Digital forensics might be the most popular recent method of unraveling conversations between suspects and putting criminals behind bars but it’s not an infallible one. As a matter of fact, as a senior researcher just showed, it can be tricked or rendered useless if the phone data police are trying to crack gets wiped out by a simple Android app.
Matt Bergin, a senior researcher with security firm KoreLogic, has spent years studying the police’s favorite digital forensics team used to crack into phones and recover data – Cellebrite. His objective? To see if this crucial software, that has been used in various courts of law, can become useless in the right circumstances.
Turns out, it can.
Bergin created LockUp, a piece of code that could be turned into an Android app which, installed on suspects’ phones, could wipe out ALL that data. LockUp comes to life when a new program is installed. For example, if the police got their hands on a phone that has crucial data for a case and wanted to crack into it through Cellebrite, LockUp would sense the program being installed. The moment that happened, LockUp would reset the target phone to its default factory settings.
Bergin says his code can analyse quickly the recently installed application’s hashes, files and certificate metadata.
The existence and efficiency of his solution, presented at Black Hat Asia, show that authorities need to have a backup plan for this potential scenario. Or improve the programs they work with. As for Bergin, because he doesn’t intend to use LockUp against cops, he hasn’t turned it into a real, downloadable application. However, he did release the code on Github which means, unfortunately, anyone with the time and right resources could market it instead.