Written by Alexa Erickson
Cell phone fraud has been going on for years, and hackers have used a variety of weapons to achieve their goals. It seems dirty and immoral, a violation of people’s right to freedom, yet federal law enforcement officials continue to pressure companies to decrypt consumers’ information to be used for criminal or terrorism investigations.
The mobile forensics trader industry came to the surface last year when the FBI paid a group of unidentified hackers to break into the iPhone 5s of one of the San Bernardino shooters. Yet despite the first impression that such an industry is meant for good, evidence suggests the trade has a less savoury side, too.
“Mobile forensics is a cesspool,” forensic scientist Jonathan Zdziarski said. “I was quite disgusted at what I saw.”
“What I’ve seen is bribery: trying to pay-off certain employees at a company for information,” he continued. “I’ve been approached by some companies early on and I’ve called them out publicly in the past, in law enforcement circles, for trying to get me to violate certain copyrights and send intellectual property that didn’t belong to me.”
According to Zdziarski, some companies even steal exploits from other hackers via reverse-engineering products or by gathering trade secrets.
Millions of dollars are spent to break into and extract data from mobile phones, and the ethics of doing so are complicated. The pressure alone is steeped in questions of immorality. Apple, for instance, refused to help the FBI break into one of the San Bernardino terrorist’s phones. In a letter to consumers, Apple CEO Tim Cook wrote:
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
And so, because the government cannot force or convince all tech companies to make their lives easier by giving them unlimited access, they must resort to bribery, or outright theft. In fact, one company used publicly available code made by a mobile security researcher named Jon Sawyer. Sawyer tells a different story, however.
“Magnet Forensics stole from me,” Sawyer said. He would have no problem with his published research being reverse-engineered and re-implemented into a product, he explained, but that’s not what happened in this particular situation.
Sawyer claimed he got a beta Magnet product that he examined from the inside out, came up with his own code, and stuck it into the Magnet’s firmware. “They took the copy signed with my cryptographic key, and put it in their product,” he said. Magnet Forensics claimed to have taken out his code immediately.
There’s a lot of pointing the finger between companies, too, with many companies suing each other over stolen materials. Israeli-company Cellebrite accused Micro Systemation AB (MSAB) of reverse-engineering Cellebrite’s Universal Extraction Forensic Device (UFED) products and putting the copyrighted material into its own software. Cellebrite also accused Oxygen Forensics of the same thing.
It seems stealing is the name of the game when it comes to phone cracking.
“The sheer number of mobile phone models, each with its own idiosyncrasies requiring a different approach, might be one reason why some companies are apparently keen to steal other’s work,” notes Motherboard. “I’ve got 400 of them in my lab alone,” Sawyer revealed.
Money is a big part of the problem, too.
“There is a huge budget, just in this country, in terms of federal dollars,” Zdziarski noted. “It’s very lucrative for anyone doing government-type work.”
Originally posted @ Collective Evolution