Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)AM
AmbiguousProps @lemmy.today
Posts 19
Comments 323

Leaked Cellebrite Tool Docs Reveal List of Phones That Can Be Unlocked

> According to the documents, Cellebrite could not unlock any iPhones running iOS 17.4 or newer as of April 2024, labeling them as “In Research.” For iOS versions 17.1 to 17.3.1, the company could unlock the iPhone XR and iPhone 11 series using their “Supersonic BF” (brute force) capability. However, iPhone 12 and newer models running these iOS versions were listed as “Coming soon.”

> The Android support matrix showed broader coverage for locked Android devices, though some limitations remained. Notably, Cellebrite could not brute force Google Pixel 6, 7, or 8 devices that had been powered off. The document also specifically mentioned GrapheneOS, a privacy-focused Android variant reportedly gaining popularity among security-conscious users.

Links to the docs: > iPhone

> Android

GrapheneOS has a thread about this on Mastodon, which adds a bit more detail:

> Cellebrite was a few months behind on supporting the latest iOS versions. It's common for them to fall a few months behind for the latest iOS and quarterly/yearly Android releases. They've had April, May, June and July to advance further. It's wrong to assume it didn't change.

> 404media published an article about the leaked documentation this week but it doesn't go into depth analyzing the leaked information as we did, but it didn't make any major errors. Many news publications are now writing highly inaccurate articles about it following that coverage.

> The detailed Android table showing the same info as iPhones for Pixels wasn't included in the article. Other news publications appear to be ignoring the leaked docs and our thread linked by 404media with more detail. They're only paraphrasing that article and making assumptions.

> We received Cellebrite's April 2024 Android and iOS support documents in April and from another source in May before publishing it. Someone else shared those and more documents on our forum. It didn't help us improve GrapheneOS, but it's good to know what we're doing is working.

> It would be a lot more helpful if people leaked the current code for Cellebrite, Graykey and XRY to us. We'll report all of the Android vulnerabilities they use whether or not they can be used against GrapheneOS. We can also make suggestions on how to fix vulnerability classes.

> In April, Pixels added a reset attack mitigation feature based on our proposal ruling out the class of vulnerability being used by XRY.

> In June, Pixels added support for wipe-without-reboot based on our proposal to prevent device admin app wiping bypass being used by XRY.

> In Cellebrite's docs, they show they can extract the iOS lock method from memory on an After First Unlock device after exploiting it, so the opt-in data classes for keeping data at rest when locked don't really work. XRY used a similar issue in their now blocked Android exploit.

> GrapheneOS zero-on-free features appear to stop that data from being kept around after unlock. However, it would be nice to know what's being kept around. It's not the password since they have to brute force so it must be the initial scrypt-derived key or one of the hashes of it.

0

Leaked Cellebrite Tool Docs Reveal List of Phones That Can Be Unlocked

> According to the documents, Cellebrite could not unlock any iPhones running iOS 17.4 or newer as of April 2024, labeling them as “In Research.” For iOS versions 17.1 to 17.3.1, the company could unlock the iPhone XR and iPhone 11 series using their “Supersonic BF” (brute force) capability. However, iPhone 12 and newer models running these iOS versions were listed as “Coming soon.”

> The Android support matrix showed broader coverage for locked Android devices, though some limitations remained. Notably, Cellebrite could not brute force Google Pixel 6, 7, or 8 devices that had been powered off. The document also specifically mentioned GrapheneOS, a privacy-focused Android variant reportedly gaining popularity among security-conscious users.

Links to the docs: > iPhone

> Android

GrapheneOS has a thread about this on Mastodon, which adds a bit more detail:

> Cellebrite was a few months behind on supporting the latest iOS versions. It's common for them to fall a few months behind for the latest iOS and quarterly/yearly Android releases. They've had April, May, June and July to advance further. It's wrong to assume it didn't change.

> 404media published an article about the leaked documentation this week but it doesn't go into depth analyzing the leaked information as we did, but it didn't make any major errors. Many news publications are now writing highly inaccurate articles about it following that coverage.

> The detailed Android table showing the same info as iPhones for Pixels wasn't included in the article. Other news publications appear to be ignoring the leaked docs and our thread linked by 404media with more detail. They're only paraphrasing that article and making assumptions.

> We received Cellebrite's April 2024 Android and iOS support documents in April and from another source in May before publishing it. Someone else shared those and more documents on our forum. It didn't help us improve GrapheneOS, but it's good to know what we're doing is working.

> It would be a lot more helpful if people leaked the current code for Cellebrite, Graykey and XRY to us. We'll report all of the Android vulnerabilities they use whether or not they can be used against GrapheneOS. We can also make suggestions on how to fix vulnerability classes.

> In April, Pixels added a reset attack mitigation feature based on our proposal ruling out the class of vulnerability being used by XRY.

> In June, Pixels added support for wipe-without-reboot based on our proposal to prevent device admin app wiping bypass being used by XRY.

> In Cellebrite's docs, they show they can extract the iOS lock method from memory on an After First Unlock device after exploiting it, so the opt-in data classes for keeping data at rest when locked don't really work. XRY used a similar issue in their now blocked Android exploit.

> GrapheneOS zero-on-free features appear to stop that data from being kept around after unlock. However, it would be nice to know what's being kept around. It's not the password since they have to brute force so it must be the initial scrypt-derived key or one of the hashes of it.

25
More Americans apply for jobless benefits as layoffs settle at higher levels in recent weeks
  • Saw your edit claiming that it took 48 minutes (which you added about 4 hours after you originally commented). Where did a user from lemmy.world call OP (also from lemmy.world) a tankie or a russian/chinese shill/bot?

    Or, are you somehow all-knowing and knew that a user from lemmy.world downvoted this post because they thought that? Because all I see is a good amount of upvotes, and other people agreeing.

  • More Americans apply for jobless benefits as layoffs settle at higher levels in recent weeks
  • We both know that my point is that you're on lemmy visiting the exact instance you're complaining about. Regardless of your motives, you're giving them traffic, and even worse (by your logic, anyway) you're letting them count you as an active user. You might not be from lemmy.world, but these comments originate from & live here.

    Even then, people seeing your downvoted comment here will not make people leave. People here are well aware that this is federated and that there are multiple instances (except, in your case, you seem to have forgotten that you could just stay on lemmy.ml communities, or block lemmy.world). They aren't going to see your judgmental, main character syndrome comments and suddenly change their tune.

    I also find it interesting that nothing in your first comment said anything that could let other users know that there are other options. I can't find anything so noble as to warn other users about anything in it.. almost like it wasn't your original motivation.

    Maybe blocking the instance is a better, healthier option for you?

  • Firefox added ad tracking and has already turned it on without asking you
  • This doesn't add any extra tracking, in fact it's intent is to make interacting with advertising more anonymous from a user perspective (click that learn more button).

    On top of that, the author says "..or switching to a more privacy-conscious browser such as Google Chrome", which pretty much invalidates everything they have to say.

  • Home Improvement @lemmy.world AmbiguousProps @lemmy.today

    How often do I actually need my heat pump system tuned up?

    I had a heat pump installed about a year ago. It came with one free service and the installing company has been calling me almost every week to come out and do the complimentary tune up. I know that I obviously should take a free tune up, but it made me wonder. How often do I actually need this done? What are they actually "tuning up"?

    8

    Supreme Court leaves in place a Texas law requiring pornographic websites to verify users' ages

    www.seattletimes.com Supreme Court leaves in place a Texas law requiring pornographic websites to verify users’ ages

    The Supreme Court has refused to block a Texas law requiring pornographic websites to verify the age of their users.

    Supreme Court leaves in place a Texas law requiring pornographic websites to verify users’ ages

    > The Supreme Court on Tuesday refused to block a Texas law requiring pornographic websites to verify the age of their users.

    > The justices rejected an emergency appeal filed by the Free Speech Coalition, a trade association for the adult entertainment industry. The provision of House Bill 1181, signed into law by Gov. Greg Abbott, remains in effect even as the association’s full appeal is weighed by the Supreme Court.

    > There were no noted dissents from the court’s one-sentence order.

    > Similar age verification laws have passed in other states, including Arkansas, Indiana, Kansas, Louisiana, Mississippi, Montana, Oklahoma, Utah and Virginia.

    > The Texas law carries fines of up to $10,000 per violation that could be raised to up to $250,000 per violation by a minor.

    16
    www.space.com China unveils video of its moon base plans, which weirdly includes a NASA space shuttle

    The video details an expansive lunar outpost, but curiously includes CGI of a NASA space shuttle taking off from the moon's surface.

    China unveils video of its moon base plans, which weirdly includes a NASA space shuttle

    > The China National Space Administration (CNSA) has released a video of its concept for a lunar base to be developed across the next couple of decades.

    > CNSA unveiled the video on Wednesday (April 24) as part of the country's annual space day celebrations. The project is known as the International Lunar Research Station (ILRS) and was jointly announced in 2021 by China and Russia.

    > China is now leading the moon base initiative and attempting to attract international partners for the endeavor. So far, alongside China, Russia, Venezuela, Pakistan, Azerbaijan, Belarus, South Africa, Egypt, Thailand and Nicaragua have joined the initiative, according to Space News.

    > One curious detail of the video is the presence of a retired NASA Space Shuttle appearing to lift off from a launch pad in the background.

    53

    Tesla facing federal probe days after fatal Autopilot crash in Monroe, WA

    www.seattletimes.com Tesla facing federal probe days after fatal Autopilot crash in Monroe

    Jeffrey Nissen, 28, of Stanwood was on his way home from work on Highway 522 when the Tesla Model S struck his blue 2003 Yamaha R6, Nissen’s fiancee Janae Hutchinson said Thursday.

    Tesla facing federal probe days after fatal Autopilot crash in Monroe

    > Federal auto regulators announced Friday they are opening an investigation into the safety of Tesla’s Autopilot feature, less than a week after a Tesla driver believed to be using it allegedly struck and killed a motorcyclist in Monroe.

    > Jeffrey Nissen, 28, of Stanwood was on his way home from work on Highway 522 when the Tesla Model S struck his blue 2003 Yamaha R6, Nissen’s fiancée Janae Hutchinson said Thursday.

    > Washington State Patrol spokesperson Chris Loftis said the agency is still investigating whether the Tesla driver was using Autopilot — a combination of cruise control and Autosteer intended to maintain the car’s set speed while keeping a safe distance from other vehicles and in its driving lane. The crash was among a rising number of collisions in Washington involving cars equipped with the technology, mostly Teslas.

    > Washington saw 17 such crashes last year compared to 12 in 2022, according to National Highway Traffic Safety Administration data. Of the 35 crashes in Washington involving Autopilot-equipped cars reported by the National Highway Traffic Safety Administration between Sept. 1, 2021 and March 15, 2024, all but three were Teslas, according to the data.

    2

    US challenges 'bogus' patents on Ozempic and other drugs in effort to spur competition

    www.seattletimes.com US challenges ‘bogus’ patents on Ozempic and other drugs in effort to spur competition

    The Federal Trade Commission is challenging patents on 20 brand name drugs, including the blockbuster weight-loss injection Ozempic.

    US challenges ‘bogus’ patents on Ozempic and other drugs in effort to spur competition

    > Federal regulators are challenging patents on 20 brand name drugs, including the blockbuster weight-loss injection Ozempic, in the latest action by the Biden administration targeting industry practices that drive up pharmaceutical prices.

    > The Federal Trade Commission on Tuesday sent warning letters to 10 drugmakers, taking issue with patents on popular drugs for weight loss, diabetes, asthma and other reparatory conditions. The letters allege that certain patents filed by Novo Nordisk, GlaxoSmithKline, AstraZeneca and seven other companies are inaccurate or misleading.

    > Brand-name drugmakers use patents to protect their medicines and stave off cheaper, generic medicines. Most blockbuster drugs are protected by dozens of patents covering various ingredients, manufacturing processes and intellectual property. Generic drugmakers can only launch their own cheaper versions if the patents have expired or are successfully challenged in court.

    > “By filing bogus patent listings, pharma companies block competition and inflate the cost of prescription drugs, forcing Americans to pay sky-high prices for medicines they rely on,” said FTC Chair Lina Khan, in a statement.

    21

    Russia arrests more journalists in intensifying crackdown on dissent

    > Russia has arrested two Russian journalists on “extremism” charges in recent days, the latest moves in a continuing crackdown targeting independent reporters and media outlets. A third Russian journalist, with Forbes Russia, was charged with publishing what authorities called “fake news.”

    > The increasing use of anti-extremism laws to prosecute reporters — one piece of a larger campaign to stifle domestic dissent during Russia’s war in Ukraine — is likely to have a further chilling effect on the few independent journalists still operating in Russia, many of them freelancers or employees of small outlets with few legal protections.

    > The Associated Press on Saturday reported that video journalist Sergey Karelin, who has worked with the AP, Deutsche Welle and other international outlets had been arrested Friday in the Murmansk region in northern Russia and charged with extremism. He was placed in custody pending trial.

    4
    www.seattletimes.com Demonstrations roil US campuses ahead of graduations as protesters spar over Gaza conflict

    Protests are roiling college campuses across the U.S. as upcoming graduation ceremonies are threatened by disruptive demonstrators, with students and others sparring over Israel’s military offensive in Gaza and its mounting death toll.

    Demonstrations roil US campuses ahead of graduations as protesters spar over Gaza conflict

    > Protests are roiling college campuses across the U.S. as upcoming graduation ceremonies are threatened by disruptive demonstrators, with students and others sparring over Israel’s military offensive in Gaza and its mounting death toll.

    > Many campuses were largely quiet over the weekend as demonstrators stayed by tents erected as protest headquarters, although a few colleges saw forced removals and arrests. Many students are demanding their universities cut financial ties with Israel over the large-scale operation in Gaza it says was launched to stamp out the militant Palestinian group Hamas.

    > Protesters on both sides of the rancourous debate shouted and shoved each other during dueling demonstrations Sunday at the University of California, Los Angeles. The university stepped up security after “some physical altercations broke out among demonstrators,” Mary Osako, vice chancellor for UCLA Strategic Communications, said in a statement. There were no reports of arrests or injuries.

    > About 275 people were arrested on Saturday at various campuses including Indiana University at Bloomington, Arizona State University and Washington University in St. Louis. The number of arrests nationwide approached 900 since New York police removed a pro-Palestinian protest encampment at Columbia University and arrested more than 100 demonstrators on April 18.

    7

    Tesla profits nosedive as more job cuts announced

    www.bbc.com Tesla profits cut in half as demand falls

    The EV maker brings forward launch plans for new models as profits drop by more than half.

    Tesla profits cut in half as demand falls

    > Tesla has seen its profits more than halve this year, and says it will bring forward the launch of new models after announcing thousands of job cuts to try to reverse its fortunes.

    > Despite plans to bring forward new models originally planned for next year the firm is cutting its workforce.

    > Tesla said it would lose 3,332 jobs in California and 2,688 positions in Texas, starting mid-June.

    > The cuts in Texas represent 12% of Tesla's total workforce of almost 23,000 in the area where its gigafactory and headquarters are located.

    81

    Amnesty: World seeing near breakdown of international law amid wars in Gaza and Ukraine

    apnews.com World seeing near breakdown of international law amid wars in Gaza and Ukraine, Amnesty says

    Amnesty International says the world is seeing a near breakdown of international law amid flagrant rule-breaking in Gaza and Ukraine, multiplying armed conflicts, the rise of authoritarianism and huge rights violations in Sudan, Ethiopia and Myanmar.

    World seeing near breakdown of international law amid wars in Gaza and Ukraine, Amnesty says

    > The world is seeing a near breakdown of international law amid flagrant rule-breaking in Gaza and Ukraine, multiplying armed conflicts, the rise of authoritarianism and huge rights violations in Sudan, Ethiopia and Myanmar, Amnesty International warned Wednesday as it published its annual report.

    > The human rights organization said the most powerful governments, including the United States, Russia and China, have led a global disregard for international rules and values enshrined in the Universal Declaration of Human Rights, with civilians in conflicts paying the highest price.

    > Agnes Callamard, Amnesty’s secretary general, said the level of violation of international order witnessed in the past year was “unprecedented.”

    > “Israel’s flagrant disregard for international law is compounded by the failures of its allies to stop the indescribable civilian bloodshed meted out in Gaza,” she said. “Many of those allies were the very architects of that post-World War Two system of law.”

    7
    www.seattletimes.com U.S. health officials warn of counterfeit Botox injections

    U.S. health officials are warning of counterfeit Botox injections after more than 20 people got sick.

    U.S. health officials warn of counterfeit Botox injections

    > U.S. health officials issued a warning Tuesday about counterfeit Botox injections that have sickened 22 people.

    > Half of the individuals have ended up in the hospital, according to the Centers for Disease Control and Prevention. The agency issued an alert to doctors on Tuesday.

    > The cases started in early November and have been reported in 11 states. The CDC said the shots were administered by unlicensed or untrained individuals or in settings like homes or spas. Most of the people said they got injections of botulinum toxin for cosmetic reasons.

    > Six people were treated for suspected botulism, health officials said. When it gets into the bloodstream, botulinum toxin can cause botulism, a deadly disease that starts with double or blurred vision, drooping eyelids, slurred speech, difficulty swallowing and difficulty breathing.

    3
    www.seattletimes.com Hundreds of WA students walk off campuses to protest U.S. aid to Israel

    Hundreds of high school and college students across the Puget Sound region walked out of school Tuesday to protest Israel’s war against Hamas.

    Hundreds of WA students walk off campuses to protest U.S. aid to Israel

    > Hundreds of high school and college students across the Puget Sound region walked out of school Tuesday to protest Israel’s fighting in Gaza.

    > Some gathered outside their school’s front offices, where they listened to student leaders chant into megaphones. Others left school and flocked to Cal Anderson Park in Seattle’s Capitol Hill neighborhood to do the same. Anywhere from 20 to 150 students turned out at each of a dozen Seattle-area schools, but overall the protests were calm and low-key.

    > “We demand a free Palestine,” and “Free, free Palestine,” students chanted at Cal Anderson Park. They carried posters that read “Genocide is never justified” and “Cease-fire now” during a small march down streets in West Seattle.

    5
    www.seattletimes.com Tesla driver was using Autopilot before fatal Monroe crash, police say

    The Snohomish man had set his car on Autopilot and was looking at his cellphone when he struck a motorcyclist on Highway 522 on Friday, court records show.

    Tesla driver was using Autopilot before fatal Monroe crash, police say

    > A 56-year-old Snohomish man had set his Tesla Model S on Autopilot and was looking at his cellphone on Friday when he struck and killed a motorcyclist in front of him in Monroe, court records show.

    > A Washington State Patrol trooper arrested the Tesla driver at the crash site on Highway 522 at Fales Road shortly before 4 p.m. on suspicion of vehicular manslaughter, according to a probable cause affidavit.

    > The motorcyclist, Jeffrey Nissen, 28, of Stanwood, died at the scene, records show.

    > The Tesla driver told a state trooper he was driving home from having lunch in Bothell and was looking at his phone when he heard a bang and felt his car lurch forward, accelerate and hit the motorcyclist, according to the affidavit.

    > The man told the trooper his Tesla got stuck on top of the motorcyclist and couldn’t be moved in time to save him, the affidavit states.

    > The trooper cited the driver’s “inattention to driving, while on autopilot mode, and the distraction of the cell phone while moving forward,” and trusting “the machine to drive for him” as probable cause for a charge of vehicular manslaughter, according to the affidavit.

    > The man was booked into the Snohomish County Jail and was released Sunday after posting bond on his $100,000 bail, jail records show.

    54

    Google fires 28 employees after protest over Israel cloud contract

    www.theverge.com Google fires 28 employees after sit-in protest over Israel cloud contract

    The employees were protesting against “Project Nimbus.”

    Google fires 28 employees after sit-in protest over Israel cloud contract

    > Google fired 28 employees in connection with sit-in protests at two of its offices this week, according to an internal memo obtained by The Verge. The firings come after 9 employees were suspended and then arrested in New York and California on Tuesday.

    > In a memo sent to all employees on Wednesday, Chris Rackow, Google’s head of global security, said that “behavior like this has no place in our workplace and we will not tolerate it.”

    > He also warned that the company would take more action if needed: “The overwhelming majority of our employees do the right thing. If you’re one of the few who are tempted to think we’re going to overlook conduct that violates our policies, think again. The company takes this extremely seriously, and we will continue to apply our longstanding policies to take action against disruptive behavior — up to and including termination.”

    99

    Migrate from nextcloud photo backups to immich?

    Is there an easy way to do this? I suppose I could just copy the files manually but is there a better option? Thanks!

    30

    Warning: HAOS may become unbootable after upgrade from 12.1 -> 12.2

    github.com (x86_64) HA OS doesn't boot when updating from 12.1 to 12.2 · Issue #3305 · home-assistant/operating-system

    Describe the issue you are experiencing I see GNU GRUB with 4 options - Slot A, Slot B, Slot A rescue shell, Slot B rescue shell. Selecting any of them results in a message that it's unable to boot...

    (x86_64) HA OS doesn't boot when updating from 12.1 to 12.2 · Issue #3305 · home-assistant/operating-system
    21
    www.bleepingcomputer.com OpenTable is adding your first name to previously anonymous reviews

    Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

    OpenTable is adding your first name to previously anonymous reviews

    > Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

    > OpenTable notified members of this new policy change today in emails to members who had previously left a review on the platform, stating the change was made to provide more transparency.

    > "At OpenTable, we strive to build a community in which diners can help other diners discover new restaurants, and reviews are a big part of that," reads the OpenTable email seen by BleepingComputer.

    > "We've heard from you, our diners, that trust and transparency are important when looking at reviews."

    > "To build on the credibility of our review program, starting May 22, 2024, OpenTable will begin displaying diner first names and profile photos on all diner reviews. This update will also apply to past reviews.

    > When leaving reviews on OpenTable, members specify a "Review display name" that will be shown in the review, allowing feedback to be left anonymously.

    > Under this new policy change, a member's first name and profile picture will now be displayed in new and past reviews.

    7
    www.seattletimes.com Justice Department to sue Apple for antitrust violations as soon as Thursday

    The Justice Department is poised to sue Apple, accusing the company of violating antitrust laws by blocking rivals from accessing hardware and software features of its iPhone.

    Justice Department to sue Apple for antitrust violations as soon as Thursday

    The Justice Department is poised to sue Apple as soon as Thursday, accusing the world’s second most valuable tech company of violating antitrust laws by blocking rivals from accessing hardware and software features of its iPhone.

    The suit, which is expected to be filed in federal court, according to people familiar with the matter, escalates the Biden administration’s antitrust fights against most of the biggest U.S. technology giants. The Justice Department is already suing Alphabet’s Google for monopolization, while the Federal Trade Commission is pursuing antitrust cases against Meta Platforms and Amazon.com.

    14