Phone pwn

Sat Dec 24 08:14:53 MST 2016

The issue with this, Is that it is now fully leaked and out there.

Sadly i need to unroot my phone for it to be secure again.

On Sat, Dec 24, 2016 at 12:30 AM, Michael Butash <michael at butash.net> wrote:

> https://motherboard.vice.com/read/us-state-police-have-
> spent-millions-on-israeli-phone-cracking-tech-cellebrite
>
> I've known about cellbrite for a bit, seems they've only gotten better (or
> worse, relative) as a shill for your secrets to the highest bidder slurping
> any/all mobile data for forensic capabilities.  Government, military,
> police, or criminal, whoever can afford them.  You or I with enough enough
> cash too.
>
> So what does one do these days aside from accept that their phone can and
> will be compromised with enough direct intent to do so?  This can/does
> happen at some international waypoints I've read agents will "insist" they
> take your phone somewhere (with a cellbrite I presume).  It seems rather
> impossible to bother attempting to secure your data on any phone,
> encryption or none.
>
> Google doesn't seem to comment on what cellbrites markets as attacking
> "any" android, and sadly better Apples where it's more cat and mouse, but
> at least some attempt at denying it exists.  Blackberries seem to pride
> themselves on secure android, but I wonder if it'd hold up to a cellbrite
> ufed.
>
> Is there really a *good* option out there that prevent this?  Why is that?
>
> I'd just like to for once be confident in a product that it's not built
> inherently with a conveniently exploitable backdoor for .gov where ever you
> are, or all of them as probably more likely.  The fact cellbrite can simply
> leech *any* android, and various apples as a cat and mouse effort is quite
> disgusting.
>
> Also, cellbrite's ufed tool seem capable of cloning sims, which means the
> protocols in use for now gsm + probably lte are again flawed as allowing
> the sim ki (private key of sorts) to be extracted from weaknesses in the
> cryptographic storage internal to them (shh). Until around 2003, one could
> clone gsm sims pretty trivially, only stronger crypto standards evolved to
> protect it further, which I now suspect is broken too given this "tool"
> existing at all.
>
> We should crowdfund buying one to play with at an installfest, I see some
> on ebay (search "cellbrite ufed").  Ebay also turns up searching it some
> interesting sales of documents for test study results too.
>
> -mb
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20161224/b64d6fb2/attachment.html>