Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

tjackvatten2

Hi everyone,

I’ve come across many articles and also forums in Swedish suggesting that Swedish police has access to backdoors on mobile communications through agreements with mobile the operators. According to what I've found, it's technically possible for the police to see all data in real-time, including decrypt signal messages, all activity, and more — even on a GrapheneOS. Also you don't even need to be suspected of a crime it just enough if the police is interested and want to check you. They don't need any approval from a judge. Also being associated with someone under investigation may be enough.

From what I understand, the cell towers log data which could then be accessed without needing direct access to the phone itself. This raises serious privacy concerns, especially for those of us trying to maintain strong security.

Given this situation, would simply removing the SIM card when not actively using cellular networks be a useful protection strategy? Are there better ways to harden GrapheneOS or the device setup to prevent this kind of passive or live surveillance? Should I use a 4G router and just connect the phone on that?

Any technical insights or advice from people with experience in this area would be greatly appreciated.

Thanks in advance!

tjackvatten2

Also, in Swedish this is called "Hemlig Dataavläsning" or just "HDA".

English articles on this topic from VPN Mullvad:
https://mullvad.net/sv/help/swedish-covert-surveillance-data-act

other8026

tjackvatten2 According to what I've found, it's technically possible for the police to see all data in real-time

Stuff like location, text messages, yes. If laws direct cell service providers to collect and share this data with the government or police, these things are possible.

tjackvatten2 including decrypt signal messages

I don't think this is true. Signal messages are end to end encrypted. Governments or internet providers can't just capture data and decrypt it. That's kind of the whole point.

tjackvatten2 From what I understand, the cell towers log data which could then be accessed without needing direct access to the phone itself. This raises serious privacy concerns, especially for those of us trying to maintain strong security.

Agreed, but think about what data is accessible to the mobile network. Basically, they can get location data and unencrypted data. Sms would be easy to hold on to. They could record calls or try transcribing them I guess.

tjackvatten2 Given this situation, would simply removing the SIM card when not actively using cellular networks be a useful protection strategy?

You'd want to enable airplane mode as well. Removing the SIM card isn't enough if you want to avoid tracking.

tjackvatten2 Should I use a 4G router and just connect the phone on that?

What would that accomplish? Avoid calls and SMS and use airplane mode + wifi when you can. Using a less secure device isn't going to do you any good.

I'd suggest reading this thread by our official account https://xcancel.com/GrapheneOS/status/1846709900715458703

tjackvatten2 Also, they can not only see everything you are doing live on your phone, they can also use your microphone, camera, location, etc. Is this also possible on a GrapheneOS?

Don't know how that would be possible on even an iPhone or up to date Android device, let alone GrapheneOS. This sounds more like something out of an inaccurate hacker movie than what may actually be happening.

ryrona

tjackvatten2 I’ve come across many articles and also forums in Swedish suggesting that Swedish police has access to backdoors on mobile communications through agreements with mobile the operators.

This is true for law enforcement in general in any country. This is also true for network traffic going out through your ISP on your home broadband connection and so on. Everything outside of your own device is potentially and very likely wiretapped. Your phone provider or ISP will likely also keep detailed logs of all your activity.

What they can see: They can listen to your regular phone conversations. They can read your sent and received SMS/MMS. They can see what websites you are visiting, unless you use a VPN to hide this from them. They can see what messaging apps and other internet based apps you are using, unless you use a VPN to hide this from them.

tjackvatten2 According to what I've found, it's technically possible for the police to see all data in real-time, including decrypt signal messages

No. They can not decrypt any communication at all, certainly not end-to-end encryption like Signal. The law enforcement in any country is just another hacker in this scenario. The encryption algorithms we have are way way enough to protect against even the strongest hackers out there. It is basically never the encryption that fails. Many encryption algorithms have mathematical proofs that they are unbreakable, meaning it is guaranteed no one ever can break them.

tjackvatten2 Also you don't even need to be suspected of a crime it just enough if the police is interested and want to check you. They don't need any approval from a judge.

I am uncertain about this. Your phone conversations, SMS and MMS messages, and what sites you visit if not using a VPN is basically public knowledge from a technical point of view. There are no privacy protections at all there. On the other hand, these kind of data traffics have traditionally been protected anyway, because they have been considered privacy sensitive.

It might be that an agreement with the phone provider or ISP is enough in this case.

tjackvatten2 Also being associated with someone under investigation may be enough.

This could constitute probable cause, yes, if there is reasons to believe you might be involved too.

tjackvatten2 From what I understand, the cell towers log data which could then be accessed without needing direct access to the phone itself.

True.

tjackvatten2 This raises serious privacy concerns, especially for those of us trying to maintain strong security.

No, it does not. GrapheneOS project have been very clear with that nothing that has with cellular connectivity to do is safe, and that it should be considered totally untrusted for any privacy sensitive task. They have been clear you should use end-to-end encrypted messaging apps such as Signal instead for all your text messages and voice and video calls. They have been very clear that you should use a VPN.

tjackvatten2 Given this situation, would simply removing the SIM card when not actively using cellular networks be a useful protection strategy? Are there better ways to harden GrapheneOS or the device setup to prevent this kind of passive or live surveillance?

The only thing you would hide this way is the exact location of your phone.

tjackvatten2 Should I use a 4G router and just connect the phone on that?

That makes no real difference if you are carrying the 4G router with you, as the only thing you can hide this way is the exact location of your phone.

Again, neither the police or anyone else can break into your phone. In most countries, the police are never allowed to break into any kind of system using exploits, but in the countries where they are allowed to do that, they definitely require a court order, and in that case, they are still just any other hacker, and GrapheneOS protects very well against that.

tjackvatten2 Also, in Swedish this is called "Hemlig Dataavläsning" or just "HDA".

Yes. And it has existed ever since phones were a device with a wire plugged into a phone jack. That law hasn't changed substantially since then.

tjackvatten2 Also, they can not only see everything you are doing live on your phone, they can also use your microphone, camera, location, etc. Is this also possible on a GrapheneOS?

No, they cannot do any of that on any phone, unless they play hacker and find an exploit and break into your device. GrapheneOS protects against hackers very well.

userofgos

tjackvatten2 You have made multiple unsubstantiated claims that GrapheneOS is vulnerable and has been compromised without providing factual evidence.

tjackvatten2 According to what I've found, it's technically possible for the police to see all data in real-time, including decrypt signal messages, all activity, and more — even on a GrapheneOS.

tjackvatten2 For example, the police have successfully seen signal messages in many cases —even on running hardened operating systems like GrapheneOS—this has been documented in several publicly available court documents (so-called FUPs, or preliminary investigation protocols)

tjackvatten2 One real-world example is a recent major narcotics investigation where police were able to hack SIX grapheneos pixels. This was only 2 weeks ago.

tjackvatten2 Complety remote, here is a statement from the Swedish prosecutor on a case that had HDA involved also they couldn't find the phone so all the evidence they had was completely by distance:

tjackvatten2 Believe me, I know many cases in Sweden where they have exploited many GraphenOS phones with HDA

tjackvatten2 You will all be surprised on what the Swedish police can do on their IT department, they have been doing this since 2020.

tjackvatten2 Hahahahah, change the that when I send the links. Sorry, next time I will provide all the sources directly.

tjackvatten2 Swedish police are actively exploiting not only GrapheneOS, but all mobile operating systems.

tjackvatten2 In this particular case, six Pixel devices (all running GrapheneOS) from six different individuals were accessed by the Swedish police. It’s unclear from the documentation whether access was gained via HDA or through physical extraction tools like Cellebrite.

tjackvatten2 these documents indicate that Swedish police are capable of accessing phones remotely — regardless of operating system.

tjackvatten2 For instance, I personally had a close friend who had a Pixel 6 running GrapheneOS. According to the police, they successfully installed HDA on his device

It seems likely to me that @GrapheneOS is correct in saying that:

GrapheneOS The claims being made by @tjackvatten have also massively shifted from the original posts to what they are claiming now. Take a look at the first 3 posts and compare that to what they're claiming now. Take a look through the discussion and you'll see repeated requests for proof. The claims being made are not consistent and have becoming increasingly extreme. To us, this looks a lot like someone talking an LLM into telling them what they want to here and believing what it says even though all they do is generate believable nonsense appealing to the person talking to them. LLMs are an extreme form of people reading a very narrow set of unreliable sources catering to what they want to hear.

de0u

tjackvatten2 English articles on this topic from VPN Mullvad:
https://mullvad.net/sv/help/swedish-covert-surveillance-data-act

Thanks for the link. What I see there is that government agents may be authorized to collect all sorts of things, including potentially recording microphone audio, but that actually obtaining information is not guaranteed.

So if GrapheneOS hypothetically has a remotely exploitable vulnerability that enables covert audio recording, an authorized agent may be able to remotely trigger covert recording of audio. Overall this is not surprising or unique to Sweden.

Presumably GrapheneOS users hope such vulnerabilities do not exist (and, beyond just hoping, stay up to date with security patches).

tjackvatten2

Also, they can not only see everything you are doing live on your phone, they can also use your microphone, camera, location, etc. Is this also possible on a GrapheneOS?

locked

For some of the stuff that the OP suggest that could be going on, such as the use of your microphone, camera, access to your Signal messaging app, and in general, that deep of penetration, it would likely require help from an outfit like Paragon Solutions, or the likes, a company based out of Israel that focuses on exploiting zero days, mostly through silent messages, 0-click or.even 1- clicks. Whatsapp has proven to be the best gateway for this, although I am certain there are other methods. So, yes, your Signal messages can be read if an intruder is inside your phone with access to your keychain. It's probably a good idea, if you're on an iPhone to have lockdown mode enabled, not have WhatsApp installed, and keep your phone on airplane mode as much as possible. On GoS, my main profile is a secondary profile.
The owner profile is a nomad. No app has network access at all. So I only hop on WIFI networks. For GoS you should at least be on a P8 if possible. Take a look at the exploit protection settings. You may be able to harden even more.

tjackvatten2

ryrona

You're absolutely right that encryption like those used in Signal or Telegram are extremely strong and, in theory, mathematically unbreakable. However, what you may be missing is that law enforcement doesn't need to break the encryption itself to access the contents of encrypted messages in Sweden from the articles I have read.

For example, the police have successfully seen signal messages in many cases —even on running hardened operating systems like GrapheneOS—this has been documented in several publicly available court documents (so-called FUPs, or preliminary investigation protocols) that you can get from the court, everything in Sweden Is public, so for example, let say that you have been convicted for murder, I can go the court and get all the investigation material for free, like everything how the police has found the evidence, the names of the person all the investigation protocols from suspect to convict on court sometimes it can be 1200 pages. From this information you can find that the Swedish police has in many many cases hacked the phone and seen all messages including signal etc.

A report from the University of Gothenburg also discusses how Swedish law enforcement has developed its own form of spyware—comparable to Pegasus—which is capable of infiltrating phones using zero-click exploits. Once inside the phone, they can see everything before it's encrypted or after it's decrypted—this includes Signal, Telegram, Wickr, and other secure messaging apps.

They don’t need to break the encryption because they’re inside the phone itself. In some documented cases, all they needed was the IMEI number or phone number to begin the infiltration, how is this possible? From what I have read I suspect its via mobile networks or Wi-Fi access points but the police don't say it loud as its secrets but in some of this FUPS we (investigation protocols) the red line is that is should be the phone mast or wifi routers.

One real-world example is a recent major narcotics investigation where police were able to hack SIX grapheneos pixels. This was only 2 weeks ago.

Also another case where the court quoted this:

“The second phone could not be examined physically. However, it was subject to secret coercive measures including surveillance of electronic communication (HÖK), interception of electronic communication (HAK), and covert data surveillance (HDA). Data from HDA shows that the phone was primarily used for communication via the Signal app.”

This proves that the encryption wasn't broken, but rather bypassed entirely by gaining access to the endpoint device itself.

So how can you protect yourself?

That’s the difficult part. If state-level actors are using zero-days or network-level exploits, then even highly secure systems like GrapheneOS may not be enough. What can you do to minimize the risks?

argante

It makes me wonder how common this type of practice is. If it was done for one agency, why wouldn't companies do it for other agencies? We saw some time ago that Apple was(?) being pressured.

r134a

As already told here, sms, mms & calls should be avoided if u value privacy. I too live in a EU country where any carier legally has to store X(without doxing myself) years of calls, sms and mms in order to be even able to operate. I believe technically law enforcement needs a 'warrant' to acces these, but nevertheless each call, sms or mms i made the last X years, sits in database of my carrier.

Xtreix

r134a I believe technically law enforcement needs a 'warrant' to acces these

I live in the EU too and as far as I know, warrants are for USA, there are no warrants here, it works differently.

r134a

Xtreix Yeah nice catch, i don't know the term exactly in english hence why i wrote it between quotes, but the concept should be clear. Basicly i believe one has to be a suspect of something first and then the LE in question would need a document signed by someone who can approve the acces legally (don't know the term in english aswell of that person, apologies).

de0u

tjackvatten2 One real-world example is a recent major narcotics investigation where police were able to hack SIX grapheneos pixels. This was only 2 weeks ago.

Is it possible to post a link to the court document, or at least a case number?

Xtreix

tjackvatten2 or Telegram are extremely strong and, in theory, mathematically unbreakable

Telegram don't use E2EE, only with the “secret message” option not enabled by default and its implementation incredibly dubious, Telegram undermines security and privacy. The rest of your commentary sounds like the plot of a spy movie. I'm not saying you're wrong, but I'm waiting to hear more.

I wouldn't be surprised if these reports were sensationalized to discourage the use of secure tools that protect privacy, I remember in Sweden there was a coordinated attack by the Police against Signal where officers claimed that it was a tool designed for criminals and that parents should be extremely vigilant and watch their children if they use Signal, because it could mean that their children are participating in the preparation of a crime.

tjackvatten2 hack SIX grapheneos pixels

The only rational cause I can think of is that these devices were no longer supported, no longer received any security updates and that the latest version of GrapheneOS dated from before August 2022 (sorry, I'm not sure about the month), the date at which GrapheneOS is exploitable by major forensic tools.

r134a Yes, it seems to me that's how it works overall, but I'm no expert, even though I've read a lot of documents on the subject.

AltruisticMidget

tjackvatten2
Can confirm, FRA developed the tools. Primarily used by Säpo, and in some cases the normal police.

GrapheneOS is no match for FRA. They are on similar level as US based NSA.

Laws changed in this country after 2020 which gave the police the possibility to hack endpoints, thus seeing and recording the screen live. Thus, encryption is not broken, because they are simply reading the input text from the screen.

Only way to protect against that is to have a phone which they do not have IMEI or SIM info about. They target the specific phone.

Another way of protecting against it is to encrypt & decrypt your messages on an air-gapped device. But it is a huge hassle to get the text between the "online" and the "airgapped" device...

Anyway, probably these new laws are good for Sweden, they are making headlines even in international news because of the rampant criminality stemming from massimmigration.

matchboxbananasynergy

tjackvatten2 You've made very specific claims about GrapheneOS. We would like to see what the proof for that is so that conversation about the topic can be fruitful. Currently, it's not productive.

That said, GrapheneOS is obviously not bulletproof and neither claims to be that. It's entirely possible for remote exploits etc. to exist that can compromise running it. We have reason to believe that we make it substantially more difficult than other devices, though, and are not aware of successful attempts at doing it. You claim to have proof of that, and it would be good to provide it in the community instead of simply claiming it.

r134a

Xtreix Yes, it seems to me that's how it works overall, but I'm no expert, even though I've read a lot of documents on the subject.

Yes, thats how it works in my country atleast. I believe it's not a spefic EU-law, but a national law, atleast when i had to study it more then a decade ago,. Other EU countries migjt follow a similar approach, but since EU has gained significantly more 'political power' over its nation states, so things might been changed and EU law regarding this might have 'overruled' the national law. But SMS, MMS & cellular calls have to been kept X years here.

matchboxbananasynergy

AltruisticMidget What can you confirm, exactly? Do you have specific info that you can point to?

Claimspro

AltruisticMidget

I mean Tjackvatten is TS and AltuisticMidget who also claimed the same and backed his tjackvattens words.

For the 4th time if you read my posts, I have never claimed that there is exploit in GrapheneOs and have only stated HAK and HÖK have been used when users have grapheneos and the phone do not matter since its over network and the sim provider gives the police what they ask for.

In one case I have seen the police enter a grapheneos due to weak password or no password or swipe/ biometric. It is not stated in the court documents how. Only shows the extraction so there is no way of knowing how they got hold of it but from my understanding no password or weak password.

To add to this in Sweden the police can force the suspect to unlock the phone by holding him and opening and using face ID in some cases and unlocking taking his hand and unlocking the phone.
So again no way of knowing how they enter the phone.

https://www.flashback.org/sp91805708

In the case tjackvatten is talking about they had surveillance for over 1 year. So the police could have had video tapes of the suspects unlocking the phones in public and by that entering the phone since they COULD already have the passwords and one phone did not even have a password of the 6 phones and the rest do not state how they got entry.

There are people in late 2024 with grapheneos who been in murdercases that they could not extract anything from.

So again im against all the claims they have said and only want to prove them wrong.

tjackvatten2

matchboxbananasynergy

Nothing against GrapheneOS, I still think it's the most secure OS you can have on a phone, I just mean that if they can get inside a GrapheneOs then Iphone, Samsung etc have no chance either. I can get some links tonight I will send it to you, I am just really interested in this topic and want to get a discussion on how to avoid this as I know that this technology the Swedish police have will in no time come to other countries and it will be good to have a idea of what coming and be prepared because nobody in Sweden talks about this which is why I want to get this out. This forum is a good start.

AltruisticMidget

matchboxbananasynergy
What do you want confirmed?

That FRA is on a similar level as NSA?
Or that they provide tools to Säpo/Swedish Police?
Both are easily confirmed anyone can google it.

I live in Norway personally, Sweden has turned into a shit hole country with rampant criminality that is even gaining foothold in my own country. And in Denmark. And Finland.

This made the Swedish government implement alot of new laws in the latest years, 2020-2025. Some mentioned by @tjackvatten2

Basically, they can hack anyone, without court orders or even a probable cause.
FRA developed the tools for this, which Säpo and the police are allowed to use.

Exactly how it is done technically, they do not have to (and will never) share in a court. But as @tjackvatten mentioned (from recent cases) they are able to remotely hack the end user and share their signal conversations simply by screenshotting or recording them live. Thus, encryption are not broken, the OS is.

tjackvatten2

matchboxbananasynergy

tjackvatten2 I believe it's a good think to discuss things based on proof on these topics, so there's no point in discussing things and making assertions without data available that the rest of the forum can look at as well. Thanks in advance.