Conversation

Someone tried to desolder the microphones and the camera on a Pixel phone?

Quote Tweet

Sep 21, 2019

Phone security has been something I've struggled with for a long time. I once spoke with @VICE's @ShaneSmith30 about how it's possible to physically remove internal microphones and cameras from a phone, but even that only mitigates a portion of the threat. youtube.com/watch?v=ucRWyG

Show this thread

104

Replying to

It was a Nexus 5x in the video, which was actually quite easy relative to newer phones, which are much more difficult to open. I've looked at the motherboards of a couple different gens of Pixel, and if you can get into the phone without breaking the glass, it should be possible.

155

Replying to

Thank you for the clarification. I’ll try on my Pixel 3 and post the result on Twitter.

Replying to

and

Note there are actual 3 microphones (see the Pixel 3 section): support.google.com/pixelphone/ans Accelerometers / gyroscopes are also effectively microphones though. The OS limits polling rate to 100-200 Hz but the hardware is usually capable of a lot more and do decent sound recording.

Replying to

and

Thank you for the link Daniel. Is it plan for GrapheneOS to support the upcoming Pixel 4?

Replying to

and

Yes, eventually, along with other devices. Have been putting some work into better support for development only generic and emulator builds too. The final Pie-based release can be built for the generic targets and works in the emulator. Those targets aren't secure but are useful.

Replying to

and

Ideally, the project would have resources to have custom variants of generic smartphone hardware produced. It's not a lot to ask to get a fairly standard Snapdragon SoC device meeting basic security standards with various changes to match Pixel security and then add some frills.

Replying to

and

That would also put the project control over the signing keys flashed into the fuses for verifying the firmware, allowing hardening of lower-level components than it can currently reach. Would also control the secure element and trusted execution environment which would be nice.

Replying to

and

ATM github.com/GrapheneOS/Aud and other hardware-based work is limited to the existing hardware capabilities which is frustrating. I've been working on trying to get changes made for current/future devices but it would be cool to have GrapheneOS SE/TEE / early BL keys burned in.

github.com

GitHub - GrapheneOS/Auditor: Hardware-based attestation / intrusion detection app for Android...

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verificati...

8:17 PM · Sep 21, 2019Twitter Web App

Replying to

and

It would be neat to offer fully unlocked devices without the fuses flashed yet too, although those would be particularly vulnerable to compromise during shipping. It really doesn't need to be particularly unique hardware. It wouldn't need to be far from an SoC reference platform.