Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

JohnPatrickMason

wizoatk Södertörns tingsrätt. B 5354-25 Aktbil 35. Page 86.

Phone model: Google Pixel 9.

JohnPatrickMason

"(Google pixel) har vi inget stöd för i våra verktyg, telefonen är krypterad med Graphene och
inget stöd finns överhuvudtaget.
Telefonen har alfanumerisk kod, inget stöd för kodknäckning."

In short: Our tools were unable to extract the phone's data due to encryption.

ryrona

JohnPatrickMason "(Google pixel) har vi inget stöd för i våra verktyg, telefonen är krypterad med Graphene och
inget stöd finns överhuvudtaget.
Telefonen har alfanumerisk kod, inget stöd för kodknäckning."

In short: Our tools were unable to extract the phone's data due to encryption.

Full translation for anyone interested:

"We don't have any support for (Google pixel) in our tools, the phone is encrypted with Graphene and there is no support at all. The phone has an alphanumeric code, no support for breaking the code."

I think it is interesting that they specifically mention that the phone has an alphanumeric code (ie passsphrase instead of PIN) as a hurdle for breaking into it. Probably this means the phone was powered off when they found it. Since breaking a strong passphrase is impossible due to algorithmic complexity alone, regardless of available hardware and software exploits, this does not really tell us much about their abilities to break into phones that are AFU.

phone-company

I try to get a new licence for my cellebrite touch 2... Seems harder then expected.... :(

grayway2

phone-company it's very expensive....

Hathaway_Noa

phone-company You need Cellebrite Premium, everything below is useless :P

Blank

DeletedUser335 Oh gosh, what you described about the police powers is frightening... With a police being able to avoid judge approval or just check you whenever they want just because they decided so... What a terrible human violation right ! At least in my humble opinion...

de0u

__Blank__ Not all claims made by the original poster have stood up to scrutiny. The first post is arguably not a good one to base life decisions on.

phone-company

Hathaway_Noa yes wrote Cellebrite Yesterday... New device included 6Years Software Update ist 15000€

wuseman

wizoatk

Here you go.

https://pdfhost.io/v/9hM9FZv3Aq_Pixel9graphene

foxkurdisssh

I have a case where they accualty have done this on a Pixel 7 with graphenos. HDA used. I have the court case but not the FUP, can someone in Malmö get the fup? I know this guy, he had a pixel and you can see on page 34 on the court pages that HDA is used but no more info only that is used. This pappers I have is only the courts pages but in the FUP its much more pages and more details.

Can someone please get FUP for this case and confirm. Beacuse I can confirm that this guy had a Pixel and they couldnt gett inside his pixel but they installed trojan HDA and have read all his messages.

The case number is: B 7412-24 (Sweden)

ryrona

foxkurdisssh Beacuse I can confirm that this guy had a Pixel and they couldnt gett inside his pixel but they installed trojan HDA and have read all his messages.

Can you please quote the text that made you come to this conclusion? Not a single case of all posted above indicated any actual compromise using "a trojan" or other hacking attempt, I doubt this does.

foxkurdisssh

ryrona buy the court documents at Krimfup, check page 34.

https://www.krimfup.se/search/walid-khalil-boukriss link to court document

Case number B 7412-24

Can someone get FUP? Asked court but I was declined.

Toiletterider

ryrona

It is rather the absence of evidence in the Swedish cases that is very telling.

They have all the evidence from chats (signal, whatsapp, telegram, snapchat, whatever really).

But - cannot break the passwords or codes to access the phones content. As stated in FUPs.

So, how do they have access to it remotely...?
By simple logical conclusion, there has to be a trojan or similar attack.

Read the FUPs and make your own conclusion.

ryrona

foxkurdisssh buy the court documents at Krimfup, check page 34.

No, I am not going to buy a court document. I am asking you to provide a quote here. It is you who are making a very radical claim here about an actively exploited vulnerability in GrapheneOS, so I am asking you to provide a quote of what made you believe there is such a vulnerability.

Toiletterider They have all the evidence from chats (signal, whatsapp, telegram, snapchat, whatever really).

But - cannot break the passwords or codes to access the phones content. As stated in FUPs.

If they do have Signal chats and WhatsApp chats, without having obtained them from the other party, and without having been able to unlock the seized phone, I agree, that would indicate a likely vulnerability that is being actively exploited. However, I did not see that any of the above referenced court documents indicating this.

Toiletterider So, how do they have access to it remotely...?

I have not seen any evidence or even indication that they have accessed it remotely. I am not ruling out the possibility, and if this is happening and there is a vulnerability, this is something we would very much want to patch immediately to stop this from happening. So that is why I am asking to provide references to anything that indicate this is happening. But no such references has been provided.

Toiletterider By simple logical conclusion, there has to be a trojan or similar attack.

Someone I know got arrested by the police recently. Did you know what was the first thing he did? He unlocked all his devices for the police, and handed over all passwords for all his online accounts. He did this voluntarily, because he knew they had damning evidence against him, and he wanted a lower sentence by being cooperative.

Toiletterider Read the FUPs and make your own conclusion.

I will recognize a security vulnerability when I see it. In fact, I have reported several security vulnerabilities to several open source projects, including GrapheneOS. This far there is a lot of speculations in this thread, but nothing that actually looks like an existing exploit or vulnerability, just fear mongering.

I would very much prefer if people in this thread were helpful, but that is not happening. All I get is "buy this document", "read the document yourself" and similar statements. That looks malicious to me, not coming from someone who wants to be helpful and see a stop to the alleged hacks, but from someone who wants to spread unbased fear and stall any attempts to bring clarity.

Peters

A post regarding the Swedish police's ability to access a Pixel phone with GrapheneOS installed.
The text is taken from a preliminary investigation where the Swedish police had seized two phones:

A Pixel with GrapheneOS
An iPhone
The police were able to access the iPhone but not the Pixel phone with GrapheneOS.
The preliminary investigation was released approximately 2-3 months ago.

The text in the investgation report:

2025-5000-BG34958-1
(Google Pixel) we have no support for in our tools, the phone is encrypted with GrapheneOS, and no support is available whatsoever.
The phone has an alphanumeric code, no support for code cracking.

2025-5000-BG35168-1
(iPhone seized from a house search at Hagsätravägen 116)
Nothing in the phone was found to be relevant to the investigation.

2025-5000-BG35168-2
(iPhone seized from a house search at Hagsätravägen 116)
Nothing in the phone was found to be relevant to the investigation

Titan_M2

Peters Source?

wuseman

Titan_M2
This PDF:
https://anonymfile.com/BXLyB/pixel9graphene.pdf

JayJay

Just want to add
The differences between the cases where they had their chat messages recorded and pictures /screenshots on phones found was that HDA was used against those citizens / their Pixels.
HDA = https://sv.m.wikipedia.org/wiki/Hemlig_dataavlyssning

The unsuccessful cases where they write phone is encrypted and no software is available are the ones where HDA was not used prior to the arrest.

Was not used does not mean that attempt was not made. Maybe HDA attempt was made but was unsuccessful....

ryrona

JayJay The differences between the cases where they had their chat messages recorded and pictures /screenshots on phones found was that HDA was used against those citizens / their Pixels.

As I mentioned, if they have been able to get access to Signal or WhatsApp chats, without having obtained them from the other party, and without having been able to unlock the seized phone, that would likely indicate they actually do have an exploit against GrapheneOS or Signal or WhatsApp.

If there is any indication at all this is happening, then we have an indication that they might have such capabilities as claimed in this thread. At that point, it would no longer be "unsubstantiated claims ... with no evidence".

But this far, nothing posted in this thread is indicating this is happening. As in, nothing indicates they have got access to the messages prior to seizing the phone of either party, and nothing indicates they have been able to get access to the messages after seizing the phone of a single party but without being able to unlock the phone, and nothing indicates that HDA has ever been used to obtain Signal or WhatsApp messages from a GrapheneOS phone.

If you can quote anything or show anything at all that indicates that "HDA was used against those citizens / their Pixels" to extract Signal or WhatsApp messages as claimed by you and others in this thread, that would be very helpful, because no such quote or indication has been presented in this thread yet.

Nuttso

ryrona Hey all. I wanted to say something about this topic. If there really were an exploitable RCE chain, we’d see a lot more of the GOS users getting arrested. IMO there is no substance to this claims.

« Previous Page