**Summary: Cellebrite’s Phone Hacking Tools Are Stymied by GrapheneOS on Pixel Phones**
In recent years, smartphone security has greatly improved, making it much harder for unauthorized parties to access personal data stored on these ubiquitous devices. However, specialized companies like Cellebrite have continued to develop tools that claim to help law enforcement bypass security measures on many popular phones, including Google’s Pixel lineup. A recent leak has shed some light on just how effective Cellebrite’s tools are—and revealed that one open-source operating system, GrapheneOS, appears to significantly raise the bar for device security.
**Cellebrite’s Capabilities and the Leak**
Cellebrite is a company known for providing digital forensics tools to law enforcement agencies worldwide. Their software and hardware solutions are designed to extract data from locked or encrypted smartphones, helping authorities gather evidence in criminal investigations. The methods and capabilities of Cellebrite’s technology are kept confidential, but a recent leak has offered a rare glimpse into which devices are vulnerable.
This leak comes from an individual using the pseudonym “rogueFed,” who managed to join a Cellebrite briefing held over Microsoft Teams. RogueFed captured screenshots of internal documents and shared them on the GrapheneOS forums, as first reported by 404 Media. The documents detailed Cellebrite’s ability to extract data from several recent Google Pixel phones, specifically the Pixel 6, Pixel 7, Pixel 8, and Pixel 9 families. The latest Pixel 10 series, which was launched only a few months prior, was not included in the documentation.
**How Data Extraction Works on Pixel Phones**
The leaked Cellebrite chart categorizes phone access into three security states:
1. **Before First Unlock (BFU):** The phone has not been unlocked since it was last powered on or rebooted. All user data remains securely encrypted in this state, making it the most secure. 2. **After First Unlock (AFU):** The phone has been unlocked at least once since the last reboot, which allows some data to be decrypted and potentially accessible. 3. **Unlocked:** The phone is currently unlocked, granting open access to most or all user data.
According to the Cellebrite briefing, their tools can extract data from Pixel 6, 7, 8, and 9 devices running the default, factory-installed Google software. This is possible whether the phone is in AFU or unlocked states, and, surprisingly, even when the device is in the BFU state, which is supposed to be the most secure. However, the tools do not brute-force passcodes; if a passcode is unknown, full access cannot be achieved. The leak also notes that, at present, law enforcement cannot duplicate eSIM profiles from Pixel devices—a noteworthy limitation as Google moves away from physical SIM cards in newer models.
**GrapheneOS: A Major Obstacle for Cellebrite**
The leaked information becomes especially interesting when it comes to phones running GrapheneOS. Graphene