An Android Hack Intentionally Creates False Data on Your Cell Phone to Fool Authorities

An increasing concern amongst journalists, activists and just about anyone else who values their privacy is that a bad cop, TSA agent or other bully in a costume will commandeer your cell phone and search its contents. This isn’t just a theoretical issue either, it seems to happen quite often, and is an important enough issue that it went before the Supreme Court early last month. I covered this issue in my post: Can Police Search Your Cell Phone Without a Warrant? The Supreme Court is About to Decide.

I haven’t been able to figure out if there’s been a judgement in that case, so if you have any information, please post it in the comment section. Nevertheless, it appears Android hackers have decided to take matters into their own hands and have developed a new technique that purposely reprograms your phone to lie. Scientific American reported on this in the article, A Phone That Lies for You. We learn that:

Local police confiscate a suspected drug dealer’s phone—only to find that he has called his mother and no one else. Meanwhile a journalist’s phone is examined by airport security. But when officials look to see what is on it, they find that she has spent all her time at the beach. The drug dealer and the journalist are free to go. Minutes later the names, numbers and GPS data that the police were looking for reappear.

A new programming technique could bring these scenarios to life. Computer scientist Karl-Johan Karlsson has reprogrammed a phone to lie. By modifying the operating system of an Android-based smartphone, he was able to put decoy data on it—innocent numbers, for example—so that the real data escape forensics. He presented the hack in January at the Hawaii International Conference on System Sciences.

Karlsson tested his hack on two forensics tools commonly used by police departments. Both can retrieve call logs, location data and even passwords. When he ran his modified system, the tools picked up the false information that he programmed into the phone and missed the real contents.

BoingBoing also reported on this achievement yesterday, writing:

Obviously, this kind of thing doesn’t work against state-level actors who can subpoena (or coerce) your location data and call history from your carrier, but those people don’t need to seize your phone in the first place.

On a related note, if you are considering installing a “smart home” system, you may want to be aware of some of the privacy implications. CNN Money published an interesting article on the topic, in which we learn:

Your lights are off and your doors are locked, but if you’ve got a “smart home” system, you may be offering cops a window into your house.

But smart home customers might be unaware that their security footage is being stored in some cases, and that it can be used against them in legal proceedings.

“We’re seeing law enforcement across a variety of areas arguing that they should be able to access information with lower standards than before the electronic age,” said Jay Stanley, a senior policy analyst with the American Civil Liberties Union.

“If a lot of information is flowing out of your home, it provides a window into the things you’re doing in your private space,” he added.

Tech companies already get thousands of requests for customer data each year from government intelligence agencies as well as traditional law enforcement for things like email and phone records. Once home security footage begins being stored on companies’ servers, there’s no reason why cops wouldn’t seek that out as well.

That means you may want to study the terms of service from your smart home provider to see what kinds of requirements they place on government and law enforcement data requests.

In Liberty,
Michael Krieger

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G