According to the creators of GrapheneOS, a version of Android with a strong focus on privacy and security, the mobile operating system is subject to firmware vulnerabilities. But they have a solution to protect themselves effectively, and it is very simple.
The golden age of Custom ROM, these alternatives to Android of which they are a derivative, are over. We remember, for example, CyanogenMod, which became LineageOS. But with developments in Google’s system, the usefulness of installing this type of program has greatly diminished. Unless you’re looking for something very specific, like with GrapheneOS. This ROM was released in 2014 and continues to exist today focusing on private life and the security of its users.
The teams recently alerted X (Twitter) of the existence of security failures even affecting recently released models like the Pixel 8: “we recently reported exploited firmware vulnerabilities […] to obtain data on devices that are not at rest. If the device is at rest, […] the data is safe”. The notion of “rest” means that the smartphone is either off or on but not yet unlocked by the PIN code or the defined method. In both cases, it is extremely difficult for a hacker to access your data since the mobile is not fully functional.
The creators of GrapheneOS propose to implement this simple solution to fight against attacks on Android
It is important to understand that once the smartphone is turned on and unlocked, the risks of attack are immediately greaterespecially since locking the phone again doesn’t change anything. Nor even switch to airplane mode. A hacker can exploit a Wi-Fi, Bluetooth or even NFC connection depending on the case.
If the GrapheneOS message does not give details concerning the flaws identified, it does however mention a solution: restart your smartphone. Doing this stops and resets any processes or activities that could be exploited by an attacker. The opportunity for GrapheneOS to recall that the ROM has a automatic restart after 18 hours of inactivity.
The people in charge of the alternative Android system suggest that Google implements a similar function. A spokesperson for the Mountain View firm confirms having been warned by GrapheneOS and that the teams are currently considering what to do next.
Source: BleepingComputer