These days, if you’re arrested and charged with a felony, the first thing the cops watch the contents of your phone. Digital forensics is increasingly a preferred means of securing a conviction, or at least gaining a broader understanding of a suspect.
However, the tools used to pierce phones and extract data are not perfect – and current research suggests that the evidence they provide could be tampered with under the law circumstances (read: hacking).
To draw attention to these issues, a security researcher recently created an app designed to thwart exactly this kind of spying. Specifically, the program aims to prevent the use of Cellebrite, the popular law enforcement digital forensics firm, which was recently criticized. for glaring vulnerabilities in its UFED data mining product.
Called “LockUp,” the app is the work of Matt Bergin, senior researcher at security firm KoreLogic, who has spent the past two years studying Cellebrite products. Bergin debuted at its inception last week Black Hat Asia (the annual cybersecurity conference that takes place in cities around the world), where he presented it alongside his corporate security research.
The idea with LockUp is not so much to create a safe haven for criminals as it is to demonstrate the potential technical issues with some of law enforcement’s most beloved data mining devices, Bergin said at the meeting. ‘a phone call with Gizmodo.
âReally, I wrote LockUp to support the research I was doing and to prove that forensic software is not immune to problems,â Bergin said. âI wanted to demonstrate that not only can the Cellebrite software itself have problems, but that there are ways to trick forensic software into doing something you might not expect. that he is able to do. ”
Bergin analysis in progress de Cellebrite probably looks like a recent, viral blog post written by Moxie Marlinspike, CEO of the Encrypted Chat app Signal. In the post, Marlinspike showed how data pulled through the company’s devices could easily be manipulated, potentially spoiling the evidence. Since court cases around the world have relied on this technology, the idea that data could so easily be tampered with raises a number of legal issues.
LockUp is quite interesting. Essentially, the app’s ears wake up whenever a new program is downloaded to a user’s phone. âThis is when the questioning of the claim begins,â Bergin said. âWe’re looking at things like hashes, the files themselves, certificate metadata associated with the app. And if LockUp finds something it knows, it will programmatically reset the target device. “
Simply put, the app is designed to scan all new downloaded programs and if it recognizes any of the codes associated with Cellebrite, it hits the self-destruct button and automatically initiates a full data erase.
If you think it sounds appealing, be aware that you can’t download it from the Google Play Store or any other third-party marketplace because LockUp is just code. After BlackHat, Bergin abandoned his “application” on Githuband, hypothetically, if someone had the time and the resources, they could take the code and repackage it into a working, marketable application. But that was not the point of the exercise.
“The end result that I would like to see from all of my research is the adoption of new testing procedures that must be undertaken before forensic tools like these can be used in our courts,” Bergin said, leaving hear that there is not currently. any regulations meeting a sufficiently high safety standard.
It’s not that tools sold by companies like Cellebrite shouldn’t be used. On the contrary, as long as their products are in circulation, the results they produce must be precise and safe, he said.