Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

Xtreix

de0u I understand, I personally don't expect anything more.

wuseman Thanks, yes it's extremely suspicious.

I come back to my comment earlier in the thread, there was a disinformation campaign against Signal by the Swedish authorities and agents claimed that Signal was a product specifically designed for criminals and that parents should be very vigilant with their children using the application, I don't have the sources on me, I didn't save them but I remember very well reading it in several news in Sweden and some misinformation by the Police were removed, it looks like the same kind of coordinated attack against GrapheneOS, I agree with @locked's recent comment, to me, it looks like a form of dissuasion to use GrapheneOS, and more generally, there are attacks to dissuade the use of secure products that protect privacy.

Crazy8

The Swedish police have very sophosticated means on their disposal. Recently, a violent gabg called ”DödsPatrullen” (DeathPatrol) entered Finland and started to move 100s of kilos of drugs from Sweden to Finland. The finnish police together with the swedish launched an investigation and soon the whole gang was behind bars, serving sentences of over 10 years.

You can read more here
https://yle.fi/a/74-20097003

What was noteworthy about the investigation is the fact that the finnish police had managed to listen to suspects’ Signal calls. I doubt the finnish police has this capability, because as far as I know this has been the only case in Finland where the police have managed to eacesdrop on signal calls. I think it’s more likely that the swedish police have the capability and decided to share the phone calls they had recorded with the finnish police.

The investigation documents can be found here. The document is written in finnish but I assume a good AI can make a decent translation.

https://drive.google.com/file/d/13ia-SZnyTqSVDn2yMrCwAsPvpSemJT7L/view

A transcript of one of the surveilled signal calls can be found on page 624

The document makes no mention of GrapheneOS and most of the suspects used iPhones. I wanted to share this to show that Signal calls can indeed be surveilled if the underlying device is compromised

locked

Crazy8 As far as your last point is concerned, this isn’t a flaw in Signal. If the device itself is compromised, anything on it can be seen or recorded, including Signal calls. That’s not Signal’s encryption failing, it’s just the reality of endpoint compromise.

Framing it like Signal was broken is misleading, especially for less technical users. No secure messenger can protect you if your phone is already compromised. If the goal is to inform, that context matters, otherwise it just spreads confusion.

wuseman

Crazy8 I wanted to share this to show that Signal calls can indeed be surveilled if the underlying device is compromised

Yeah well, nothing new to see there. We've already known this since smartphones was a thing.

A secure app isn't protecting you from a compromised device. Ever.

Crazy8

locked Yes, I understand. I just wanted to show that the swedish police have some very sophisticated tools at their disposal. I was previously under the impression that only certain three letter agencies deployed Pegasus level tools that are needed to remotely activate iPhone microphones but clearly I was wrong.

Again the document I linked makes NO mention of GrapheneOS and until such a document exists, I will assume that GrapheneOS is immune to this kind of exploit.

I would aslo appreciate if the swedish members of this community could post the supposed swedish documents that excplicitly read the police have managed to gain access to password protected GrapheneOS device.

Blastoidea

locked

This is a very important distinction, which many seem to miss.

GrapheneOS

Claimspro Intercepting carrier-based calls is not targeting GrapheneOS. The cellular radio and SIM card are isolated and do not provide control over the device. There also isn't a remote access system in the cellular radio. SIM cards are carrier hardware and isolated from the rest of the device. An eSIM is a carrier applet running isolated in a secure element on the device.

Claimspro

AltruisticMidget

I mean Tjackvatten is TS and AltuisticMidget who also claimed the same and backed his tjackvattens words.

For the 4th time if you read my posts, I have never claimed that there is exploit in GrapheneOs and have only stated HAK and HÖK have been used when users have grapheneos and the phone do not matter since its over network and the sim provider gives the police what they ask for.

In one case I have seen the police enter a grapheneos due to weak password or no password or swipe/ biometric. It is not stated in the court documents how. Only shows the extraction so there is no way of knowing how they got hold of it but from my understanding no password or weak password.

To add to this in Sweden the police can force the suspect to unlock the phone by holding him and opening and using face ID in some cases and unlocking taking his hand and unlocking the phone.
So again no way of knowing how they enter the phone.

https://www.flashback.org/sp91805708

In the case tjackvatten is talking about they had surveillance for over 1 year. So the police could have had video tapes of the suspects unlocking the phones in public and by that entering the phone since they COULD already have the passwords and one phone did not even have a password of the 6 phones and the rest do not state how they got entry.

There are people in late 2024 with grapheneos who been in murdercases that they could not extract anything from.

So again im against all the claims they have said and only want to prove them wrong.

admin

AltruisticMidget has been suspended for repeatedly making unsubstantiated and false claims about exploits. Prior to this thread, they previously made multiple posts where they claimed normal logs meant their device had been remotely exploited. Their claims about this not only lack evidence but clearly involve them making inaccurate assumptions based on completely benign logs and other behavior. We've seen that prior to this thread but their involvement in this thread backing up unsubstantiated claims crosses a line we aren't going to allow. We can tolerate people having irrational beliefs about their device being exploited but acting as if they're a technical expert and making strong claims about what can and can't be done with no expertise or evidence isn't going to be allowed. That's going to be cleaned up now.

admin

@Claimspro We understand you're not contributing to the unsubstantiated claims made by @DeletedUser335 and @AltruisticMidget. We've removed the posts wrongly grouping you with them.

ryrona

de0u I expect input from ryrona when available will be of high quality.

Sorry, I didn't get time yesterday, and won't have any opportunity to look into it for two weeks now.

I still intend to look into it, because I am curious. But I do not expect to find any evidence of such attacks as claimed in this thread. I am Swede and active in both activism and the privacy community. I have not heard about any such tool or hacking. It has also not been mentioned here or in any other reputable privacy community until this thread, despite claims that "this has been going on since 2020". That suggests to me this is likely fabrication, not reality, and that the fabrication started just weeks ago. Motivations unclear, but since people who spread these statements seem to indicate that "they have friends that are in jail" and similar may suggest this is disinformation specifically targetting people likely to be involved in or close to criminal activity, which may mean it might be an attempt to discourage usage of actually secure systems like Signal and GrapheneOS among criminals in the hope they would move to something less secure instead. I have seen Tor being victim of such disinformation campaigns in the past.

argante

ryrona (...) may suggest this is disinformation specifically targetting people likely to be involved in or close to criminal activity, which may mean it might be an attempt to discourage usage of actually secure systems like Signal and GrapheneOS among criminals in the hope they would move to something less secure instead. I have seen Tor being victim of such disinformation campaigns in the past.

I think so too - unfortunately the admins hid my comments (I didn't get involved before, I just read subsequent comments).

I think GOS is a big problem for such agencies and that's why it was and will be attacked. The idea is to make users distrustful, so that they choose something else that will be potentially easier to infiltrate.

The way this thread is being run is very visible. First, someone presented themselves as an amateur - a bit naive, and looking for help because they read something that suggested something. You, as well as others, got involved in the responses. And after this step, this person suddenly started introducing themselves as an expert in advanced attacks. Each subsequent statement was that I know something, but I won't tell you (I won't give you proof) - trust me.

In the EU there is Directive 2006/24/EC, which allows for the collection of various logs, including text message content. And this may be the "agreement with operators" that was mentioned. I don't think it is possible to decrypt messages from Signal, so this is also disinformation. If someone were to have access to GOS, it would probably be through the installation of an untrusted application, not through a zero-click exploit.

Murcielago

ryrona

Thanks for this update. I'm looking forward to your assessment of the mentioned court documents - I really appreciate your contributions here in the forum and have already learned a lot about other topics as a result.

admin

argante We removed replies with accusations towards 2 people who do not appear to be involved. It was tied into what you said about the poster of the thread which was fine and seems correct.

argante

Crazy8 I was previously under the impression that only certain three letter agencies deployed Pegasus level tools that are needed to remotely activate iPhone microphones but clearly I was wrong.

This is possible if the target is the baseband processor (BBP). The firmware is never open source here, and vulnerabilities have been found in BBP before. I previously provided a link that Samsung was installing spyware on phones. Here is an example. However, this requires cooperation with the phone manufacturer. The best thing someone can do is no SIM + AirPlane mode and physically disconnect the cellular antenna.

locked

Crazy8 locked Yes, I understand. I just wanted to show that the swedish police have some very sophisticated tools at their disposal. I was previously under the impression that only certain three letter agencies deployed Pegasus level tools that are needed to remotely activate iPhone microphones but clearly I was wrong.

Again the document I linked makes NO mention of GrapheneOS and until such a document exists, I will assume that GrapheneOS is immune to this kind of exploit.

One thing worth mentioning though, Apple’s Lockdown Mode is specifically built to defend against that class of exploit zero click attacks, spyware, etc.... It seriously cuts down the attack surface, especially for iMessage and WebKit, which are common targets, and would likely thwart the attacks you mention by Swedish Authorities.

And now with Android 16, Google’s rolling out a similar feature, basically their own “lockdown” profile. It brings stronger network restrictions, memory protections, designed to prevent these types of attacks from being successful to start with.

So, if those protections are enabled, it’s a lot harder for something like Pegasus to succeed.

Blastoidea

Thank goodness I’m not important enough to need Google’s Advanced Protection.

It strikes me as a howling pain in the ass, and seems to be a one-way street. Flip the toggle, and live with it forever.

matchboxbananasynergy

Blastoidea You're basically getting what that offers on GrapheneOS by default.

GrapheneOS

Blastoidea GrapheneOS provides far better exploit protections than the tiny improvements in the Android 16 Advanced Protection feature. You can use Advanced Protection with your Google account while using GrapheneOS and it essentially won't have any impact on using the OS because sandboxed Google Play is unable to do things like blocking installing apps from outside of the Play Store as it normally does when using Advanced Protection.

Everyone should use Advanced Protection with any important Google accounts they have. It just means being forced to use hardware security keys including the phone's secure element. It disables easy account recovery (and hijacking) via customer support so make sure to have proper password management and backup security keys. GrapheneOS avoids the problematic part of it forcing getting apps from the Play Store.

userofgos

GrapheneOS what exactly is Android 16's Advanced Protection feature actually acheiving/protecting on GrapheneOS? Since there are already exploit protections on GOS.

GrapheneOS

userofgos That's not really relevant to GrapheneOS. We're talking about the Google account Advanced Protection being useful for protecting Google accounts from takeover via customer support or weak 2-factor authentication methods.

« Previous Page Next Page »