Notifications
Clear all

Faked SMS mesage

9 Posts
2 Users
0 Likes
971 Views
(@tackleberry)
Posts: 30
Eminent Member
Topic starter
 

We are looking at trying to discern between faked sms and real ones. NOT utilizing internet based websites for this discussion, but with an Android APP that is down loaded to the phone.

#1 Obviously we could potentially see the APP installed, or seen as deleted App if Physical dump is available.
#2 We could possible see that a search record for "Fake SMS" in the searched App store or browser.
#3 Also for discussion purposes the "Basic" call record / billing records not yet available for either phone that may "appear" to be involved in the fake sms exchange.

The App Allows you to select date and time of message and can be set up to display any phone number. It also allows you to set the message as incoming or sent (to create a back & Forth sms discussion), (also an option to put fake message into outbox, failed, or draft box). It appears to put the artifact directly into the mmssms.db ( on my test Moto Razor HD device at least)
This test device has been reset prior to this App install, it is on verizon but has not service currently, just connected via wifi.

Any thoughts with #1,2,3 possibilities not withstanding?

I am in the process of duplicating the test on a device with active cellular service.

 
Posted : 09/10/2017 3:14 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Device rooted and bootloader unlocked?

 
Posted : 09/10/2017 3:31 pm
(@tackleberry)
Posts: 30
Eminent Member
Topic starter
 

Its a stock (Verizon) XT926 Droid Razor HD. Using Cellebrite UFED for physical, Logical, and FS. Still running the test extractions.
The XT926 just happened to be the only test phone that was charged at the time…I would anticipate this issue coming from devices, that in all likely hood, we would NOT have a physical dump due to device limitations. For our applicable cases we would NOT be able to manually root the device.

 
Posted : 09/10/2017 3:39 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Is the app still available in Google Play Store? Does the app withstand Google Play Protect?

 
Posted : 09/10/2017 4:23 pm
(@tackleberry)
Posts: 30
Eminent Member
Topic starter
 

yes in the store.
16k downloads

com.neurondigital.FakeTextMessage

 
Posted : 09/10/2017 4:32 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Ok, is there a possibility to put the app in a 'hidden apps folder'? Do you assume that the app was silently installed on a suspects device? What crime is potentially related too?

You should be able to find artifacts of multiple different user logins into Google Play Store.

 
Posted : 09/10/2017 5:09 pm
(@tackleberry)
Posts: 30
Eminent Member
Topic starter
 

Agreed Rolf.
I am looking into the db files to see if "sms service center" data is captured, showing it was real sent or received msg. but not all phones are going to capture that. And dependent on what sort of dump is available.

This is hypothetical at this point, but would apply to all sorts of criminal or civil cases.

 
Posted : 09/10/2017 5:45 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Good job! You may get in touch with the M(V)NO and submit a warrant to get the logs of the SMS Service Center equivalent to the CDR Call Data Record.

 
Posted : 09/10/2017 6:44 pm
(@tackleberry)
Posts: 30
Eminent Member
Topic starter
 

My hope is that some examiners have come across this data without accessing the carrier side of things. Any if anyone has captured smsc records on specific devices..

 
Posted : 09/10/2017 7:02 pm
Share: