Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

The FBI’s Honeypot Pixel 4a Gets Detailed in New Report

posted by martyb on Tuesday July 13 2021, @12:04AM   Printer-friendly
from the sooper-seecret dept.

upstart writes:

The FBI’s honeypot Pixel 4a gets detailed in new report:

Last month, authorities disclosed that the FBI and Australian Federal Police secretly operated an "encrypted device company" called "Anom."[*] The company sold 12,000 smartphones to criminal syndicates around the world. These were pitched as secure devices but were actually honeypot devices that routed all messages to an FBI-owned server. The disclosure was light on details, but now that it's public, Anom phones are being unloaded on the secondary market. That means us normal people are finally getting a look at them, starting with this Vice article detailing one of the devices.

The FBI has basically weaponized what the Android modding community has been doing for years. Some Android phones have unlockable bootloaders, which let you wipe out the original operating system and replace it with your own build of an OS, called a custom ROM. The Anom device Vice got was a Google Pixel 4a, one of the most developer-friendly devices out there. The FBI's custom ROM shows an "ArcaneOS" boot screen, and it replaced the normal Google Android distribution with the FBI's skin of Android 10.

The FBI's sales pitch to alleged criminals was that these were security-focused devices (so please use them to document your illegal activities!), and that involved a lot of fun security theater. A "pin scrambling" feature would swap around the order of the lock screen numbers so that no one could guess your code from screen smudges.

Two different interfaces would launch depending on what PIN you typed in on the lock screen. PIN one would show a bunch of popular but non-functional apps, like Tinder, Instagram, Facebook, Netflix, and Candy Crush. Presumably, this was meant to fool any third parties checking out your phone.

A second PIN would enter what was supposed to be the secure section of the phone, showing three apps: a clock, calculator, and the settings. From here, the "calculator" app actually opened a login screen to Anom, which targets were told was a secure, encrypted way to chat. This was basically the smartphone equivalent of a fake book triggering a bookshelf to slide over, revealing a secret passage. It's so secret, it has to be secure!

[*] It's actually "AN0M"; that is: "Ay-Enn-Zero-Emm

Original Submission

 
This discussion has been archived. No new comments can be posted.
The FBI’s Honeypot Pixel 4a Gets Detailed in New Report | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by PiMuNu on Tuesday July 13 2021, @09:06AM (2 children)

    by PiMuNu (3823) on Tuesday July 13 2021, @09:06AM (#1155721)

    This breaches GDPR? I can't remember what provision there is for data collection by law enforcement (and whether this sort of thing is covered). Civil contractors may be vulnerable.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Tuesday July 13 2021, @09:57AM

    by Anonymous Coward on Tuesday July 13 2021, @09:57AM (#1155730)

    As neither AU or US are members of the EU, GDPR does not apply.

  • (Score: 0) by Anonymous Coward on Tuesday July 13 2021, @11:26AM

    by Anonymous Coward on Tuesday July 13 2021, @11:26AM (#1155741)

    Release the source code, FIB!