Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

Claimspro

Here is a podcast in swedish,
https://www.sverigesradio.se/avsnitt/sa-knacker-polisen-de-kriminellas-lurar-en-katt-och-ratta-lek

Where there are people interviewing people who sell the phone, the people who work with the police to extract information 2 workers in different sections in the swedish police and in this podcast the empolye in Polisen clearly says there are some cases we can extract information and there are cases where we can and it all depends on the user and the phones state how they got it locked or unlocked.

Claimspro

de0u if you can post them in another format I will take my time to read them today. Cant accses zip.

Claimspro

locked

Its common in cases in sweden where crimes happens, that the persons normal Iphone has HDA and takes a picture of his Pixel with grapheneos to send pictures of his contact information to people who need to add him and in that way they have proof that a specific pixel phone has been using grapheneos with signal.

This I have seen multiple times.

Confirming in that court/case that HDA has been used if its been used on the Pixel in the FUP it clearly says that its been used on that phone, since there are sections that provides info on what was used on what phone.

locked

Claimspro What you’re describing is a very indirect form of inference, seeing a photo of a Pixel on an iPhone that’s been surveilled doesn’t confirm that the Pixel itself was compromised.

Unless the FUP (court doc) specifically says that HDA was deployed on the Pixel, and unless it shows what was accessed and how, we’re still in the territory of assumptions, not verified technical exploits.

Still waiting to see a case that:

Clearly links HDA to an active compromise of a GrapheneOS device,

Describes what data was retrieved,

And explains how it was done IMEI, remote delivery, etc..

Until then, this kind of anecdote doesn’t confirm that GrapheneOS itself was silently exploited.

userofgos

Claimspro The way you wrote the following comments quoted below makes it sound like you're contradicting yourself.

Claimspro Till today I have not seen 1 FUP with confirmed usage of HDA on a up to date Pixel with grpaheneos

Claimspro Its common in cases in sweden where crimes happens, that the persons normal Iphone has HDA and takes a picture of his Pixel with grapheneos to send pictures of his contact information to people who need to add him and in that way they have proof that a specific pixel phone has been using grapheneos with signal.

Claimspro Confirming in that court/case that HDA has been used if its been used on the Pixel in the FUP it clearly says that its been used on that phone, since there are sections that provides info on what was used on what phone.

So which is it?

Claimspro

locked that is what im saying, if you read my previous posts I read these FUP on the regular and have till today not foune 1 case where "HDA" has been used on a Pixel with grapheneos.

What im trying to say is IF there are pcitures in that specific FUP that indicates that the pixel with grapheneos have been used with signal as stated before it could have been with HDA on their iphone when they took a picture of the pixel with the phone and that way it been confirmed that the pixel used signal.

In the FUP like I said it should point out clear what methods was used on what phone and by that its easy to confirmed what was used.

HAK AND HÖK can be used on the pixel with graphene since it is through the sim-provider and do not exploit the phone itself.

locked

Claimspro It’s a key distinction that HDA hasn’t actually been used on a GrapheneOS Pixel directly in any case you’ve seen, and that those court docs usually make it clear which methods were used on which device.

Agree that sometimes people assume if a Pixel or Signal is mentioned, it means the phone was hacked, when really it could just be mentioned in data pulled from another device, like an iPhone.

Also yeah, good point about HAK and HÖK being network level stuff, doesn’t mean the phone itself was compromised.

Claimspro

userofgos

Im saying I have not seen one case where the USAGE OF HDA was confirmed on a Google Pixel with GrapheneOs.
Im saying its common that in some cases has been using example a Iphone 12 and this device has HDA which is something like pegasus malware.

That person has USED the Iphone 12 to take a photo of his username of Google Pixel with GrapheneOs and that could be the case how the police confirmed a Pixel using grapheneOs.

Im stating IF the case was like the TS stated HDA has been used on a Pixel with grapheneOs it would be a section in the FUP (COURT DOCS) clearly stating what was used on that phone.

Im against the claims TS stated.
Like I said HÖK and HAK can be used since its over network phone do not matter.

Regarding HDA by looking on a case of murder in Sundsvall in 2023 the police clearly states in the FUP that they could use HDA with on an Iphone 12 by knowing the phone number/IEMI. So the claims that its unknown how is false. The same in a case of preperation of murfer in 2022.

userofgos

de0u Here is a piece about a recent situation where university researchers deliberately violated the terms of a Reddit group by injecting LLM participants: Unauthorized Experiment on CMV Involving AI-generated Comments; here is a post by the Reddit moderators: https://www.reddit.com/r/changemyview/comments/1k8b2hj/meta_unauthorized_experiment_on_cmv_involving/

Because there are ethical ways to experiment on LLMs interacting with people, anybody running unethical experiments (such as by deploying LLMs on forums with explicit rules against that) is behaving unethically. It's that simple.

de0u This is diabolical. I surely hope this isn't the case with this thread...but I'm beginning to see some similarities.

Xtreix

For me there's something really fishy in this thread, I suspect the use of mutli-counts to fuel unfounded theories or the use of an LLVM to experiment with artificial interactions, as demonstrated by the study posted by @de0u.

It would probably be best to close this thread, there is no constructive discussion, instead it goes round in circles, not the slightest bit of evidence of anything has been provided, on the contrary, the author(s?) contradict themselves in the comments.

de0u

Xtreix It would probably be best to close this thread [...]

I expect input from ryrona when available will be of high quality.

And in theory the team of @DeletedUser335 and @AltruisticMidget might still provide a proper citation, meaning:

a specific claim that has already appeared in this thread,
a case number,
a police document matching that case number,
specific page numbers in that document matching the claim

That said, LLMs frequently struggle to provide proper citations, so an ongoing absence on that front might be suggestive.

wuseman

Xtreix
There seems to be some wacky anti-GrapheneOS misinformation campaign in Sweden right now.

On the Swedish forum Flashback, there's a user that claims the exact same thing that the OP in this thread is claiming, except a few days sooner.
https://www.flashback.org/sp92274597

ChatGPT translation of the above thread:

The Police's Secret Data Reading (HDA) – How It Really Works (Personal Theory)

After reading a lot of reports, extensive Googling, and browsing internet forums filled with IT experts, articles, etc., and having been detained myself and reading the evidence against me, I believe I have grasped how HDA works in practice.

It’s not about the police accessing your mobile phone to film the screen or activating the camera/microphone. Such actions require advanced tools like Pegasus, which are only used in extreme cases – like at the "Fox" level due to the costs involved.

What actually happens is that Swedish operators (Telenor, Telia, etc.) can, with new technology, read data traffic – meaning texts, messages, searches, IP addresses, etc. This data is stored and provided to the police when needed. This is what is called HDA.

So: all text sent in/out via, for example, Signal, WhatsApp, Google searches, apps, etc. – that is what the police receive. Pure text data. And of course, voice calls where operators can somehow record audio from all calls in and out, even from Signal, etc.

Questions I have:
Is GrapheneOS safe against this when combined with a maximum VPN (Mullvad)?
Should one use mobile broadband with a data card and share the network? Does it help?
Should one buy anonymous Russian SIM cards? Ghost SIM cards? I assume this wouldn’t help since they would still connect to Swedish towers.
There must be a solution; come up with your theories, guys.

I’m not 100% sure, but based on my experience from when I was detained and what I’ve read regarding the evidence against me, this feels like the most likely and logical way.

I found this thread in the first place because the above guy links to this very thread in another post in the above thread:
https://www.flashback.org/sp92314430

There is another user in the above Swedish thread making claims that the GrapheneOS developers are lying about the protection that the OS is bringing:
https://www.flashback.org/sp92286766

ChatGPT translation:

You have already received "sources," but you do not accept them.

Once again, since STK is a separate module on the SIM that runs before the OS is active, your GrapheneOS cannot do anything.

STK is just old Java, and you have also received a full lecture on how to run code there (from people who are significantly more competent than you). The operators have full access to USSD and the SIM. They also have access to the baseband modem and the processor that belongs to the baseband. This function cannot be controlled or disabled by any OS.

The GrapheneOS developers are so arrogant that they only respond that they have disabled the STR-Toolkit service at the user level, which they believe stops attacks at the user level (duh!). But they have completely forgotten that the operators themselves control the baseband module, which is below the kernel level of what GrapheneOS can handle.

Pretty suspicious if you ask me.

Xtreix

de0u I understand, I personally don't expect anything more.

wuseman Thanks, yes it's extremely suspicious.

I come back to my comment earlier in the thread, there was a disinformation campaign against Signal by the Swedish authorities and agents claimed that Signal was a product specifically designed for criminals and that parents should be very vigilant with their children using the application, I don't have the sources on me, I didn't save them but I remember very well reading it in several news in Sweden and some misinformation by the Police were removed, it looks like the same kind of coordinated attack against GrapheneOS, I agree with @locked's recent comment, to me, it looks like a form of dissuasion to use GrapheneOS, and more generally, there are attacks to dissuade the use of secure products that protect privacy.

ryrona

de0u I expect input from ryrona when available will be of high quality.

Sorry, I didn't get time yesterday, and won't have any opportunity to look into it for two weeks now.

I still intend to look into it, because I am curious. But I do not expect to find any evidence of such attacks as claimed in this thread. I am Swede and active in both activism and the privacy community. I have not heard about any such tool or hacking. It has also not been mentioned here or in any other reputable privacy community until this thread, despite claims that "this has been going on since 2020". That suggests to me this is likely fabrication, not reality, and that the fabrication started just weeks ago. Motivations unclear, but since people who spread these statements seem to indicate that "they have friends that are in jail" and similar may suggest this is disinformation specifically targetting people likely to be involved in or close to criminal activity, which may mean it might be an attempt to discourage usage of actually secure systems like Signal and GrapheneOS among criminals in the hope they would move to something less secure instead. I have seen Tor being victim of such disinformation campaigns in the past.

Motionsickness

de0u

Dear god I don't know how to quote properly.

userofgos

Motionsickness Dear god I don't know how to quote properly.

haha I find it hard to quote properly on mobile, desktop is simple and the UI/UX is better.

Motionsickness As much as posters here want to suggest that some posters are LLMs

I'm guessing the quote below is what you were referring to

de0u Here is a piece about a recent situation where university researchers deliberately violated the terms of a Reddit group by injecting LLM participants: Unauthorized Experiment on CMV Involving AI-generated Comments; here is a post by the Reddit moderators: https://www.reddit.com/r/changemyview/comments/1k8b2hj/meta_unauthorized_experiment_on_cmv_involving/

Because there are ethical ways to experiment on LLMs interacting with people, anybody running unethical experiments (such as by deploying LLMs on forums with explicit rules against that) is behaving unethically. It's that simple.

This so called experiment was definitely eye opening to me about the potential impact LLM's can have on public thought and discourse. Whether it be directly as in this experiment via the LLM's themselves actually posting/commenting; or indirectly via individuals prompting/conversing with LLM's and then regurgitating the output into public forums.

Back to the reason why this is relevant ⤵️

GrapheneOS A lot of what they've posted looks like someone copying or paraphrasing what an LLM is claiming after they've coached it to tell them what they want to hear.

And we have yet to hear a response from @DeletedUser335 and @AltruisticMidget with the following information about their original (and unsubstantiated) claims.

de0u provide a proper citation, meaning:
a specific claim that has already appeared in this thread,
a case number,
a police document matching that case number,
specific page numbers in that document matching the claim

That said, LLMs frequently struggle to provide proper citations, so an ongoing absence on that front might be suggestive.

grayway2

AltruisticMidget Right but FRA budget is not equivalent to NSA so spending millions on one target needs few approvals.

argante

If the Swedish police are so advanced that the NSA is kindergarten by comparison, why do they want to pass regulations to make Signal save unencrypted messages? If encrypted Signal messages are so easy to read, then such regulation is unnecessary.

This whole thread looks like someone saying: trust me, because I have inside information. I'll tell you something, but I won't, because you have to take my word for it. This looks more like some PSYOP attacking GOS to me.

I'm not saying that the police don't have the ability to hack into GOS, but I'm deeply convinced that it's due to user stupidity, not GOS itself.

locked

What’s become clear is that the same exact narrative, that Swedish authorities have hacked GrapheneOS, is being echoed across different platforms like Reddit and Flashback, often using similar wording, vague references to court documents, and zero verifiable sources.

This repetition without proof doesn’t convince me that GrapheneOS is vulnerable. It actually does the opposite, it reinforces that some people really want to discourage its use, and are doing so through fear, speculation, and ambiguity.

For those of us who know how much effort GrapheneOS puts into locking things down, this kind of fear mongering just makes us trust the project even more. If anyone really had solid proof, they’d show it, a case number, a page from a court doc, or at least some clear technical explanation.

Instead, what we’re seeing is repetitive fear and indirect claims, spread across forums like it’s fact. I’ll stick with the system that’s open-source, constantly audited, and not afraid of transparency.

Crazy8

The Swedish police have very sophosticated means on their disposal. Recently, a violent gabg called ”DödsPatrullen” (DeathPatrol) entered Finland and started to move 100s of kilos of drugs from Sweden to Finland. The finnish police together with the swedish launched an investigation and soon the whole gang was behind bars, serving sentences of over 10 years.

You can read more here
https://yle.fi/a/74-20097003

What was noteworthy about the investigation is the fact that the finnish police had managed to listen to suspects’ Signal calls. I doubt the finnish police has this capability, because as far as I know this has been the only case in Finland where the police have managed to eacesdrop on signal calls. I think it’s more likely that the swedish police have the capability and decided to share the phone calls they had recorded with the finnish police.

The investigation documents can be found here. The document is written in finnish but I assume a good AI can make a decent translation.

https://drive.google.com/file/d/13ia-SZnyTqSVDn2yMrCwAsPvpSemJT7L/view

A transcript of one of the surveilled signal calls can be found on page 624

The document makes no mention of GrapheneOS and most of the suspects used iPhones. I wanted to share this to show that Signal calls can indeed be surveilled if the underlying device is compromised

locked

Crazy8 As far as your last point is concerned, this isn’t a flaw in Signal. If the device itself is compromised, anything on it can be seen or recorded, including Signal calls. That’s not Signal’s encryption failing, it’s just the reality of endpoint compromise.

Framing it like Signal was broken is misleading, especially for less technical users. No secure messenger can protect you if your phone is already compromised. If the goal is to inform, that context matters, otherwise it just spreads confusion.

wuseman

Crazy8 I wanted to share this to show that Signal calls can indeed be surveilled if the underlying device is compromised

Yeah well, nothing new to see there. We've already known this since smartphones was a thing.

A secure app isn't protecting you from a compromised device. Ever.

Crazy8

locked Yes, I understand. I just wanted to show that the swedish police have some very sophisticated tools at their disposal. I was previously under the impression that only certain three letter agencies deployed Pegasus level tools that are needed to remotely activate iPhone microphones but clearly I was wrong.

Again the document I linked makes NO mention of GrapheneOS and until such a document exists, I will assume that GrapheneOS is immune to this kind of exploit.

I would aslo appreciate if the swedish members of this community could post the supposed swedish documents that excplicitly read the police have managed to gain access to password protected GrapheneOS device.

Blastoidea

locked

This is a very important distinction, which many seem to miss.

GrapheneOS

Claimspro Intercepting carrier-based calls is not targeting GrapheneOS. The cellular radio and SIM card are isolated and do not provide control over the device. There also isn't a remote access system in the cellular radio. SIM cards are carrier hardware and isolated from the rest of the device. An eSIM is a carrier applet running isolated in a secure element on the device.

Claimspro

AltruisticMidget

I mean Tjackvatten is TS and AltuisticMidget who also claimed the same and backed his tjackvattens words.

For the 4th time if you read my posts, I have never claimed that there is exploit in GrapheneOs and have only stated HAK and HÖK have been used when users have grapheneos and the phone do not matter since its over network and the sim provider gives the police what they ask for.

In one case I have seen the police enter a grapheneos due to weak password or no password or swipe/ biometric. It is not stated in the court documents how. Only shows the extraction so there is no way of knowing how they got hold of it but from my understanding no password or weak password.

To add to this in Sweden the police can force the suspect to unlock the phone by holding him and opening and using face ID in some cases and unlocking taking his hand and unlocking the phone.
So again no way of knowing how they enter the phone.

https://www.flashback.org/sp91805708

In the case tjackvatten is talking about they had surveillance for over 1 year. So the police could have had video tapes of the suspects unlocking the phones in public and by that entering the phone since they COULD already have the passwords and one phone did not even have a password of the 6 phones and the rest do not state how they got entry.

There are people in late 2024 with grapheneos who been in murdercases that they could not extract anything from.

So again im against all the claims they have said and only want to prove them wrong.

« Previous Page Next Page »