboxbananasynergy An attacker with root access can use GNSS or Wi-Fi to detect location. GNSS exists for that purpose and Wi-Fi is heavily used for that by Apple and Google via their network location services. You're talking about an attacker who has ALREADY compromised the OS and gained kernel/root level access. You're trying to come up with contrived reasons for the existing functionality not being enough but none of what you're claiming checks out.
=> More informations about this toot | More toots from GrapheneOS@grapheneos.social
@GrapheneOS @matchboxbananasynergy yes that you right I'm wrong with that point.
=> More informations about this toot | More toots from fredy_pferdi@social.linux.pizza
text/geminiThis content has been proxied by September (3851b).