±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35965
New Yesterday: 0 Visitors: 147

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Huawei Spying

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4, 5  Next 
  

TinyBrain
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 09, 19 06:52

Lex, Larry good points and worth considering aspects.

You may see my initial post and think a long time about it. For some reasons I cannot reveal more details about the engineer and instituion she works for. As its an ongoing investigation it came out, that at the hot-device-night a large data amount - consisting of research enrichted science was downloaded from the home datacenter to the Huawei mobile.

The engineer did not initiate this large data download over roaming. But she was definitively out of her team the most legitmate looking person to request the data. For me it looks like this was professional spying in the shadow of a person, no one would detect it as espionage. It hat to look that she needed that data for the conference - but was not the case.

The mobile was just the bridge, it was not about data ON the mobile.  
 
  

trewmte
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 09, 19 11:12

- TinyBrain
And there we got involved. Employess are free by BYOD and running OWA for UCC. The device in question was a Huawei P20 Pro.



TinyBrain some observations, but not criticism. If you use acronyms best you state what you say the acronym means.


- TinyBrain
And there we got involved. Employess are free by BYOD and running OWA for UCC. The device in question was a Huawei P20 Pro.


OK, leaving aside the keys with the IT guys. Do you have this phone and/or what examination and analysis has been undertaken? Has the examiner applied any of the suggestion raised by UnallocatedClusters?



- TinyBrain
Mysteriously as she was in P.R.C. during night times her device did not charge properly. So long so good she thought about a broken charger, but was not broken.


How did she know it was broken? Did she buy a new charger? Test the charger on another identical Huawei P20 Pro? Why did this woman not buy a new battery and swap out with the one over-heating?

- TinyBrain
This woman is blessed by sleeping well but the third night she woke unexpected at 02:00h local time and recognised that her device was very hot.


This sounds like those that fed this part of the story to you TinyBrain have used artistic licence. They may as well have started the story with "It was a dark night. An owl's hoot was heard coming from the direction of the cops. ...."

What is the significance of the time this woman awoke?

What woke her up - Burning smell, crackling noise coming from phone, what???


- TinyBrain
and recognised that her device was very hot. She had a T-Mobile SIM card in roaming state with unlimited data plan. In P.R.C she was connected to China Mobile in roaming state. An this SIM is in our lab.


Again, the battery? the charger?

Did anyone test for spyware app (put there by IT guys) on the BYOD device? Spyware is known to cause battery temperature to rise.

Where is the evidence of the T-Mobile data plan traffic usage?

What did the phone's internal data usage reveal?

Still don't see the need for Huawei if, and only if, they were spying to reveal their hand with such a stupid approach. After all TinyBrain you did mention in your earlier post:

- TinyBrain
As in the past chip-based backdoors were on vogue but no more. The new kid in town's name is Software-Definded Networking e.g. SD-WAN and NFV.


So why would the battery or the charger circuitry be overheating when 'comms' can be (hidden) monitored in the network away from exposure?

TinyBrain, good buddy, sorry if I have got this wrong and I understand this is not your fault for the story you have been fed but can we have the forensic aspects of this case and not the speculation. You have identified NO evidence that Huawei has done anything in spying terms other than their make/model of phone 'might' have had a dodgy battery.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

jaclaz
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 09, 19 13:46

- trewmte
They may as well have started the story with "It was a dark night. An owl's hoot was heard coming from the direction of the cops. ...."

Damn.
I was thinking more like "Suddenly she woke up. Clad in her flimsy nightgown, her tall slender figure silhouetted against the moonlight entering from the curtainless window, she felt a cold shiver running down her spine. Something was not right, she felt observed, ... " Wink

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

passcodeunlock
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 09, 19 14:05

If done well, "calling home" should be done at hardware level, without any trails or logs. If you ask me, I would build this as part of the CPU or the chipset - or both Smile

Did anybody dissect any Kirin CPU or Hisilicon chip and check if there isn't any built-in backdoor shipped with them ?!

I'd start looking for any kind of Reserved ranges of the Hisilicon chip.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

trewmte
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 09, 19 23:12

- jaclaz
- trewmte
They may as well have started the story with "It was a dark night. An owl's hoot was heard coming from the direction of the cops. ...."

Damn.
I was thinking more like "Suddenly she woke up. Clad in her flimsy nightgown, her tall slender figure silhouetted against the moonlight entering from the curtainless window, she felt a cold shiver running down her spine. Something was not right, she felt observed, ... " Wink

jaclaz


Laughing
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

xandstorm
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 10, 19 02:44

- UnallocatedClusters

To assume your client was singled out by the PRC, without any supporting evidence, is a bit weak, in my opinion.


That, I think is Tinybain's challenge and why he is posting here.

Rg,
Lex  
 
  

UnallocatedClusters
Senior Member
 

Re: Huawei Spying

Post Posted: Feb 10, 19 03:19

TinyBrain - please explain the importance of "roaming state IR.21 highest possible bandwith" and cryptography and data potentially originating from and arriving to a smartphone?

I could not Google IR.21 and find a relevant hit.

It sounds like the executive who went to the PRC is trying to deflect blame for actions she took herself.

There are logically only three possibilities:

1. She lied

2. She is the victim of an automated exfiltration

3. She is the victim of an active adversary action

Number two seems likely and I believe the NSA does as well in US domestic market.

I theorize that PRC's version of the US's NSA ingests and runs key word and analytic filters in a tool like Nuix. I would guess that world VIPs' names are on the key word list.

I am very interested to know what different or overlapping artifacts are left on a phone in above situation 2 or 3.  
 

Page 3 of 5
Page Previous  1, 2, 3, 4, 5  Next