±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 2 Overall: 36764
New Yesterday: 9 Visitors: 126

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Huawei Spying

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4, 5  Next 

Senior Member

Re: Huawei Spying

Post Posted: Feb 10, 19 03:35

This is what is hurting my tiny brain:

Can a system on a chip embedded in a smartphone strictly siphon or redirect data passing through it like DNS hijacking or does there have to, defacto, be interaction with Android OS or iOs in order for data exfiltration to occur from a smartphone? Forensic analysis will work on the latter.  

Senior Member

Re: Huawei Spying

Post Posted: Feb 11, 19 01:34

If smartphone makers could embed a system on a chip. (“SOC”) on a given smartphone’s motherboard, and the SOC could if “triggered to, would run the equivalent of command line FTK Imager to generate a physical forensic image of a smartphone’s data and then upload the physical image to a predetermined IP address, then forensic analysis of a Cellebrite extraction would not detect such SOC physical imaging activities.  

Senior Member

Re: Huawei Spying

Post Posted: Feb 11, 19 03:26

The clear forensic case is the mobile, the UICC (unfortunately I got pushed into this tech domain by the Iranian case) and the datacenter of this R&D institute. Another team is looking deep into the mobile and all aspects of infection, rooting and SoC spying. No information received about hardware espionage in the mobile. The datacenter as evidence domain is the R&D's own responsability.

The UICC and the framework of roaming. Its a T-Mobile UICC all flat. Normally the scientist works in Swiss and is roaming over Swisscom. At home in Germany T-Mobile and in P.R.C. in roaming by China Mobile. My initial question about what bandwidth is possible over IR.21 (International Roaming 21 GSMA standard) focussed on how fast is it possible to transit data from home over roaming. OWA Outlook Web Access and UCC Unified Communication and Collaboration by BYOD Bring Your Own Device was in use to access data from the datacenter. IAM Identity and Access Mgmt.

I have to cryptographically investigate these questions.

#1 - How could China Mobile hack into the T-Mobile UICC?
#1a - Were they able to hack the SE Secure Element in the UICC (Mobile ID tokens inside for IAM, OWA and UCC)
#2 - What legitimate data can a roaming partner write on a foreign UICC?
#3 - SoC TrustZone to UICC secure communication, what logs Android 9.0 (Pie) out?

The R&D institute has no badges. They have strictly! biometric mobiles and an R&D app for access to all physical and digital domains with the Mobile ID tokens (hard and soft).

If the SE got hacked it was possible to get legitimate access to the datacenter.

In the eyes of the R&S institute it looked like: Our employee needs access to data from outside, all credentials fine.
In reality: Unknown - nightly remote data request and retransmission to unknown destination.  

Senior Member

Re: Huawei Spying

Post Posted: Feb 11, 19 10:43

@UnallocatedClusters, did not forget you. Your aspects are here work-in-progress. Thank you! The scientist is clean in every aspect and all sources say she has nothing to hide. Full trust of the R&D institute towards this person. They say she is a jewl in her scientific domain.

Please all consider this. I depend on what given information is forwarded to me. The nightly details I only mentioned for better understanding of the case. All information on this planet can be wrong, misunderstood and on purpose falsified. I am just human.

The case is complex and 4 teams involved. My crypto team looks into the layer of identification and authorization of data flows. The piece I still dont really deeply understand and feel home is the UICC. Thanks to trewmte I learned a lot out of the Iranian case. But I miss a reliable overview or database of UICCs of the world, their security and crypto parameters.

Questions like 'What data integrity encryption runs China Mobile on their LTE network' I dont know how to find out.  

Senior Member

Re: Huawei Spying

Post Posted: Feb 11, 19 11:37

Only a trial, see on this link my state of thinking. You can refer to the numbered entities or AVxs.

Order from top for secreasons link removed  

Last edited by TinyBrain on Feb 18, 19 14:14; edited 1 time in total

Senior Member

Re: Huawei Spying

Post Posted: Feb 15, 19 05:00

See upd board, what do you think? Do we miss something?  

Senior Member

Re: Huawei Spying

Post Posted: Feb 15, 19 16:01

- TinyBrain
See upd board, what do you think? Do we miss something?

Gents, with all respect, but I think that in order to answer at least some of the questions at hand, one would need to recrute an informant within the "hostile" telco or as a second best option, a telco operating within the partner network of the telco in question.

There are too many varaibles to be able to answer any of the primary information requirements of TinyBrain. At this point in time there are too much assumptions to ever being able to craft a forensically sound answer.

A personal favorite is to "just ask" the telco in question.
You might be surprised what you get when you ask nicely.

In short, the only viable option I currently see is HUMINT.


Page 4 of 5
Page Previous  1, 2, 3, 4, 5  Next