For three years, European criminal prosecution authorities such as the Federal Criminal Police Office (BKA) or the cyberspace command of the French gendarmerie worked together with companies and research institutions in the EU project Exfiles to hack or crack crypto mobile phones. According to one of the partners, the Forensic Institute of the Netherlands (NFI), the around 7 million euros in tax money that went into the initiative was worth it: “Exfiles has made an important contribution to gaining access to hundreds of mobile phones, especially in connection with cases of serious organized crime for Dutch investigative authorities,” explained Erwin van Eijk, head of NFI’s digital and biometric traces department, on Monday. At the European level, the results are “many times” better.
Those involved focused on mobile phones with crypto phones, which use special software and sometimes also hardware to encrypt calls, chats and data as securely as possible. However, they also targeted common smartphones such as those from Apple or Samsung with the iOS and Android operating systems, via which communication is now often exchanged in encrypted form. “Nowadays mobile phones have multiple layers of encryption and are modified at the software level,” explains van Eijk. “This makes it necessary for forensic digital examiners to work together across Europe.”
In order to get readable data from modern cell phones, security experts would always have to look for vulnerabilities. Van Eijk knows that for a long time it was possible to retrieve information directly from the hardware, i.e. the chips. But over time, the data was encrypted using keys stored on other chips. In addition, a password was created by the users themselves. Today, a combination of hardware and software knowledge is required “to gain access to the keys.” Cryptographic knowledge would also be required. For example, an analyst would first have to edit the chip in order to then use software to access decrypted user information. What is special about Exfiles is that it brings experts from different fields together “to develop new solutions. And that is exactly what led to breakthroughs.”
According to the NFI, forensic scientists and prosecutors jointly set priorities in the project as to what expertise needed to be developed first in relation to which types of phones and for which phones they could best share access methods. The investigators looked at sales figures, for example, but also at trends that they recognized in suspects or criminal groups. Afterwards, technicians from all over Europe worked out solutions together. As a result, according to the NFI, the methods that enable access to such crypto cell phones, for example, are “usually already well advanced” when the police confiscate them. The parties involved are thus prepared at an early stage for the “forensic requirements of tomorrow”.
In January, researchers involved published a paper on “combined error injection and real-time side-channel analysis” to bypass “Secure Boot” on Android. Van Eijk doesn’t think it’s crucial whether incriminating material is ultimately found on cracked mobile phones: “Access to information helps to establish the truth in court.” After the end of August, the EU Commission will probably evaluate the project from October and decide on a possible successor. The EU project Overclock started in October 2021, which is about finding “live access” to encrypted smartphones, for example using zero-day exploits. European security authorities have already managed to siphon off large-scale communications from more or less well-encrypted crypto messengers such as EncroChat, Sky ECC, Anom and Exclu.
Go to home page
#Exfiles #Prosecutors #crack #crypto #cell #phones