[cryptography] Commercialized Attack Hardware on SmartPhones

Jacob Appelbaum jacob at appelbaum.net
Sun Mar 2 13:10:46 EST 2014


Hi Tom,

On 3/2/14, Tom Ritter <tom at ritter.vg> wrote:
> On Mar 2, 2014 11:47 AM, "Kevin" <kevinsisco61784 at gmail.com> wrote:
>> Tom:
>> Pherhaps I am in the dark about this, but I'm sure attacking android is
> quite simple as mobile security is farely new.  I have to wonder why you
> are asking?
>
> If it's simple, surely there are product descriptions, manuals,  commercial
> offerings, leaked documents, tutorials, etc?  I mean we have all that for
> testing mobile apps, web apps, disk forensics, those portable power
> machines that let you move a server without powering out down etc...
>

These documents seem to be useful for you:

  http://www.rcfl.gov/Downloads/Documents/XRY%20Supported%20Devices.xls
  http://www.rcfl.gov/Downloads/Documents/UFED%20Supported%20Phone%20List.xls
  http://www.rcfl.gov/Downloads/Documents/SecureView%20Support%20List.pdf

This document is also quite interesting:

  http://www.rcfl.gov/DSP_P_CellKiosk.cfm

Basically, the FBI operates these "kiosks" for local cops who don't
have the talent of the FBI (whose talent here appears to be the field
of buying comercial forensics software):

  http://www.rcfl.gov/downloads/documents/CPIK_Brochure.pdf

They also operate a "loose media kiosk" as well:

  http://www.rcfl.gov/downloads/documents/LMK_Brochure.pdf

As a side note, you may also enjoy this forensics bootkit that they offer:

  http://www.rcfl.gov/downloads/documents/IS3_Brochure.pdf

Many of the regional RCFL offices document their attack capabilities
and services on their respective website:

  http://www.njrcfl.org/downloads/documents/NJRCFLbrochure.pdf

If you really want to get into the capabilities, I encourage you to
research the background of folks working with the RCFL or similar
groups. They often speak in public and demonstrate their capabilities
openly. Here is one example that lists a bunch of interesting
programs:

  https://www.icactaskforce.org/Conferences/NatlConf2012/Documents/Training_Program.pdf

That slide deck is pretty disturbing on a bunch of levels. Still, it
is of relevance to your question, I think.

All the best,
Jacob


More information about the cryptography mailing list