Metr0pl3x on Nostr: No OS can completely prevent exploitation. GrapheneOS however has not been known to ...
No OS can completely prevent exploitation. GrapheneOS however has not been known to be vulnerable and nobody has claimed to have done. GrapheneOS has much more advanced exploit mitigations to protect against targeted attacks including hardened_malloc and hardware memory tagging support.
Everyone on GrapheneOS has hardened_malloc and our other baseline exploit protections. hardened_malloc has great support for hardware memory tagging to provide a form of memory safety for memory unsafe code with a mix of deterministic guarantees and randomized general protection.
Production hardware memory tagging is currently exclusive to GrapheneOS running on 8th Gen Pixels. OS wide inclusive of our browser/webview Vanadium.
Our Auditor app can also be used to verify that it's a genuine GrapheneOS install.
If an attacker does exploit the device, they need to persist their access through persistent data due to verified boot, and then exploit the device again on each boot from there. This means wiping data from recovery removes access. Auditor is there to help discover compromise.
This makes Auditor useful for checking persistent state such as whether an accessibility service is enabled, which could be hidden from the user by the accessibility service if the user tried to check on the device itself via the Settings app, etc.
You are more secure on GrapheneOS.
Everyone on GrapheneOS has hardened_malloc and our other baseline exploit protections. hardened_malloc has great support for hardware memory tagging to provide a form of memory safety for memory unsafe code with a mix of deterministic guarantees and randomized general protection.
Production hardware memory tagging is currently exclusive to GrapheneOS running on 8th Gen Pixels. OS wide inclusive of our browser/webview Vanadium.
Our Auditor app can also be used to verify that it's a genuine GrapheneOS install.
If an attacker does exploit the device, they need to persist their access through persistent data due to verified boot, and then exploit the device again on each boot from there. This means wiping data from recovery removes access. Auditor is there to help discover compromise.
This makes Auditor useful for checking persistent state such as whether an accessibility service is enabled, which could be hidden from the user by the accessibility service if the user tried to check on the device itself via the Settings app, etc.
You are more secure on GrapheneOS.