Anti-forensic mobile OS gets your phone to lie for you

In Android Anti-forensics: Modifying CyanogenMod Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement. The idea is to create a mobile phone that "lies" for you so that adversaries who coerce you into letting them take a copy of its data can't find out where you've been, who you've been talking to, or what you've been talking about.

I'm interested in this project but wonder about how to make it practical for daily use. Presently, it maintains a hidden set of true data, and a trick set of false data intended to be fetched by forensic tools. Presumably, this only works until the forensic tools are modified to spot the real data. But you can conceptually imagine a phone that maintains a normal address book and SMS history, etc — all the things that are useful to have in daily use — but that, on a certain signal (say, when an alternate unlock code is entered, or after a certain number of failed unlock attempts) scrubs all that and replaces it with plausible deniability data.

Obviously, this kind of thing doesn't work against state-level actors who can subpoena (or coerce) your location data and call history from your carrier, but those people don't need to seize your phone in the first place.

Karlsson tested his hack on two forensics tools commonly used by police departments. Both can retrieve call logs, location data and even passwords. When he ran his modified system, the tools picked up the false information that he programmed into the phone and missed the real contents.

Even though his hack was successful, Karlsson says it is not going to stop a sophisticated analysis by the FBI or the NSA. Such a hack, however, could make it difficult to try some criminal cases. A phone that tells two stories complicates things.

Mikko Hypponen, a prominent computer-security expert, says Karlsson's modification is another stage in the arms race among spies, law enforcement and users. It also highlights the effort to find ways to protect legitimate needs for privacy. "This kind of tool," he says, "can be used for good or bad."

A Phone That Lies for You [Jesse Emspak/Scientific American]


(via Schneier)

(Image: Phone Struck by Lightning, David Blaikie, CC-BY)