DeletedUser335 For example, the police have successfully seen signal messages in many cases —even on running hardened operating systems like GrapheneOS—this has been documented in several publicly available court documents
Have they managed to get this from phones they have physically seized, and then guessed the PIN code for? Or have they got access to this by remote hacking? That is a very crucial difference to know, since in the former case it is the user's fault of choosing a too easy to guess PIN code, but in the second case there is a critical security hole in GrapheneOS that needs to be patched immediately.
DeletedUser335 A report from the University of Gothenburg also discusses how Swedish law enforcement has developed its own form of spyware—comparable to Pegasus—which is capable of infiltrating phones using zero-click exploits. Once inside the phone, they can see everything before it's encrypted or after it's decrypted—this includes Signal, Telegram, Wickr, and other secure messaging apps.
DeletedUser335 They don’t need to break the encryption because they’re inside the phone itself. In some documented cases, all they needed was the IMEI number or phone number to begin the infiltration, how is this possible?
Please provide all information you have about this. That report from the University of Gothenburg sounds like it could contain important information.
If there is exploiting of GrapheneOS going on, the GrapheneOS developers as well as the community would want to know about this, so we can protect ourselves as well as hopefully patch the security vulnerability they are exploiting. GrapheneOS is not supposed to be vulnerable to attacks like this, no other up-to-date phone OS either. This is exactly the kind of vulnerabilities that would be assigned critical severity and patched promptly.
DeletedUser335 From what I have read I suspect its via mobile networks or Wi-Fi access points but the police don't say it loud as its secrets
If they need the IMEI, it is cellular connectivity. If all they need is the IMEI, it sounds like a low level exploit against kernel drivers or similar.
DeletedUser335 "Data from HDA shows that the phone was primarily used for communication via the Signal app."
This statement does not prove they got access to the Signal messages. Again, you can see what messenger apps people use from cellular connectivity data logged at cell towers alone, but you cannot read the encrypted communication, just what servers are connected to, eg Signal servers.
DeletedUser335 This proves that the encryption wasn't broken, but rather bypassed entirely by gaining access to the endpoint device itself.
No it does not.
DeletedUser335 So how can you protect yourself?
If they have an exploit against GrapheneOS cellular connectivity low level drivers running in the OS, you can protect yourself by putting your phone in airplane mode. For the sake of everyone else, provide all reliable information you have about cases of exploiting GrapheneOS and analysis reports of the exploit tool, so GrapheneOS can focus their hardening efforts where the vulnerability likely exists.
DeletedUser335 That’s the difficult part. If state-level actors are using zero-days or network-level exploits, then even highly secure systems like GrapheneOS may not be enough. What can you do to minimize the risks?
No tool is perfectly secure. The most important step to minimize risk is of course always to seize any activity that might make you an attractive target, if at all possible. Secondary, you might want to consider doing your activity in systems that are better hardened against kernel level and other lower level exploits, like only doing your activity on a computer running QubesOS. Computers lack cellular basebands, and QubesOS isolate all radio drivers and many other exploit vectors better than GrapheneOS. But no system is perfectly secure.