Oddbean new post about | logout
final [GrapheneOS] 📱👁️‍🗨️ | 4 months ago (raw) | full thread 
 Personal note:

Companies selling exploits for smartphones talking about #GrapheneOS in their internal documents and their limitation and failure in targeting the OS is only further evidence of the success of our recent mobile security and privacy work.

A multi-million dollar industry of companies exist just to discover and sell exploits for devices. Cellebrite is only one of many. Attacks by actors of such capabilities is what GrapheneOS aims to protect against, like we had done earlier this year, where we discovered vulnerabilities these companies took advantage of and disrupted their fun with improving and adding new security features. There is more to come.

We may not be as large as they are, but think about why they have to say our name and why they separated us from Android and iOS. What we do is significant and impactful. We don't ignore the competition or be deliberately vague or misleading about capabilities like these companies have been about us.

Digital forensics is such a valuable (and in my opinion, undervalued) cyber security skill but it is a shame these titans of the industry are all secretive and protective about their work. Some go as far as to mislead the public. Transparency and co-operation is the most valuable trait in the realm of digital security and companies like these shouldn't get a waiver.

I could have so much more to say including about how these companies' software are often designed too deliberately simple or complicated to make you depend on them and give them more money. Tools like Cellebrite are so easy to navigate and use that it feels like it's designed that way to not create forensics experts that can end up doing work themselves, and that other tools are deliberately complicated to faciliate to customer to buy their training.

If you want to hit companies like these where it hurts, then try learning DFIR, learn mobile forensics, and do it without selling out to them. Reduce what they can sell to you and break the gatekeeping the sector has.

nostr:nevent1qqst3mtuajfjrhmtr5sls78ycp5jh96tz92mfdl3x7d3mwvvv7cerqspz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzps26tfjesmn6ksf5mm36hpf9fkjut49sfeutfutvs2phrykn25v9qvzqqqqqqym8r59g