Fake text messages ...
 
Notifications
Clear all

Fake text messages app

19 Posts
4 Users
0 Likes
4,782 Views
 CCSO
(@ccso)
Posts: 23
Eminent Member
Topic starter
 

I am working a case and using Cellebrite to download an Iphone. I am trying to show the text messages generated by a fake text app commonly available is fake. So far I can find the message in Hex view indicating it could be a real text. Would subscriber toll records show the text did not come from the phone number listed on the text? Has anyone investigated a fake text service from "spoof text" online service. Researching this service, they claim you can "pay" them to send a fake text in any number you provide to them as the sender. I wonder if that number you provide them shows on the subscriber toll records.
Thanks in advance

 
Posted : 27/10/2017 12:55 pm
(@mobileforensicswales)
Posts: 274
Reputable Member
 

You'd have to go down the billing route and see if the other phone ever did send it.

I think that is the only way, these apps are designed to insert messages in the same way any other would.

Take a look at the service centre number for each incoming messages. You may find all the fake ones are from a different service centre than the legit ones.

Download the app, try it on your own test device to prove any theories

 
Posted : 30/10/2017 11:21 am
 CCSO
(@ccso)
Posts: 23
Eminent Member
Topic starter
 

I can't find anything explaining how the app sends the "fake" text. I need to explain this in simple terms. Can you explain, or would you be able to point me in a direction to learn?

 
Posted : 30/10/2017 12:48 pm
(@mobileforensicswales)
Posts: 274
Reputable Member
 

Well very simply, the number it was 'from' is delivered to you by the service centre.

If Alice (A rouge service centre run by the fake SMS service) hands you a note saying its from Bob (The sender) saying he wants to kill you, the message is only as reliable as Alice.

When Charlie (A trusted service centre) gives you the same note it would be far more reliable and to prove it they will have logs i.e. bobs billing records.

Other fake SMS apps write or edit messages straight into the MMSSMS.db, I'd need more info really. So I could be alice wanting to say bob is trying to kill me and I could just run an app that injects said message into my DB for when you download my phone. This will neither be in bobs billing or more importantly my cell data records as an incoming message

 
Posted : 30/10/2017 1:04 pm
 CCSO
(@ccso)
Posts: 23
Eminent Member
Topic starter
 

I have run a test on a controlled phone with a app "fake text message". The message shows up in the cellebrite physical extraction as a SMS and in Hex view. Since this Fake SMS never went to the network, I'm certain it won't be on the toll records. I was hoping to be able to explain how this "fake" SMS is showing up in the extraction.

 
Posted : 30/10/2017 1:13 pm
(@mobileforensicswales)
Posts: 274
Reputable Member
 

If you tell me the specific app, I could put it on my R&D list. There may truly be no way of telling without telecoms data if it's been written well enough.

Even worse if it edits existing texts without a modified marker, all texts on that device without a second device to verify them could be unacceptable as evidence if it can slip stream new ones in.

In cases like this I've had in the past where the app makes fake screenshots or something there is always a giveaway of sorts. Perhaps the messages all arrive or get sent bang on the one minute marker e.g. 173500 192300 where it doesn't have the functionality to make any other less rounded time stamp.

Perhaps a better way to look at this would be the fake text app itself, does it hold logs, are the messages held in a history? Is there renmant evidence in a write ahead log or similar?

 
Posted : 30/10/2017 1:19 pm
(@mobileforensicswales)
Posts: 274
Reputable Member
 

I am working a case and using Cellebrite to download an Iphone. I am trying to show the text messages generated by a fake text app commonly available is fake.

I missed this was an iPhone skimming it, is it jailbroken? If not then I don't think anything but the SMS application can write to the DB and messages will be coming over the air. Service centre from billing or the database file is your best bet as I explained before

 
Posted : 30/10/2017 1:21 pm
 CCSO
(@ccso)
Posts: 23
Eminent Member
Topic starter
 

The app in play store is Fake Test Message from Norton digital.
I'm a 25 year retired police officer and a mobile forensic analysis and have been certified thru cellebrite training. Have 7 year experience all with a police department in Maryland.

 
Posted : 30/10/2017 2:24 pm
(@badgerau)
Posts: 96
Trusted Member
 

"Play Store" and iPhone don't mix very well.

Can you confirm that you are dealing with an Apple iPhone and if this phone is jailbroken?

 
Posted : 30/10/2017 6:45 pm
 CCSO
(@ccso)
Posts: 23
Eminent Member
Topic starter
 

I used a android for the control download.

 
Posted : 30/10/2017 8:41 pm
Page 1 / 2
Share: