Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

matchboxbananasynergy

ryrona Sure. I am still waiting for proof. I don't expect to proof to be in the form of a PoC, so the barrier for providing it isn't necessarily high.

If it turns out that remote exploits exist that can affect GrapheneOS (which isn't impossible), that doesn't necessarily mean that the info that person can provide is enough to patch it, but having a certain way to know that they exist is a good starting point.

Again, we've never claimed GrapheneOS is bulletproof. We'd be scammers and charlatans if we did. We said that we substantially raise the bar for exploitation, which continues to be the case. If there are entities, in government or otherwise that are specifically targeting GrapheneOS and tailoring their exploits for it, it's not inconceivable that they could exploit it.

matchboxbananasynergy

ryrona No tool is perfectly secure. The most important step to minimize risk is of course always to seize any activity that might make you an attractive target, if at all possible. Secondary, you might want to consider doing your activity in systems that are better hardened against kernel level and other lower level exploits, like only doing your activity on a computer running QubesOS. Computers lack cellular basebands, and QubesOS isolate all radio drivers and many other exploit vectors better than GrapheneOS. But no system is perfectly secure.

I am skeptical that at the end of the day QubesOS would be overall more secure against exploit than a modern Pixel with GrapheneOS. If the main argument is the absence of a modem, the Pixel Tablet would fill that role. Granted, the tablet is 7th gen and therefore lacks MTE, but QubesOS doesn't have that either.

ryrona

matchboxbananasynergy I am skeptical that at the end of the day QubesOS would be overall more secure against exploit than a modern Pixel with GrapheneOS. If the main argument is the absence of a modem, the Pixel Tablet would fill that role. Granted, the tablet is 7th gen and therefore lacks MTE, but QubesOS doesn't have that either.

GrapheneOS is not isolating kernel drivers at all. If one of those is compromised, the attacker can bypass all other security in the system. Hardening, including MTE, helps, but QubesOS isolate the radio drivers in their own virtual machine with access to nothing. The attacker would have to do the equivalent of hacking a GrapheneOS driver (but easier since less hardening), and then also hack the hypervisor (super hard).

Same if the attack vector is through an app. On GrapheneOS, the attack surface is the whole Linux kernel. The sandboxing in AOSP and thus GrapheneOS is relying on SELinux and similar "blacklist" functionalities. It is not even on pair with Linux sandboxing, which still have a huge attack surface. But on QubesOS, if you put an app in its own qube, the attacker would have to find an exploit against the hypervisor to get access to anything else, which is super hard.

Although number of found exploits is not a super reliable measure of security, it can act as proxy. QubesOS report having patched 1-3 exploit vectors in the hypervisor and glue code per year. AOSP report having patched a similar amount of sandbox escape vectors each month.

With that said, QubesOS have almost no security against physical attackers.

AltruisticMidget

matchboxbananasynergy
What do you want confirmed?

That FRA is on a similar level as NSA?
Or that they provide tools to Säpo/Swedish Police?
Both are easily confirmed anyone can google it.

I live in Norway personally, Sweden has turned into a shit hole country with rampant criminality that is even gaining foothold in my own country. And in Denmark. And Finland.

This made the Swedish government implement alot of new laws in the latest years, 2020-2025. Some mentioned by @DeletedUser335

Basically, they can hack anyone, without court orders or even a probable cause.
FRA developed the tools for this, which Säpo and the police are allowed to use.

Exactly how it is done technically, they do not have to (and will never) share in a court. But as @tjackvatten mentioned (from recent cases) they are able to remotely hack the end user and share their signal conversations simply by screenshotting or recording them live. Thus, encryption are not broken, the OS is.

matchboxbananasynergy

AltruisticMidget

GrapheneOS is no match for FRA.

I take this to mean you have proof that an exploit against a modern/up-to-date GrapheneOS device has taken place. Do you have that, or are you just taking a good guess? There's a vast difference between the two.

ryrona

AltruisticMidget FRA developed the tools for this, which Säpo and the police are allowed to use.

Proof of the existence of such a tool as well as proof it can remotely hack an up-to-date supported GrapheneOS device using IMEI alone is what we would want. That is what is being claimed here. We don't care who developed the tool or who has access to it or use it, the existence alone is problematic, because that means there is a vulnerability in GrapheneOS that can be exploited by potentially anyone.

Claimspro

AltruisticMidget
If you dont have the case number you could provide information about which case and I will find the FUP.

I have read multipe FUPs the latest was the 1,3 ton cocaine and the other was the case with 2 kids who got killed. In those cases they could retrieve signal messages from 1 phone due to weak password.

Till today I have not seen 1 FUP with confirmed usage of HDA on a up to date Pixel with grpaheneos

HÖK and HAK can be used on the SIMcard provider and that is possible on grapheneos but til today I have not seen HDA nor MULTIPLE devices bypasses in most of the cases I have read.

AltruisticMidget

matchboxbananasynergy
I dont have the case numbers in my head, but I can confirm I have read the same FUPs as @DeletedUser335 !

It is stated in recent cases, that the defendant in the case, has used grapheneos (on up to date and modern devices). Like Pixel 6, 7, 8 & 9.

The defendants conversations from encrypted chats like signal, telegram, whatever, are screenshotted. With incriminating texts.

This was obtained by for example by the HDA law. Which is done remotely - not physically. In most cases, the police has not been able to open the phone physically by pin/pass at all! Yet they have access to the messages (presented in court) from signal, telegram, whatsapp, matrix, whatever.

DeletedUser335

matchboxbananasynergy

Believe me, I know many cases in Sweden where they have exploited many GraphenOS phones with HDA, and don't even talk about Iphone or samsung they can get inside without any issue. But its a very good secret and people in Sweden don't care or dont understand this type of things that why I opened up this discussion here. I will find good sources and I will link them tonight. You will all be surprised on what the Swedish police can do on their IT department, they have been doing this since 2020. I am also surprised that not many other countries have getting in to this and I suspect that the Swedish police don't want to share their information as the exploits can be tapped in fast.

GrapheneOS

ryrona

The sandboxing in AOSP and thus GrapheneOS is relying on SELinux and similar "blacklist" functionalities.

SELinux is a whitelist, not a blacklist.

It is not even on pair with Linux sandboxing, which still have a huge attack surface.

GrapheneOS is Linux and what you're saying here even when interpreted the way you mean it is untrue.

ryrona

AltruisticMidget I dont have the case numbers in my head

Could you try to find them? It would be helpful here.

If what you say is true it is surprising this issue has not been raised here earlier.

matchboxbananasynergy

AltruisticMidget And it is clearly outlined that these texts and screenshots were obtained by exploiting the device, and not by collaborating with the other party/ies of said conversations?

There are a lot of parameters to consider here, and if they're being vague, it might not make sense to make assumptions about it.

DeletedUser335

ryrona

Have they managed to get this from phones they have physically seized, and then guessed the PIN code for? Or have they got access to this by remote hacking? That is a very crucial difference to know, since in the former case it is the user's fault of choosing a too easy to guess PIN code, but in the second case there is a critical security hole in GrapheneOS that needs to be patched immediately.

Complety remote, here is a statement from the Swedish prosecutor on a case that had HDA involved also they couldn't find the phone so all the evidence they had was completely by distance:

FUP (Casenumber Malmö TR B 8580-22)
Den andra telefonen har inte kunnat granskas fysiskt. Den har dock varit föremål för hemliga tvångsmedel i form av hemlig övervakning av elektronisk kommunikation (HÖK), hemlig avlyssning av elektronisk kommunikation (HAK) och hemlig dataavläsning (HDA). Innehåll från HDA visar att telefonen främst har använts till kommunikation via appen Signal.

Translate:
The second phone could not be physically examined. However, it has been subject to secret coercive measures in the form of secret surveillance of electronic communications (HÖK), secret interception of electronic communications (HAK) and secret data reading (HDA). Content from the HDA shows that the phone has been used primarily for communication via the Signal app.

Good information, I will provide all data that I can asap, I just have so many other things to right now but I will provide all information and see also If I can get copies police investigation reports (FUP) from the Swedish court where HDA has been involved.

ryrona

DeletedUser335 Complety remote, here is a statement from the Swedish prosecutor on a case that had HDA involved also they couldn't find the phone so all the evidence they had was completely by distance

Yeah, but the quote you made does not indicate they have broken into the device, nor does it indicate they have been able to read any of the Signal messages. Just confirm that Signal is being used, which is not sensitive or protected information, and information easily obtainable for cell tower data logs, as the device connects to Signal servers as normal operation.

DeletedUser335 Good information, I will provide all data that I can asap, I just have so many other things to right now but I will provide all information and see also If I can get copies police investigation reports (FUP) from the Swedish court where HDA has been involved.

This would be very helpful. Thank you. Don't feel discouraged by GrapheneOS' account answer. It is more important we get the information than quickly. It is just, without proof, we have nothing tangible to act on. We cannot act on rumors, because there is rumors about exactly everything. By "we" I mean both us as the community, and the GrapheneOS developers specifically.

userofgos

DeletedUser335 You have made multiple unsubstantiated claims that GrapheneOS is vulnerable and has been compromised without providing factual evidence.

DeletedUser335 According to what I've found, it's technically possible for the police to see all data in real-time, including decrypt signal messages, all activity, and more — even on a GrapheneOS.

DeletedUser335 For example, the police have successfully seen signal messages in many cases —even on running hardened operating systems like GrapheneOS—this has been documented in several publicly available court documents (so-called FUPs, or preliminary investigation protocols)

DeletedUser335 One real-world example is a recent major narcotics investigation where police were able to hack SIX grapheneos pixels. This was only 2 weeks ago.

DeletedUser335 Complety remote, here is a statement from the Swedish prosecutor on a case that had HDA involved also they couldn't find the phone so all the evidence they had was completely by distance:

DeletedUser335 Believe me, I know many cases in Sweden where they have exploited many GraphenOS phones with HDA

DeletedUser335 You will all be surprised on what the Swedish police can do on their IT department, they have been doing this since 2020.

DeletedUser335 Hahahahah, change the that when I send the links. Sorry, next time I will provide all the sources directly.

DeletedUser335 Swedish police are actively exploiting not only GrapheneOS, but all mobile operating systems.

DeletedUser335 In this particular case, six Pixel devices (all running GrapheneOS) from six different individuals were accessed by the Swedish police. It’s unclear from the documentation whether access was gained via HDA or through physical extraction tools like Cellebrite.

DeletedUser335 these documents indicate that Swedish police are capable of accessing phones remotely — regardless of operating system.

DeletedUser335 For instance, I personally had a close friend who had a Pixel 6 running GrapheneOS. According to the police, they successfully installed HDA on his device

It seems likely to me that @GrapheneOS is correct in saying that:

GrapheneOS The claims being made by @tjackvatten have also massively shifted from the original posts to what they are claiming now. Take a look at the first 3 posts and compare that to what they're claiming now. Take a look through the discussion and you'll see repeated requests for proof. The claims being made are not consistent and have becoming increasingly extreme. To us, this looks a lot like someone talking an LLM into telling them what they want to here and believing what it says even though all they do is generate believable nonsense appealing to the person talking to them. LLMs are an extreme form of people reading a very narrow set of unreliable sources catering to what they want to hear.

DeletedUser335

GrapheneOS

Hahahahah, change the that when I send the links. Sorry, next time I will provide all the sources directly.

ryrona

GrapheneOS SELinux is a whitelist, not a blacklist.

I totally knew 100% you would remark on this. You are right of course, SELinux can be used as whitelist, that is why I put blacklist in quotation marks. It is just, the isolation is not anywhere as tight as Linux namespaces and similar. That is what I wanted to convey.

GrapheneOS GrapheneOS is Linux and what you're saying here even when interpreted the way you mean it is untrue.

With Linux sandboxing I meant Linux namespaces and so on. GrapheneOS does not isolate neither view of files and their accesses, nor network interfaces or anything else using Linux namespaces. And we have some security weaknesses (or lack of security functionality as you prefer to call it) because of that.

GrapheneOS

DeletedUser335 Okay, provide the sources showing what you have claimed in this thread if they exist. Links to stuff not matching what you've claimed here aren't what we expect to see.

Xtreix

DeletedUser335 Sorry, next time I will provide all the sources directly.

Yes, that's the way to do it, so we wait.

GrapheneOS

@DeletedUser335 You've made a long series of extraordinarily claims in this thread. Those claims have not been consistent. You claim to have access to all kinds of information that's not publicly available. We believe you're either engaging in serial fabrication or are spewing nonsense from talking with an LLM. You will need to provide sources for everything you've posted here, and quickly.

GrapheneOS

Proof has already been requested multiple times throughout the thread. The claims being made by @tjackvatten have also massively shifted from the original posts to what they are claiming now. Take a look at the first 3 posts and compare that to what they're claiming now. Take a look through the discussion and you'll see repeated requests for proof. The claims being made are not consistent and have becoming increasingly extreme. To us, this looks a lot like someone talking an LLM into telling them what they want to here and believing what it says even though all they do is generate believable nonsense appealing to the person talking to them. LLMs are an extreme form of people reading a very narrow set of unreliable sources catering to what they want to hear.

GrapheneOS

ryrona

I totally knew 100% you would remark on this. You are right of course, SELinux can be used as whitelist, that is why I put blacklist in quotation marks. It is just, the isolation is not anywhere as tight as Linux namespaces and similar. That is what I wanted to convey.

That's not true, the isolation is stronger than what's provided by namespaces. Everything that's allowed is explicitly allowed and there's substantially more kernel attack surface reduction.

With Linux sandboxing I meant Linux namespaces and so on. GrapheneOS does not isolate neither view of files and their accesses, nor network interfaces or anything else using Linux namespaces. And we have some security weaknesses (or lack of security functionality as you prefer to call it) because of that.

It provides more isolation than namespaces. Namespaces do not prevent giving access to things. Network namespaces providing a separate loopback interface is the only relevant thing that's not possible to do with SELinux but it could be used to restrict access to it. It is a stronger rather than weaker sandbox compared to a namespace-based one which does not imply not having a shared loopback anyway.

« Previous Page Next Page »