The FBI’s honeypot Pixel 4a gets detailed in new report:
Last month, authorities disclosed that the FBI and Australian Federal Police secretly operated an "encrypted device company" called "Anom."[*] The company sold 12,000 smartphones to criminal syndicates around the world. These were pitched as secure devices but were actually honeypot devices that routed all messages to an FBI-owned server. The disclosure was light on details, but now that it's public, Anom phones are being unloaded on the secondary market. That means us normal people are finally getting a look at them, starting with this Vice article detailing one of the devices.
The FBI has basically weaponized what the Android modding community has been doing for years. Some Android phones have unlockable bootloaders, which let you wipe out the original operating system and replace it with your own build of an OS, called a custom ROM. The Anom device Vice got was a Google Pixel 4a, one of the most developer-friendly devices out there. The FBI's custom ROM shows an "ArcaneOS" boot screen, and it replaced the normal Google Android distribution with the FBI's skin of Android 10.
The FBI's sales pitch to alleged criminals was that these were security-focused devices (so please use them to document your illegal activities!), and that involved a lot of fun security theater. A "pin scrambling" feature would swap around the order of the lock screen numbers so that no one could guess your code from screen smudges.
Two different interfaces would launch depending on what PIN you typed in on the lock screen. PIN one would show a bunch of popular but non-functional apps, like Tinder, Instagram, Facebook, Netflix, and Candy Crush. Presumably, this was meant to fool any third parties checking out your phone.
A second PIN would enter what was supposed to be the secure section of the phone, showing three apps: a clock, calculator, and the settings. From here, the "calculator" app actually opened a login screen to Anom, which targets were told was a secure, encrypted way to chat. This was basically the smartphone equivalent of a fake book triggering a bookshelf to slide over, revealing a secret passage. It's so secret, it has to be secure!
[*] It's actually "AN0M"; that is: "Ay-Enn-Zero-Emm
(Score: 0, Offtopic) by fustakrakich on Tuesday July 13 2021, @12:25AM (1 child)
Heh, cool [fbi.gov]
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @12:32AM
Hmm...
Glad my browser's "prefetch" settings are all off.
(Score: 0, Informative) by Anonymous Coward on Tuesday July 13 2021, @12:27AM
https://www.schneier.com/blog/archives/2021/06/fbi-afp-run-encrypted-phone.html [schneier.com]
https://www.nytimes.com/2021/06/08/world/australia/operation-trojan-horse-anom.html [nytimes.com]
https://www.abc.net.au/news/2021-06-08/fbi-afp-underworld-crime-bust-an0m-cash-drugs-murder/100197246 [abc.net.au]
https://www.theguardian.com/australia-news/2021/jun/08/anom-encrypted-app-fbi-afp-australia-federal-police-sting-operation-ironside-an0m [theguardian.com]
https://www.smh.com.au/national/mass-raids-arrests-across-australia-after-police-sting-dismantles-encrypted-app-used-by-criminals-20210607-p57yya.html [smh.com.au]
https://www.washingtonpost.com/world/2021/06/08/fbi-app-arrests-australia-crime/ [washingtonpost.com]
https://www.reuters.com/world/asia-pacific/australian-police-arrest-over-200-after-cracking-underworld-messaging-app-2021-06-08/ [reuters.com]
(Score: -1, Troll) by Anonymous Coward on Tuesday July 13 2021, @12:36AM (2 children)
This point is moot when Jewgle and Crapple are both acting as third-party intelligence collectors for the intelligence agencies, and there's nothing you can do about it except set up a script to repeatedly "watch" the nastiest porn legal to watch in your jurisdiction, such as shit-eating or asshole stuffing. But first, you have to get their attention. Browsing Breitbart or posting vaccine skepticism on Facebook should be sufficient, especially if you use a proxy to appear to be from a country America hates.
But that wouldn't work because the intelligence services are full of Jews, and Jews are well-known for their love of shit-eating and general sadomasochistic tastes in porn. Sex-workers in New York City know better than everybody. If you don't believe me about intelligence being full of shit-eating Jews, take a look at this "guy" [ibb.co] -- Yes, it's true, this snooty-looking little Nancy not only works for the NSA, but was in one of their adverts letting all the Jewish weirdos out there know that the NSA is for them. People like him are trusted with the nation's deepest secrets and keeping their population safe, all while respecting constitutional rights. Then look at the CIA recruitment ads. The FBI are pretty much all crooked Jews handling Antifa and BLM at this point and even their democrat supporters know that, so that item goes without saying.
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @01:40AM
Piss off eh? No one wants you around.
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @02:40AM
No, more likely that would be the Dutch. Europe is a kinky place
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @02:30AM
How about an article on the FBI's honeytraps. They're everywhere I happen to find myself. In the real world, FBI stands for Female Bureau of Instigation.
(Score: -1, Redundant) by Anonymous Coward on Tuesday July 13 2021, @04:10AM
https://www.schneier.com/blog/archives/2021/06/fbi-afp-run-encrypted-phone.html [schneier.com] [schneier.com]
https://www.nytimes.com/2021/06/08/world/australia/operation-trojan-horse-anom.html [nytimes.com] [nytimes.com]
https://www.abc.net.au/news/2021-06-08/fbi-afp-underworld-crime-bust-an0m-cash-drugs-murder/100197246 [abc.net.au] [abc.net.au]
https://www.theguardian.com/australia-news/2021/jun/08/anom-encrypted-app-fbi-afp-australia-federal-police-sting-operation-ironside-an0m [theguardian.com] [theguardian.com]
https://www.smh.com.au/national/mass-raids-arrests-across-australia-after-police-sting-dismantles-encrypted-app-used-by-criminals-20210607-p57yya.html [smh.com.au] [smh.com.au]
https://www.washingtonpost.com/world/2021/06/08/fbi-app-arrests-australia-crime/ [washingtonpost.com] [washingtonpost.com]
https://www.reuters.com/world/asia-pacific/australian-police-arrest-over-200-after-cracking-underworld-messaging-app-2021-06-08/ [reuters.com] [reuters.com]
IT'S NOT FUCKING REDUNDANT YOU PIECE OF SHIT ==== YOU'RE JUST JEALOUS YOU HAD NOTHING TO CONTRIBUTE.
(Score: 2) by PiMuNu on Tuesday July 13 2021, @09:06AM (2 children)
This breaches GDPR? I can't remember what provision there is for data collection by law enforcement (and whether this sort of thing is covered). Civil contractors may be vulnerable.
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @09:57AM
As neither AU or US are members of the EU, GDPR does not apply.
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @11:26AM
Release the source code, FIB!
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @02:25PM (1 child)
What? How is this "security theater?" In my opinion, this obviously increases security, making it so a 4-digit pin still requires the entire number space of 10000 numbers, rather than the 256 (4^4) that the smudges on the screen would reveal. (My old phone had this feature, and I was disappointed that stock Android doesn't have it.)
Can somebody explain why this is security "theater?"
(Score: 4, Insightful) by ze on Tuesday July 13 2021, @04:50PM
I think it's security theater in the case where it's there to make you feel reassured on a device that was compromised from the start.
(Score: 0) by Anonymous Coward on Tuesday July 13 2021, @05:59PM
"The company sold 12,000 smartphones to criminal syndicates around the world".
heh? that's funny. they knew ahead of time.
i suppose it would be much easier to declare with a pen stroke that everybody and everything is a criminal syndicate and just backdoor the crap out of everything... oh wait.