alt Hacker NewsIn one thread people fighting the ever decreasing amount of hw ownership of most devices in our lives and when we have one that is more open, the crowds come to attack that too.
The theat model with tech has always been that if an attacker has physical access to the device and time then it's game over.
Replies
We can definitely see that on windows with the recent bitlocker exploit. I wonder if any new cases will be solved, or people imprisoned because of hardware in storage that can now be unlocked.
It's definitely better to not keep data locally if it's going to be seized, because of varying laws that can coerce unlocking, but in the U.S., it should be safe to refuse to give up passwords.
On the technical side, Google and Apple have changed the game with numerous improvements to physical security and GrapheneOS takes it even further building on their foundation reducing attack surface and adding good features. Particularly with Auto reboot[1] becoming widely adopted, your conclusion can be modified on phones.
[2]:
>This (https://osservatorionessuno.org/blog/2026/05/demystifying-ph...) is an article by an Italian non-profit that provides an introductive technical overview to forensic phone unlocking exploit kits used by governments and law enforcement, most notably Cellebrite.
>This post provides an overview on how disk encryption works on Android, common attack vectors used by forensic tools to brute force or extract a device, their countermeasures against popular security features like automatic reboot in iOS and how you can protect yourself against such tools, including several mentions about GrapheneOS.
[1] https://grapheneos.org/features#auto-reboot
[2] https://discuss.grapheneos.org/d/35728-demystifying-phone-un...
That doesn’t mean you don’t bother to secure the local device. I strongly suspect you have login security in your physical devices. Maybe even full disk encryption.
Just because a sufficiently advanced and determined attacker can own any device with physical access doesn’t mean we might as well make it easy for anyone.
Because it's not open for modification by the general public? (emphasis general, not just technically minded people)
Manufacturers need to pick a lane - either fully open, and then people who need it can harden their own stuff (and at least be aware of the tradeoff), or fully closed and secure.
This in-between where cars are invasive privacy nightmares that spy on you at all driving hours, and are insecure nightmares that will give up that data to anyone remotely invested, is the worst case scenario, obviously.