This is one of 4 I have seen in sweden, 3 BFU and nothing rewarding for the LE. Only comment is that it is heavily encrypted and nothing could been extracted, first I saw was 2022 the rest 2023.
Saw one here earlier couple months ago, but was unlocked and they didnt extract any but screened the phone and took screen shots.
Cantseeleft
Can you share PDF or the files of the cases you saw? 10x
Back with a new case.
Date: 2023-08-04
2 young boys killed 1 and injured another 1. The victims had been contacted and the suspects acted as if they wanted to buy drugs. When the victims arrived to the location, 2 young men approached the vehicle and emptied the clips. On the scene one of the victims had a "google pixel" (seized)
Police arrested the suspects 2023-08-22 and found a "google pixel"-phone (seized after a raid) in one of the suspects home.
preliminary investigation report:
https://easyupload.io/m/7ixsp6 (the language is swedish but some of you guys might find it interesting anyway)
The police have opened 1 of the suspects pixel and have the code (low security apparently he used pincode 4545
There are reports of extractions from cellbrite with signal conversations and picture (file: aktbil 192 page: 272, 1327)
Software/companies used for examination: Magnet forensic and Cellbrite.
Again, just to clarify; I love reading these reports and just want to share them with you guys.
Cheers!
quepasabebe So they guessed the PIN, and used forensics software to extract information after unlocking he device.
There's also zero indication here that the device was running GrapheneOS from what I can tell.
I'm not so sure that this fits in this thread or our community.
You are 100% correct, they guessed the PIN, and used forensics software to extract information after unlocking the device.
I'm not stating anything else.
Figured id share it for
1) those curios of the technical side, there are some people that may be wondering how law enforcement work.
2) in some countries ppl cannot get a hold of forensic info like this.
3) A news article circulating regarding this case saying that the police breached the "encrypted pixel phone" so those nosey enough can now see that they simply guessed a 4 digit code :)
matchboxbananasynergy There's also zero indication here that the device was running GrapheneOS from what I can tell.
page 214. (if no other OS uses the same icons ofc)
We can delete the thread if you feel like its damaging or denigrating our community,
I don't know any other way to find legitimacy other than reading that LE cant extract info.
Cheers!
page 214. (if no other OS uses the same icons ofc)
I haven't checked the report, but based on the context, I assume there is a screenshot showing black & white icons, akin to those of our default apps.
This does not mean the devices are running GrapheneOS. We are aware of many GrapheneOS forks, including sketchy ones adding security theater etc.
Assuming something like this is GrapheneOS just based on the icon would be the wrong assumption to make if it's solely based on that, especially since we know these other forks doing sketchy stuff exists, because something that's compromised on these OSes may not be the case on GrapheneOS.
By that I mean, maybe these forks are adding features in an incorrect insecure way, or are otherwise removing things we've added, including low-level hardening, modifying our work in a misguided way, etc.
It doesn't have the mean that they're actively maliciously making the fork insecure. It could also be due to incompetence / lack of care.
Hope that makes sense.
Law enforcement could've just guessed the PIN based on information they gathered while investigating the subject, hints collected while examining their apartment, etc.
I can read Swedish, but the reports are totalling 2000+ pages, so that's not something I'll dive into anytime soon. 😅
matchboxbananasynergy maybe not a GrapheneOS phone, and I dont think it was portrayed as such - but it's still an interesting subject and part of the reason a lot of people chose GrapheneOS in the first place. I for one would like to see such subject matter posted here with full disclaimers.
Im reading the reports, it looks like he used GrapheneOS (but its never mentioned in the report and I think that's deliberately). Just recently Dutch courts started mentioning GrapheneOS and having GrapheneOS on your phone is enough reason to get your phone confiscated in a case since it will be stamped is 'crypto phone'. I'm still going through the reports of this Swedish case (I use a translator tool).
Hathaway_Noa Just recently Dutch courts started mentioning GrapheneOS and having GrapheneOS on your phone is enough reason to get your phone confiscated in a case since it will be stamped is 'crypto phone'
Seriously? You got a source for this? Sounds unbelievable, yet believable.
Suspect, [co-suspect] and [name 12] (hereinafter: [name 12]) use several telephones at the same time, including Google Pixels. Six Google Pixels were identified in the study. The Google Pixels run on the GrapheneOS operating system, which improves user privacy and security. In addition, the Molly application is installed on these telephones. Molly is a modified version of Signal, which is more secure.
The public prosecutor has taken the position that the suspect's mobile phone of the Google Pixel brand, type 4a, should be confiscated. The public prosecutor has put forward that the phone is a PGP device that is generally not returned to suspects and that the contents have not yet been examined because the device could not be decrypted.
The suspect has taken the position that the Google Pixel is not a PGP phone and that there are no incriminating matters on it. It is not clear to the suspect why this telephone still needs to be investigated, while the investigation has been completed
The court is of the opinion that the interests of criminal proceedings preclude the return of the Google Pixel mobile phone listed on the seizure list. This criminal law interest does not end with the conclusion of the investigation in the first instance. Now that the criminal law interest still opposes return, the telephone will be forfeited.
Source: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBOVE:2024:2048
Another:
The police saw on camera images that on the evening in question one of the suspects from the group placed or hid something in the parking lot near a fence. Later, officers found a Google Pixel phone and a Nokia phone near the fence. The Nokia was still on, because the screen lit up when the police found this phone. The court therefore assumes that the telephones belonged to one or more suspects.
The Google Pixel phone had the GrapheneOS operating system installed. This is an alternative operating system that is designed to guarantee privacy/anonymity as best as possible and to communicate anonymously. According to reporting officers, such telephones are frequently used in criminal circles.
Source: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBZWB:2023:6754
Basically whenever you come across court cases in the Netherlands where criminals used Pixel phones, it's 90% chance they had GrapheneOS installed on them since it's the most popular OS in Dutch criminal world. In a lot of court cases they straightly mention the google pixel phones as cryptophones and are able to confiscate them in a case against a s suspect solely because the suspect used a google pixel phone. Since this has become an issue some criminals are now using google pixel phones but modified the appearance of the phone to look like an Iphone since its less suspected during car checks and what not.
New court case in the Netherlands regarding pixel phone, EVERY pixel phone that they cannot decrypt/unlock is 'uncontrolled' and the public prosecutors always try their hardest to keep those pixel phones from being returned to their owners. Sometimes the judges go along and sometimes they wont.
The public prosecutor has taken the position that the seized cannabis buds should be withdrawn from traffic.
The Google Pixel phone should also be hidden from traffic. Although the police have not yet been able to investigate this telephone, it is known that this type of telephone is often used to communicate encrypted to commit criminal offences. According to the public prosecutor, the uncontrolled possession of a Google Pixel phone is therefore contrary to the public interest and the law.
The public prosecutor has asked the court to confiscate the seized iPhone, now that conversations or chats were conducted with this phone that related to the planning of the criminal offense.
The seized beacon can be returned to the seized party.
Source: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBAMS:2024:2669
Lol, I won't go to the Netherlands, I would be suspect for whichever crime ! :)
Good that I spend next holiday in Denmark and Sweden ... (or not ?...)
Hathaway_Noa Note that the court decided to give the phone back to the suspect:
The court cannot establish a relationship between the seized Google Pixel phone and the proven fact. The mere fact, as stated by the prosecutor, that this is a phone with which encrypted and covert communication can also be used to commit criminal offenses, does not mean - without further substantiation which is lacking - that this phone was used for that purpose and thus that its uncontrolled possession is contrary to the public interest and the law. This phone must therefore be returned to the accused.
Europol, NCA, NL police etc know graphene is a real problem due to the very high level and amount of narcotic traffickers who seem to use them.
You read about how some of the biggest traffickers in Europe get arrested in Dubai as such and they have GOS phones.
The how and the why I'm not sure as I'm not technically savvy but I'm 100% certain they will be trying to push an exploit through GOS server onto the phones to intercept data. Wether it's illegal or not they will be trying to.
They cloned the sky servers in 2019 then created an exploit in 2021 which has brought so many criminal trials.
There's not an encrypted phone network albeit the others were solely used by criminals that they havent hacked or cloned the servers to intercept data.
GOS will be no different.
Mod note:
Information in this comment is based on an inaccurate understanding of GrapheneOS and its infrastructure.
Exploiting GrapheneOS servers would be essentially pointless. Doing so would not permit an attacker to exploit phones running GrapheneOS.
“ All you have to do is prove your innocence, and you can be on your way.”
@[deleted]
The how and the why I'm not sure as I'm not technically savvy but I'm 100% certain they will be trying to push an exploit through GOS server onto the phones to intercept data. Wether it's illegal or not they will be trying to.
I agree they will try. However gOS operates in different way, that won't be that easy.
They cloned the sky servers in 2019 then created an exploit in 2021 which has brought so many criminal trials.
They cloned more cryptophones' servers than just SkyECC.
There's not an encrypted phone network albeit the others were solely used by criminals that they havent hacked or cloned the servers to intercept data.
My OSINT says the same. The only publicly available 'alternative' are these white/russian/silent/pgp/encrypted/stealth sim cards. The logical conclusion is - many people using 'cryptophones' in the past use gOS nowadays.
GOS will be no different.
We'll see.
[deleted] maybe it's a good idea for GOS to implement some sort of multi-signing for each push update they perform. It would reduce a single point of error.
