If Cops Try To Hack Your Phone This app will wipe you phone clean

If Cops Try To Hack Your Phone This app will wipe you phone clean

It could prove to be a controversial release, given that criminals could use it to erase evidence. But Matt Bergin, the researcher at security company KoreLogic who created the tool, says Cellebrite could easily update its phone-hacking tech to stop his app—dubbed LockUp—from working. And he hopes his work, which also included finding now-patched security weaknesses in the Cellebrite, will bring to light the need for more tests on police forensics tools to ensure they’re secure and able to detect evidence tampering.

If the police get hold of a smartphone and they have a warrant to search it, they’ll often turn to a tool from Israeli company Cellebrite that can hack into it and download the data within. But on Friday a security researcher is releasing an app that he says can detect when a Cellebrite is about to raid the device, turn the phone off and wipe it.

“My goal is not to arm criminals. It’s more to educate the general public and make it aware that we need policy changes to address these issues,” Bergin added. “I hope we see changes in policy that require the types of testing that I do.”

Bergin was able to carry out his research on a two-year-old Cellebrite Universal Forensic Extraction Device (UFED) acquired from eBay, a place where the tech, supposedly only to be used by police, has been spotted on sale before. He found a handful of security issues. First, he found a problem with the way in which Cellebrite handled its encryption keys. One of those keys—an authentication key—was supposed to guarantee that the Cellebrite device was the only one to carry out a forensic search on a phone, but they were the same for every unique Cellebrite system. “The problem with that is now, when evidence collected by the UFED is being introduced in the courts, you can’t really say that it was the Cellebrite itself that did the collecting of the content,” Bergin explained. He also found keys that let him pull all the code used to exploit vulnerabilities in Android, all of which appeared to have been fixed on Google’s operating system.

As for how LockUp works, it looks for a Cellebrite application called Mr. Meseeks, named after a character in animated TV comedy Rick & Morty, which is downloaded on an Android phone when the forensics tech is about to search a device. LockUp looks at the certificate for each new app installed on a device and if it matches the one for Mr. Meseeks, it’ll factory-reset the phone. Though his test Cellebrite system was two years old, Bergin thinks that LockUp will still work as he believes modern versions still use Mr. Meseeks. He’s releasing LockUp on Friday during a talk at BlackHat Asia.

The code release, on Github, could interest Cellebrite’s global customers, which include many of the U.S.’ federal government and local police agencies, including Immigration Customs Enforcement (ICE), the FBI, the NYPD and Europol.

Cellebrite fixed the encryption issues highlighted by Bergin in 2020. A company spokesperson added: “The demonstrated proof-of-concept application is not considered a vulnerability by KoreLogic or Cellebrite. It is a shared scenario for any forensic software performing app-based extractions. Customers should be assured that information garnered from Cellebrite solutions is forensically sound.”

Regarding the ability for people to purchase its devices on eBay and other secondhand markets, Cellebrite said, “Under no circumstances may a customer resell, redistribute, transfer or sublicense Cellebrite’s technology to any third party without expressed written permission from Cellebrite . . . keep in mind that on the rare occasion when someone is able to obtain a device on a secondary market, the software is outdated and not able to receive updates.”

The release of LockUp comes just a week after Moxie Marlinspike, founder of the encrypted messaging app Signal, looked into the security of a Cellebrite device and claimed to be able to hack a Cellebrite by including malicious code in an app searched by the forensic tool. The LockUp app may appeal to those who wouldn’t consider themselves criminal, but could be under surveillance from their government. Cellebrite devices have allegedly been spotted in use on journalists in countries with poor records on human rights. On Wednesday, the Committee for the Protection of Journalists reported that Oratile Dikologang, digital editor and cofounder of the Botswana People’s Daily News website, had his phone searched with a Cellebrite device. Dikologang was accused of writing “offensive” posts on Facebook and during interrogation gave over his password. A Cellebrite and the Forensic Toolkit from U.S.-based AccessData were then used to grab all the data inside.

In response to the CPJ’s reporting, AccessData didn’t respond to multiple requests from the publication, while a Cellebrite spokesperson said: “We have multiple checks and balances to ensure our technology is used as intended. We require that agencies and governments that use our technology uphold the standards of international human rights law. . . . When our technology is used in a manner that does not meet international law or does not comply with Cellebrite’s values, we take swift and appropriate action, including terminating agreements.”

The News Highlights

  • If Cops Try To Hack Your Phone This app will wipe you phone clean
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Secretary of State warns of misleading business direct mail

CEL trains business leaders for the Core program

Established in 1987, the CEL provides participants with individualized and interactive education in entrepreneurship. More than 1,400 CEL alumni employ more ...
Health Logic Interactive Announces Proof-of-Concept Test Results and Advancement of its Lab-on-Chip Technology

Health Logic Interactive Announces Proof-of-Concept Test Results and Advancement of its Lab-on-Chip Technology

Cautionary Notes Neither the TSX Venture Exchange nor its regulation services provider (as that term is defined in the policies of the TSX Venture Exchange) ...
4-year-old heart warrior walking with purpose in Wichita Heart Walk

4-year-old heart warrior walking with purpose in Wichita Heart Walk

“There’s a valve called a PSD that we’re all born with and the blood flows through that until 24 or 30 hours after you’re born and then that closes up and then ...
Human acquires Onehome to pursue values-based home health strategy

Human acquires Onehome to pursue values-based home health strategy

The Kindred deal — the largest in Humana’s history — is the latest example of the blurring lines between payer and provider. Louisville, Kentucky-based Humana ...
Wireless Sound Bar Systems Recreate Cinema-Style Sound at Home

Wireless Sound Bar Systems Recreate Cinema-Style Sound at Home

That’s where the role of a good sound bar and wireless speaker system comes in. This long, thin external speaker provides way better sound than the speakers ...
Surry “glampground” open for business

Surry “glampground” open for business

Under Canvas is using just a portion of its 100-acre parcel. “The sunset tours are huge,” Margraff said. Greenlaw has been the favorite part of people’s stays ...
Gigafactories: Europe Faces US and Asia as a Car Battery Power

Gigafactories: Europe Faces US and Asia as a Car Battery Power

image copyrightMADDY SAVAGEimage captionNorthvolt’s gigafactory is 125 miles south of the Arctic Circle Surrounded by a forest of tall green pine trees, 125 ...
This Fall, Friends of Mineral Town will be released for Xbox One and PlayStation 4

This Fall, Friends of Mineral Town will be released for Xbox One and PlayStation 4

Developer Marvelous and published XSeed Games have announced that Story of Seasons: Friends of Mineral Town will release on PlayStation 4 and Xbox One this ...
Every Confirmed E3 Game is Currently Available for Preorder at E3 2021

Xbox and Bethesda at E3 2021: Game announcements, trailers, and more

The 90-minute show was busy enough that it could be easy to miss an important announcement, so we’ve compiled everything from Xbox and Bethesda at E3 2021 ...
‘Win Big Papi’s Money’ with FOX Super 6

‘Win Big Papi’s Money’ with FOX Super 6

The “Win Big Papi’s Money” contest will be available on Saturday, June 19. Cash prizes will vary each week. Since its launch in September 2019, the FOX Super 6 ...
Show next
Compsmag - Latest News from tech, business and health
Logo