
Android Anti-forensics: Modifying CyanogenMod - aburan28
http://arxiv.org/abs/1401.6444
======
rtpg
This reminds me of a feature that was on some Japanese flip phones.

You could set some contacts to be "secret", and any messages from them would
not appear in the default app. The only notification you would get would be a
small pixel embedded in the cell tower signal image in the corner of your
screen. You would then go into some deeply hidden corner of your settings to
get the "real" messaging app.

If you know about it, its useless, but (like this lying phone) , it can be
very easy to overlook in a casual analysis of the phone (by your wife in one
case, or by the police in the other). We should never discount how effective
really simple things like these can end up being.

~~~
w1ntermute
_Japan 's Philanderers Stay Faithful to Their 'Infidelity Phones': Cads
Attracted to How Outdated Device Hides Calls, Texts; Juggling Three
Girlfriends_:
[http://online.wsj.com/news/articles/SB1000142405297020475540...](http://online.wsj.com/news/articles/SB10001424052970204755404578102581637364040)

------
davb
I would install such a firmware in a heartbeat if I had confidence that there
were a team of freedom-fighting hackers staying one step ahead of the
authorities.

I don't keep anything incriminating or illegal on my phone (hell, I don't _do_
anything illegal) but I'm terrified of the day where I'm in the airport,
embarking on a £4k holiday (not insignificant in my salary bracket) and am
asked to hand my phone and laptop/tablet over to confirm I'm not a terrorist.
I'll be faced with acquiescing and compromising my principles or disappointing
my girlfriend (who I almost always travel with) and having both of us taking a
financial hit (and probably being added to a "list" or having my threat value
increased).

It's not an unheard of situation in the UK, and is most often not
intelligence-driven (more likely you are travelling through an airport where
they are trialling some new counter-terrorist technology we've paid a small
fortune to install).

I think a device with limited state (ROM-only?) which can give me reasonable
assurances that no-one could tamper with it or install any government
sponsored malware may be the solution. Although the utility of such a device
is questionable, and it certainly wouldn't be fun to use.

~~~
AJ007
I've mentioned this in NSA stories before, the US government, the UK, are
hardly the only concerns. What happens at other borders? Your devices contain
sensitive information -- logins, source code, server lists, archived email,
customer data; perhaps not on the machine itself but accessible through it.

Corrupt countries are one problem, but so are first world countries. There are
a number of stories about American execs being spied on by first world
countries. Failing to protect your physical data when you leave the country
(assuming your devices have work information on them) is negligent.

~~~
davb
Absolutely. However I'm less well versed in international privacy laws than
those of the UK. With RIPA, the mere act of protecting your data while
transiting through the UK can be seen as incriminatory, with failure to
decrypt data a serious criminal offence which can result in prison time.

I think that steganography and plausible deniability are vital. However
employing such techniques can make life even more difficult if caught ("What
are you going to such an effort to hide?").

~~~
AJ007
There is a good solution: don't bring your data. It is a problem if the place
you are going doesn't have broadband, but then again there may be little work
that can be done in such a place.

~~~
davb
I don't know if I'd say that's a _good_ solution. If travelling for pleasure,
that would mean wiping my personal data from my device - contacts, messages,
emails. It would also mean logging out of all network services. Or just
leaving that data at home. Being able to stay in touch while away, and retain
access to my online accounts is really useful.

If travelling for business (even to a country with poor broadband access) I
may still need access to vital business data. I can't always leave this at
home.

Sure, I could VPN home but if I am to travel with no private data at all then
that would preclude the possibility of using certificate based encryption and
relying on less secure (and memorisable) passwords.

Travelling without data is very difficult today, unless you plan on being
completely disconnected.

------
jimhefferon
So the police have a tool. He writes a tool-fooler. No doubt they will return
with a tool-fooler tool. Then he fools the tool-fooler tool. When will it ever
halt?

Time for a drink.

~~~
RachelF
It never ends. Counter measures, counter-counter measures etc.

Most of the time, though, the police will use another method, as the law has
more than anti-forensics in their armoury.

------
Htsthbjig
In a world in which everything is monitored all the time, like the police
State the government agencies dream about, lying is a necessity.

We need more of this. Our messenger app sending false data along with the
valid one, but is automatically discarded by the app. This way, anyone
intercepting the data is not certain of what it means.

Bandwidth is cheap.Just encrypting something does not make anything sure.

It is one of the earliest tricks on existence. You know someone spies on you,
you act like you don't know anything but supply false information to your
spies.

~~~
userbinator
Exactly, this strategy has been known for a long time:
[http://en.wikipedia.org/wiki/Steganography](http://en.wikipedia.org/wiki/Steganography)

------
ufmace
This makes me wonder just how open everyday Android phones are to forensic
examination. I'm not sure how you would get much out of the phone without
either manually installing an app with a lot of permissions or doing some kind
of device-specific firmware hack. And the manufacturers often seem to be
making this kind of hacking harder and harder, going by what the Android
rooting community has experienced.

------
sejje
It's well-known that phones report our locations at all times, I'd like to see
a phone that falsifies that data as well.

~~~
pavel_lishin
Kind of hard to fool triangulation. Software doesn't beat the laws of physics.

~~~
x0054
You can fool the towers trying to triangulate you by adding a small random
delay to the ping responses. Of course, this would require a custom modem
firmware and/or hardware level access to the phone. The authority trying to
triangulate you would have an ability to track your approximate location, with
in several square miles, but it would make it much more difficult to pinpoint
your exact location.

~~~
rasz_pl
you would also need highly directional antenna to make sure only one base
station can hear your signal

------
vaadu
Wait for some prosecutor to determine that just having this capability on your
phone makes you guilty.

------
jamessb
This is just blogspam.

For actual details, see the arXiv paper "Android Anti-forensics: Modifying
CyanogenMod": [http://arxiv.org/abs/1401.6444](http://arxiv.org/abs/1401.6444)

~~~
dang
Thanks! Changed to that from
[http://www.scientificamerican.com/article/a-phone-that-
lies-...](http://www.scientificamerican.com/article/a-phone-that-lies-for-you-
an-android-hack-allows-users-to-put-decoy-data-on-a-smartphone/).

