Cybersecurity researchers shed light on a mobile forensic tool used by Chinese law enforcement, called Massistant, and collect information from seized mobile devices.
The hacking tool considered to be the successor to MFSocket is SDIC Intelligence Xiamen Information Co., Ltd, formerly known as Meiya Pico. It was developed by a Chinese company named. Specializes in the research, development and sales of electronic data forensics and network information security technology products.
According to a report published by Lookout, Massistant works in conjunction with corresponding desktop software, allowing you to access your device’s GPS location data, SMS messages, images, audio, contacts and phone services.
“Meiya Pico maintains partnerships with national and international law enforcement partners as a surveillance hardware and software provider and through our law enforcement training program,” said security researcher Kristina Balaam.
Massistant requires physical access to the device to install applications. This means that it can be used to collect data from devices confiscated from individuals when stopped at border checkpoints.
Lookout said that between mid-2019 and early 2023, they had taken a huge sample and signed an Android Signing Certificate referencing Meiya Pico.
Both obesity and its predecessor, MFSocket works in the same way in that it requires you to connect to a desktop computer running forensic software to extract data from the device. When launched on a phone, the tool will prompt the user to grant IT permissions to access sensitive data, and then no further interaction is required.
“When a user tries to quit an application, they receive a notification that the application is in ‘Get Data’ mode and when they exit, an error occurs,” explained Balaam. “This message is translated only into two languages: Chinese (simplified characters) and English: “We.” ”
The application is designed to be automatically uninstalled from the device when it is disconnected from USB. Massistant extends the capabilities of MFSocket by including the ability to connect to your phone using Android Debug Bridge (ADB) over Wi-Fi and download additional files to your device.
Another new feature built into large scale is to collect data from third-party messaging apps beyond Telegram to include Signal and Letstalk, a Taiwanese chat application with over 100,000 downloads on Android.
While Lookout’s analysis focuses primarily on the Android version of Massistant, images shared on the website suggest that there is an iOS equivalent to displaying an iPhone connected to a Forensic Hardware device and pulling data from an Apple device.
The fact that Meiya Pico may also be focused on iOS devices comes from various patents filed by companies related to collecting evidence from Android and iOS devices, including VoicePrint in Internet-related cases.
“The VoicePrint function is one of the important biological features of the human body, allowing you to independently determine your user identity,” according to one patent. “After the VoicePrint library is built, multiple police species can be directly provided, effectively improving the efficiency and ability to detect and resolve cases in related organizations.”
The involvement of digital forensic companies in the surveillance space is nothing new. In December 2017, the Wall Street Journal reported that the company had partnered with police officers from Yurmki, the capital of the New Jiang Uyghur Autonomous Region in northwestern China, to scan its smartphones by plugging in terrorist content into handald devices.
Four years later, the US Treasury Department’s Office of Foreign Assets Management (OFAC) approved Meija Pico to enable “biometric surveillance and tracking of Chinese ethnic and religious minorities, particularly the Muslim Uyghur minority in New Jiang.”
“Traveling to mainland China has the potential for tourists, business travelers and interested parties to obtain confidential mobile data as part of a legal interception initiative by the state police,” Lookout said.
This disclosure comes months after Lookout unearthed another spyware called Eaglemsgspy, which is suspected to be used as a legal intercept tool to gather a wide range of information from mobile devices.
Source link
