Anonymous
7/20/2025, 8:30:28 AM
No.105964525
>>105960509
>Except that in order to exploit the secure element over UART you need to disassemble the phone anyway
no, it is available via fastboot.
You don't have to take it apart to access its pins, you only need a debugging cable.
Which is the one question grapheneOS shill still fails to answer:
Why is this possible?
In reality, a possibly glowfag operation could look like this:
>they yoink your phone (be it on an airport check or wherever)
>plug in a cable for 20 seconds, your "secure element" now got flashed
>give the phone back (maybe you dont notice that it was ever gone, because its so fast)
>after you unlocked it once, yoink it again
>they now have full access and can do whatever they want with it
Then consider that taking the phone isn't neccessary in the first place if you can push OTA updates. Which they can, even on goypheneOS. And its not OpenSource, so the discovery of an exploit takes four years or more.
Or it might never happen in the first place, because google tried to screw over the last company that discovered such an exploit, tried to deny them rewards and eventually only gave them ten grand for all this reverse engineering work, that was definitelly more expensive than that.
Some random chink will pay you ten times more.
>Except that in order to exploit the secure element over UART you need to disassemble the phone anyway
no, it is available via fastboot.
You don't have to take it apart to access its pins, you only need a debugging cable.
Which is the one question grapheneOS shill still fails to answer:
Why is this possible?
In reality, a possibly glowfag operation could look like this:
>they yoink your phone (be it on an airport check or wherever)
>plug in a cable for 20 seconds, your "secure element" now got flashed
>give the phone back (maybe you dont notice that it was ever gone, because its so fast)
>after you unlocked it once, yoink it again
>they now have full access and can do whatever they want with it
Then consider that taking the phone isn't neccessary in the first place if you can push OTA updates. Which they can, even on goypheneOS. And its not OpenSource, so the discovery of an exploit takes four years or more.
Or it might never happen in the first place, because google tried to screw over the last company that discovered such an exploit, tried to deny them rewards and eventually only gave them ten grand for all this reverse engineering work, that was definitelly more expensive than that.
Some random chink will pay you ten times more.