• General

  • Potential appearances of GrapheneOS in mobile forensic reports

  • [deleted]

  • Post #52
  • Edited

Nuttso IMO they will learn from there errors and it'll be done illegally and will be done for 'intelligence only' therefore catching people in the act of committing crimes and intercepted data will not be required as evidence like it is being used currently. Lots of rumours similar is happening to signal also.

They don't play by the law as has been shown with how they have hacked past crypto phones. If they can catch some criminal bang to rights with millions of pounds worth of narcotics, in the midst of a robbery or such the messages they have intercepted won't really matter.

      [deleted] IMO they will learn from there errors and it'll be done illegally and will be done for 'intelligence only' therefore catching people in the act of committing crimes and intercepted data will not be required as evidence like it is being used currently.

      This has been used for a long time. Depending on how difficult it is for the investigating authorities to convict someone, they do not shy away from falsifying evidence. Be it that, in cooperation with the public prosecutor's office, they do not inform the investigating judge of the true circumstances, or that they happened to be at the scene, or that they are completely free to invent spies. Europol does not abide by any laws at all; it places people in criminal circles who are allowed to commit even the most serious crimes in order to prove their loyalty. They are then brought before the courts as confidants who do not have to make a direct statement. Encro and Sky have provided a small insight into the whole affair, but have changed absolutely nothing. The market is flooded with cocaine and other substances. This whole war on drugs is a joke and people in the highest political, military and police circles are playing along with it. In Germany alone, 100 kg of cocaine are consumed every day. Investigating authorities boast about finding a ton of cocaine, yet several tons arrive in the EU every day.

      A serious drug dealer will only use his grapheneos as if it were already compromised. This is also the only approach that actually protects against surprises.

      [deleted] They don't play by the law as has been shown with how they have hacked past crypto phones.

      In fact, the data was collected by encro and Sky in accordance with the law. This was also confirmed by the ECJ in the judgment I linked to. They used a little trick to circumvent certain criminal procedural regulations in some EU countries.

      [deleted] Lots of rumours similar is happening to signal also.

      We monitor this with a very simple approach. If this were true, we would know immediately. I don't want to say exactly how we do this.

            other8026 locked the discussion .

            GrapheneOS phones don't blindly trust GrapheneOS servers. To put it bluntly, it really wouldn't matter if they were compromised because malicious updates wouldn't be signed by the required keys.

            For all of the services I can think of, our phones just get data from the servers. No additional info is sent with requests. So, there's virtually zero useful user data on GrapheneOS servers (to law enforcement or whoever). Use a VPN in the owner profile to hide your IP address if you want.

            Edit to share some links:

            other8026 unlocked the discussion .

            To bring a little clarity here. Firstly, grapheneos servers are configured more securely than comparable providers. During the compilation process, the releases are signed with a key that only the developers have. Without this key, no manipulated operating system can be installed on the end devices. Every change in the source code is communicated publicly. The only damage that a server takeover could cause would be to cut off the user from the possibility of receiving updates. Which could become a problem if certain critical security updates are released that close RCEs, for example. The phones would be unprotected against publicly known security vulnerabilities as long as they do not have the latest security updates. For this very reason, grapheneos places so much emphasis on getting the security bulletins out as quickly as possible each month.

            Regardless of this, a targeted hack would be necessary. It would have to be able to bypass several security mechanisms and it would be very difficult to make this hack persistent. See verified Boot.

            This is why we only recommend grapheneos as the basis for Molly. There is nothing comparable. It would be downright negligent to recommend anything else.

            21 days later

            What do you mean by having GOS as the "basis" of molly? Do you mean y'all will only recommend properly configured molly installed on a properly configured GOS for maximum attainable security/privacy?

            (By molly I am assuming you're talking about that hardened fork of Signal, right?)

              GlytchMeister GOS recommend Molly due to the large attack surface of the Signal and WhatsApp apps, messages are E2EE, but it would seem that the apps are very vulnerable, I can no longer find the source on Mastodon, but I have read it.

              In addition, Accrescent, which contains the fully FOSS version of Molly, will soon be available in "Apps" to create a chain of trust.

                Oh I didn't know Accrescent was mature enough for implementation within GOS, their github says its still in early alpha. I've been avoiding Accrescent because of that. If its mature enough for GOS's Dev team, I guess it's mature enough for me?

                  4 months later

                  NEW CASE
                  https://gofile.io/d/Z4TgCI (The language is in Swedish, but there is some pictures for the curios folks)
                  Check "Södertörns TR B 5471-24 Aktbil 60, Protokollbilaga Sekretess.pdf" it contains mostly forensic stuff from the phones.

                  Between 2023-04-09 and 2023-04-13 - Mr. Y Ishak (Napoleon on Signal) with associates tried to kill a guy, it was all planned in a signal group chat.

                  Long story short;
                  On 2023-04-13 Police stopped a vehicle with Mr Ish*k in it, he was wanted and police found 2 phones on him, a pixel 6a in his hand and an iphone hidden in his underwear. The pixel did not have any simcard in it, the iphone did.
                  Police did not manage to extract any information from the pixel BUT 9 months (2024-01-30) later somehow they did get hold of signal messages, picture and more..

                  I'm kinda curios of how? In the documents it shows that the accused had been sharing internet from his iphone to the pixel and been connected to wifi. What was the weak point? Signal? His hotspot through the iphone or maybe the router at home?

                    Tekpro doesn't exist since 2017?! The Name oft the company was tekpro and is now "Envista Forensics" as i know. This company is populär in Sweden, Danmark and the netherlands .....

                    quepasabebe Signal? His hotspot through the iphone or maybe the router at home?

                    How would any of these possibly be a weak link? I don't get it.

                    Most likely he had a weak security code or he gave it to them, or he had another phone.

                        wuseman Most likely he had a weak security code or he gave it to them

                        That's my first thought.

                          dc32f0cfe84def651e0e

                          Does this mean GOS is illegal in SE??

                          The Google Pixel phone is very heavily encrypted and there is no legal use for such a phone. Based on this, the Google Pixel phone should be considered a criminal tool.

                              Clark
                              Nope. That's written by a police officer of some sort, not by a judge or any legal entity. Presumably the meaning is "it was used to commit a crime" rather than "owning it is a crime"

                                • [deleted]

                                • Post #69

                                The disk encryption on stock Pixel and one with GrapheneOS is implemented in the same way. Should we then sum it up with saying, that whoever uses Google Pixel phone is a potential criminal? I don't think so.

                                quepasabebe I'm kinda curios of how? In the documents it shows that the accused had been sharing internet from his iphone to the pixel and been connected to wifi. What was the weak point? Signal? His hotspot through the iphone or maybe the router at home?

                                User error.

                                All of those things wouldn't ever be a factor in device compromise. They can't read signal messages, that's kind of why they need to extract the phone in the first place. Hotspot / WiFi access point history is also a common forensic source, you can access them on both devices easily.

                                The document openly claims it can't get into a Google phone in normal circumstances:

                                "Det hittades även en till Googletelefon inne i själva bilen (punkt 3) men denna har i skrivande stund juni 2024 inte gått att extrahera eller knyta till brukare."

                                MACHINE TRANSLATION: Another Google phone was also found inside the car itself (point 3), but this has not worked at the time of writing in June 2024 to extract or link to users.

                                This conclusion matches the expected outcome of our Cellebrite document sources exactly.

                                The document claims they got into it 'manually', and the pictures show them taking a camera to the phone's screen instead of screen recording. Worth noting screen / display capture for unlocked devices is a standard Cellebrite feature but they didn't do it, weird why they didn't if they had the option. I guess it's practice over in Sweden.

                                IT-forensiker har gått in i telefonen manuellt och fotograferat användarens eget alias

                                MACHINE TRANSLATION: IT forensics have entered the phone manually and photographed the user's own alias

                                If it was done manually they evidently had knowledge of the credential or they were consented. Targeting of other people involved, CCTV, forensics of fingerprints on the display, sharing the PIN with the iPhone, tons of potential factors would have led up to his failure.

                                Quite frankly I personally don't care about the heaps of trouble that scumbag gang bangers and drug dealers get into. They deserve prison and I am happy they've been arrested. I'm only making this response to debunk before people get concerned about it. If they were talking about all their acts on the iPhones they had by the looks of it then clearly they're not the brightest and GrapheneOS wouldn't protect them and hopefully it stays that way. There's tons of factors that would have brung this person down even without the phone's data I'm sure.

                                  Clark Does this mean GOS is illegal in SE??

                                  No. The quote says Google Pixel phones, not GOS. Google Pixels are actively sold in Sweden by reputable major resellers as well as Google themselves, and is marketed towards regular users.