Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

other8026

argante You ask what WhatsApp is capable of?

I didn't think they were?

argante It's the users' fault, because they installed untrusted apps on phones they considered trusted.

argante No amount of security can protect you from stupidity.

I think you can probably find a nicer way of saying these things. Some people are new to these ideas of improving their privacy and security. They may not know of privacy or security issues with WhatsApp, for example. This doesn't make them stupid. Everybody needs to start somewhere, and when people degrade others who are just starting out, it may just make them scared to ask questions or participate in communities such as ours.

argante

other8026 This doesn't make them stupid.

I don't feel like my comment was rude. Writing:

@argante No amount of security can protect you from stupidity.

This isn't saying someone is stupid—and there's a big difference between saying (1) someone is stupid vs (2) someone's behavior being stupid. The first statement is indeed a rude judgment and kills motivation, but the second one motivates to change behavior and has a positive effect, that is: I'm not stupid, so I do not want my behavior to be stupid either.

@Nomood - do you find my comment offensive? If so, please accept my apologies.

other8026

argante Your post was flagged, so I figured it just made sense to say something. Obviously somebody felt something about the post crossed a line.

argante No amount of security can protect you from stupidity.

argante This isn't saying someone is stupid—and there's a big difference between saying (1) someone is stupid vs (2) someone's behavior being stupid.

argante The first statement is indeed a rude judgment and kills motivation

I read it as the first one, personally.

But like I said earlier, I'm not even sure they were talking about WhatsApp...

argante

other8026 But like I said earlier, I'm not even sure they were talking about WhatsApp...

Just notice that most of these high-profile phone hacking cases, including political assassinations, often had one thing in common: WhatsApp. And yes, WhatsApp sued NSO, but we still read about WhatsApp time and time again. Signal is open-source, audited, and written in a secure language (libsignal: rust, android app: kotlin) - there's no reason to use or trust WhatsApp.

Blastoidea

As more information becomes available at people’s fingertips, it becomes harder to excuse ignorance.

Toiletterider

Anything connected to the internet can be hacked.
-Edward Snowdén.

Lets not forget that! However, running Graphene at least raises the bar alot, compared to standard pixel or even iphone.

JohnPatrickMason

The Swedish police recently failed to breach a GrapheneOS phone, a court case has revealed a few days ago.

wizoatk

JohnPatrickMason

Link or specific source would be interesting.

JohnPatrickMason

wizoatk Södertörns tingsrätt. B 5354-25 Aktbil 35. Page 86.

Phone model: Google Pixel 9.

JohnPatrickMason

wizoatk

"(Google pixel) har vi inget stöd för i våra verktyg, telefonen är krypterad med Graphene och
inget stöd finns överhuvudtaget.
Telefonen har alfanumerisk kod, inget stöd för kodknäckning."

In short: Our tools were unable to extract the phone's data due to encryption.

wuseman

wizoatk

Here you go.

https://pdfhost.io/v/9hM9FZv3Aq_Pixel9graphene

ryrona

JohnPatrickMason "(Google pixel) har vi inget stöd för i våra verktyg, telefonen är krypterad med Graphene och
inget stöd finns överhuvudtaget.
Telefonen har alfanumerisk kod, inget stöd för kodknäckning."

In short: Our tools were unable to extract the phone's data due to encryption.

Full translation for anyone interested:

"We don't have any support for (Google pixel) in our tools, the phone is encrypted with Graphene and there is no support at all. The phone has an alphanumeric code, no support for breaking the code."

I think it is interesting that they specifically mention that the phone has an alphanumeric code (ie passsphrase instead of PIN) as a hurdle for breaking into it. Probably this means the phone was powered off when they found it. Since breaking a strong passphrase is impossible due to algorithmic complexity alone, regardless of available hardware and software exploits, this does not really tell us much about their abilities to break into phones that are AFU.

phone-company

I try to get a new licence for my cellebrite touch 2... Seems harder then expected.... :(

grayway2

phone-company it's very expensive....

Hathaway_Noa

phone-company You need Cellebrite Premium, everything below is useless :P

Blank

DeletedUser335 Oh gosh, what you described about the police powers is frightening... With a police being able to avoid judge approval or just check you whenever they want just because they decided so... What a terrible human violation right ! At least in my humble opinion...

de0u

__Blank__ Not all claims made by the original poster have stood up to scrutiny. The first post is arguably not a good one to base life decisions on.

phone-company

Hathaway_Noa yes wrote Cellebrite Yesterday... New device included 6Years Software Update ist 15000€

foxkurdisssh

I have a case where they accualty have done this on a Pixel 7 with graphenos. HDA used. I have the court case but not the FUP, can someone in Malmö get the fup? I know this guy, he had a pixel and you can see on page 34 on the court pages that HDA is used but no more info only that is used. This pappers I have is only the courts pages but in the FUP its much more pages and more details.

Can someone please get FUP for this case and confirm. Beacuse I can confirm that this guy had a Pixel and they couldnt gett inside his pixel but they installed trojan HDA and have read all his messages.

The case number is: B 7412-24 (Sweden)

ryrona

foxkurdisssh Beacuse I can confirm that this guy had a Pixel and they couldnt gett inside his pixel but they installed trojan HDA and have read all his messages.

Can you please quote the text that made you come to this conclusion? Not a single case of all posted above indicated any actual compromise using "a trojan" or other hacking attempt, I doubt this does.

foxkurdisssh

ryrona buy the court documents at Krimfup, check page 34.

https://www.krimfup.se/search/walid-khalil-boukriss link to court document

Case number B 7412-24

Can someone get FUP? Asked court but I was declined.

Toiletterider

ryrona

It is rather the absence of evidence in the Swedish cases that is very telling.

They have all the evidence from chats (signal, whatsapp, telegram, snapchat, whatever really).

But - cannot break the passwords or codes to access the phones content. As stated in FUPs.

So, how do they have access to it remotely...?
By simple logical conclusion, there has to be a trojan or similar attack.

Read the FUPs and make your own conclusion.

« Previous Page Next Page »