Wasted can be bypassed with fastboot

[finance8]

There is a video on the internet how to bypass Wasted without the phone deleting itself. What now? Will there be any solution?

This is the video I found:

https://youtu.be/FUqYzA3l_Qg?si=AmTViF5FGd0l2KUc

[x13a]

I will take a look on the weekend and let you know

On Wed, Dec 13, 2023, 19:40 finance8 @.***> wrote:

There is a video on internet how to bypass Wasted without the phone deleting itself. What now? Will there be any solution?

This is the video I found:

https://youtu.be/FUqYzA3l_Qg?si=AmTViF5FGd0l2KUc

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/72, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7T7RA2YKN4O6BFZ2RR3YJHEANAVCNFSM6AAAAABATMA6RGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAZTSOJXGY3TQNA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[x13a]

Related: https://discuss.grapheneos.org/d/7703-protection-from-xry-pro/3

On Wed, Dec 13, 2023, 19:48 lucky @.***> wrote:

I will take a look on the weekend and let you know

On Wed, Dec 13, 2023, 19:40 finance8 @.***> wrote:

There is a video on internet how to bypass Wasted without the phone deleting itself. What now? Will there be any solution?

This is the video I found:

https://youtu.be/FUqYzA3l_Qg?si=AmTViF5FGd0l2KUc

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/72, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7T7RA2YKN4O6BFZ2RR3YJHEANAVCNFSM6AAAAABATMA6RGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAZTSOJXGY3TQNA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[finance8]

Related: https://discuss.grapheneos.org/d/7703-protection-from-xry-pro/3

On Wed, Dec 13, 2023, 19:48 lucky @.***> wrote:

I will take a look on the weekend and let you know

On Wed, Dec 13, 2023, 19:40 finance8 @.***> wrote:

There is a video on internet how to bypass Wasted without the phone

deleting itself. What now? Will there be any solution?

This is the video I found:

https://youtu.be/FUqYzA3l_Qg?si=AmTViF5FGd0l2KUc

—

Reply to this email directly, view it on GitHub

https://github.com/x13a/Wasted/issues/72, or unsubscribe

https://github.com/notifications/unsubscribe-auth/AMXH7T7RA2YKN4O6BFZ2RR3YJHEANAVCNFSM6AAAAABATMA6RGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAZTSOJXGY3TQNA

.

You are receiving this because you are subscribed to this thread.Message

ID: @.***>

Thank you for your promised reply. However, my question was about the app "Wasted" and the capability to actually disable the app without any kind of unlock. Will be there any solution? This may affect many people.

[x13a]

@finance8 No idea if something can be done for now. As I understand, they reboot the device to fastboot mode and break Wasted in it. So we have to disable fastboot to prevent raw/write access to device. It is better to ask GrapheneOS devs for this, maybe they have some ideas.

[flawedworld]

The issue demonstrated in the video is a device issue with the firmware. It does not fall in scope of Wasted in my opinion.

Also see: https://discuss.grapheneos.org/d/10023-exploit-of-device-after-first-unlock-to-obtain-data-that-isnt-at-rest/27

[flawedworld]

https://source.android.com/docs/security/bulletin/pixel/2024-04-01 https://twitter.com/GrapheneOS/status/1775619234204197234 https://twitter.com/GrapheneOS/status/1775305179581018286

Use a supported Pixel with the April ASB with either GrapheneOS or the stock Pixel OS and you will mitigate this attack.

@x13a This is basically solved, and more improvements will come in Android 15 to prevent this style of attack from other potential vectors in future within the OS.

[flawedworld]

If you don't use a Pixel and instead use another Android device, buy a Pixel. That's the fix. I don't trust 3rd party OEMs to properly implement mitigations in firmware, let alone patch the OS properly, so that's my advice to you.