Phone pwn

Michael Butash michael at butash.net
Sat Dec 24 13:18:00 MST 2016


I find these sorts of tools never stay under wraps.  I've gone digging and
found "factory-authorized only" qualcomm software to reprogram my cdma
radios over usb in the past to bring my sprint palm pre to verizon circa
2010 (sprint sucks horribly) and tweak around with windoze mobile phones at
the time too with the same tool.  I realized later what I was doing was
technically quite illegal, as software obscurity was the only real
protection they could offer to keep people from abusing cdma, cloning
phones, stealing service, etc.

Obviously not that much protection when I just found it on piratebay or
some equivalent at the time and some walkthroughs where others have done it
as well to follow.

This seems to be how most devices like cellbrite and other tools approach
exploiting the upstream os as well using "recovery" methods the
manufacturers leave in the radios and firmware for themselves (and those
that find them too).

In otherwords, I really don't think root or not, unlock or not matters
anymore.

-mb

On Sat, Dec 24, 2016 at 8:14 AM, Stephen Partington <cryptworks at gmail.com>
wrote:

> The issue with this, Is that it is now fully leaked and out there.
>
> Sadly i need to unroot my phone for it to be secure again.
>
> On Sat, Dec 24, 2016 at 12:30 AM, Michael Butash <michael at butash.net>
> wrote:
>
>> https://motherboard.vice.com/read/us-state-police-have-spent
>> -millions-on-israeli-phone-cracking-tech-cellebrite
>>
>> I've known about cellbrite for a bit, seems they've only gotten better
>> (or worse, relative) as a shill for your secrets to the highest bidder
>> slurping any/all mobile data for forensic capabilities.  Government,
>> military, police, or criminal, whoever can afford them.  You or I with
>> enough enough cash too.
>>
>> So what does one do these days aside from accept that their phone can and
>> will be compromised with enough direct intent to do so?  This can/does
>> happen at some international waypoints I've read agents will "insist" they
>> take your phone somewhere (with a cellbrite I presume).  It seems rather
>> impossible to bother attempting to secure your data on any phone,
>> encryption or none.
>>
>> Google doesn't seem to comment on what cellbrites markets as attacking
>> "any" android, and sadly better Apples where it's more cat and mouse, but
>> at least some attempt at denying it exists.  Blackberries seem to pride
>> themselves on secure android, but I wonder if it'd hold up to a cellbrite
>> ufed.
>>
>> Is there really a *good* option out there that prevent this?  Why is that?
>>
>> I'd just like to for once be confident in a product that it's not built
>> inherently with a conveniently exploitable backdoor for .gov where ever you
>> are, or all of them as probably more likely.  The fact cellbrite can simply
>> leech *any* android, and various apples as a cat and mouse effort is quite
>> disgusting.
>>
>> Also, cellbrite's ufed tool seem capable of cloning sims, which means the
>> protocols in use for now gsm + probably lte are again flawed as allowing
>> the sim ki (private key of sorts) to be extracted from weaknesses in the
>> cryptographic storage internal to them (shh). Until around 2003, one could
>> clone gsm sims pretty trivially, only stronger crypto standards evolved to
>> protect it further, which I now suspect is broken too given this "tool"
>> existing at all.
>>
>> We should crowdfund buying one to play with at an installfest, I see some
>> on ebay (search "cellbrite ufed").  Ebay also turns up searching it some
>> interesting sales of documents for test study results too.
>>
>> -mb
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20161224/0cf2dac1/attachment.html>


More information about the PLUG-discuss mailing list