Yes, Android (and GrapheneOS) uses file-based encryption by default. User profiles are also encrypted independently with their own keys. The data exfiltration is not the exploit but rather something that could be done from it, the encryption isn't affected.
The attack concept from the first vulnerability allowed brute forcing of an After First Unlock stock OS device thanks to exploiting the Fastboot firmware for a memory dump. It is a trivial platform reset attack. The issue was that Google did not erase the memory of an in-use device when switching to Fastboot. The stock OS doesn't clear freed memory while GrapheneOS does.
All operating systems incorporating disk encryption are vulnerable with this to a degree and the best mitigation is having the device purge encryption keys by rebooting or power off. We had defences like this already like auto-reboot and the option to disable USB entirely from hardware when an AFU device is in OS mode. Someone who'd be affected by this would be someone using the device the moment it had been stolen.
final [GrapheneOS] 📱👁️🗨️
npub1c9…7sqfm
2024-04-04 19:31:05
in reply to nevent1q…jhsp
Author Public Key
npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfmPublished at
2024-04-04 19:31:05Event JSON
{
"id": "30b44ec0597ce70e62d7c17c03cf0a4645db693b9b8bb95152ecae89d6d90498",
"pubkey": "c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185",
"created_at": 1712251865,
"kind": 1,
"tags": [
[
"e",
"3c702d723c1fe0db60e5e0a2d84d0a8938141ba92e6604ba6135d453aa4b43f8",
"",
"root"
],
[
"e",
"f9197678ea215ded787d36a9b4d4e064442f638587b2c03d59d6d62eb0e600f3"
],
[
"e",
"003d76c759b7f62ccb2c38d0f462c2213f83da5874f367aaefa57e20817d3ebd",
"",
"reply"
],
[
"p",
"c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185"
],
[
"p",
"0022fc3af01bafe1766437b87d92db4dd22cbd108ab044aaa0053cdc2f9d9f79"
]
],
"content": "Yes, Android (and GrapheneOS) uses file-based encryption by default. User profiles are also encrypted independently with their own keys. The data exfiltration is not the exploit but rather something that could be done from it, the encryption isn't affected.\n\nThe attack concept from the first vulnerability allowed brute forcing of an After First Unlock stock OS device thanks to exploiting the Fastboot firmware for a memory dump. It is a trivial platform reset attack. The issue was that Google did not erase the memory of an in-use device when switching to Fastboot. The stock OS doesn't clear freed memory while GrapheneOS does. \n\nAll operating systems incorporating disk encryption are vulnerable with this to a degree and the best mitigation is having the device purge encryption keys by rebooting or power off. We had defences like this already like auto-reboot and the option to disable USB entirely from hardware when an AFU device is in OS mode. Someone who'd be affected by this would be someone using the device the moment it had been stolen.",
"sig": "be90615bb9cca657d8e58e0fda635ccaaab7f53bea1c1ae58c14d968c48042a115316d2aba43932758ffc8ae1a1cbb63c8113437347a30c911991b47c13a18ef"
}