wordpress blog stats
Connect with us

Hi, what are you looking for?

Exclusive: Hyderabad Police wants to acquire Cellebrite UFED to break into smartphones, extract WhatsApp data

You’re reading it here first: The Hyderabad City Police wants to acquire several invasive phone and computer cracking tools for its Cyber Crime unit, including software such as Cellebrite’s UFED that can bypass, reveal or disable lock codes of several makes of smartphones including those running iOS. The department is also looking to buy software that can retrieve data from popular platforms such as WhatsApp to access contacts, chats and attachments. The state government has invited bids from solution providers who can supply these tools, install and maintain them, and even train police personnel in using them.

The tender, reviewed by MediaNama, is meant for the acquisition of cyber-forensic tools for the Hyderabad City Police’s SafeCity Project. The tender lists 23 equipment that the Hyderabad police is looking to acquire for its Cyber Crime Unit. The surveillance capabilities of police departments across India have always been shrouded in secrecy, with very little information in the public domain. If Hyderabad police goes through with the acquisitions mentioned in the tender, it will join the Delhi police, which has admitted to possessing such tools, including Cellebrite’s UFED.

As a whole, the requirements point to the direction the Telangana government wishes to go ahead with in terms of surveillance and individual privacy — the tender, among other things, talks about retrieving deleted emails, deploying ‘passwares’ and perpetrating brute force attacks to access smartphones.

Hyderabad police commissioner Anjani Kumar couldn’t be immediately reached for comment. We have reached out to WhatsApp for comment on the tender. We will update this post if we receive a response.

What the Hyderabad police wants

  1. Cellebrite’s UFED 4PC Ultimate with Cloud Analyzer (5 units): This Cellebrite software, per the tender’s requirements, can extract “all data (even if deleted) from the widest range of devices including legacy and feature phones, smart phones, portable GPS devices, tablets and phones manufactured with Chinese chipsets”. The UFED Device Adapter can bypass pattern lock/password/pin from Android devices including Samsung, Xiaomi, Motorola, HTC, Galaxy S and so on; from Blackberry devices and Apple devices running iOS3+.

    “It should support more than 31,110 device profiles and 10,800 different mobile application versions,” the tender document said. With this equipment, the Telangana government is looking to acquire data of apps such as Facebook, Twitter, WhatsApp, Google Duo, Dropbox, Coinbase and so on. The tender specifically talks about about bypassing WhatsApp’s security features to access its chat details.

    “WhatsApp data retrieval includes decryption of the database and recovery of contacts, chat, chat attachments and user account,” the tender document said. The Hyderabad City Police is also looking to bypass security measures such as two-factor authentication (2FA). “The software should allow use of cloud login keys from the mobile device and using cloud keys it should result in bypassing the security mechanism such as two factor authentications imposed by the cloud service provider that prevent access to the data,” the document read.

    Advertisement. Scroll to continue reading.
    • What is, and why, Cellebrite? The 21-year-old Israeli firm has attracted the attention of the Telangana government because of the wide range of services it provides, apart from the ones already mentioned. In 2016, the Israeli firm famously offered the USA’s Federal Bureau of Investigation (FBI) a way to hack into an iPhone belonging to a terrorist in San Bernadino, California. Reports also claim that Cellebrite employs specialists who earlier used to work with infamous NSO Group, whose software was used to perpetrate the Pegasus spyware attack on several worldwide personalities including academics and intellectuals from India.Commenting on the subject, Divij Joshi, an independent lawyer, researcher and tech policy fellow at Mozilla told MediaNama, “Cellebrite is one of the providers of exploit systems which reportedly allow such access, through a system called checkm8. This, however, requires possession of the hardware itself.”
  2. Oxygen Forensic Detective Software (5 units): Like Cellebrite’s OFED, Oxygen Forensic Detective Software is also data-extraction program “exclusive” for iPhones and cloud data analysis. This tool can extract data from Amazon Alexa and Google Home. “The data extracted from Amazon Alexa should include account and device details, contacts, messages, calendars, notifications, lists, activities and so on,” it read.

    Similar to OFED, the Telangana government demanded a “special WHATSAPP EXTRACTION METHOD [in upper case letters] which extracts data by scanning a QR code from a mobile app or using the WhatsApp token from PC (on WhatsApp desktop app or web browser) extracted using special in-built module,” it said. Through this tool, the Telangana government wants an in-built passware for finding encrypted device backups and images to unlock a smartphone. It can brute force and decrypt encrypted user partitions using exploit extracted out of LG devices in DFU mode, the document added.

  3. ADF Triage Software (3 units): This software can identify “criminal and terrorist activities” such as financial fraud, capture user web credentials from banks, websites, and capture files from anti forensic traces, bitcoin, cryptocurrency and so on.
  4. Compelson Mobiledit Forensic Solutions (2 units): Similar to Cellebrite’s OFED and Oxygen Forensic Detective Software, this software is meant for extracting data from all major smartphones. This software has a Photo Recogniser tool which uses artificial intelligence (AI) to analyse and organise photos to help investigators.
  5. Elcomsoft Mobile Forensic Bundle Software (2 units): Unlike other smartphone data extraction equipment which may require  hardware to be connected with the device, the police department is looking to acquire two units of this software as it can acquire backups of all Apple devices over-the-air. “The software should support different attack mechanisms such as brute force attack and rainbow table,” the document read.
  6. Passware decryptum (1 unit): Besides several hardware tools listed above that can be used to crack passwords, the Hyderabad City Police will also be acquiring separate password recovery equipment.
  7. BelkaSoft Bundle (1 unit): This toolkit will acquire, locate, extract and analyze digital evidence stored inside smartphones, but also computers compatible with multiple operating systems such as Windows, Mac OS, Unix, Linux and so on.

Apart from these major softwares, the Hyderabad City Police has listed their requirement for an audio authentication software, a system to recover data from damaged devices, an equipment to recover and analyse video from CCTV, smartphone, car black box and so on.

Hyderabad police not new to using hi-end tech

The Hyderabad City Police has often been under the scanner for its usage of “360 degree” databases and of technologies such as artificial intelligence, facial recognition, CCTV cameras in policing and surveillance. Since 2017, the department has been using the Integrate People Information Hub (IPIH) database, which the then-Commissioner and present state DGP M Mahender Reddy had said provides a 360 degree view of every citizen, starting with names, aliases, family details, Aadhar details and so on for use in investigations.

The state government has deeply invested in CCTV surveillance. In October 2020, the government announced its plans to double the number of cameras in the city from 5.8 lakh to 10 lakh. The city has, for this reason, gained the dubious distinction of being the city with the most number of cameras in India, according to report by Comparitech.

“There is a lot of money being poured into the procurement of sophisticated surveillance technologies across the country, particularly in large cities like Hyderabad, Delhi and Bombay. At the same time, the larger ecosystem of forensics examination and the level of understanding of these technologies within the criminal justice system is lacking, so its not clear how useful they may ultimately be,” opined Divij Joshi, a tech policy fellow at Mozilla.

Looming privacy concerns

With such invasive technology in the Hyderabad City Police’s armoury, the obvious question that arises is why, when and in what circumstances will these equipment being used. Speaking to MediaNama, Likith Goud, a cyber investigator with Telangana State Police told MediaNama: “Nowadays criminals are resorting to voice over internet protocol (VoIP)  calls. They buy fake numbers and just register on WhatsApp to do their thing. So there are two ways we go about an cyber investigation — ethical and unethical.”

By ethical, the investigator explained, it meant going through proper channels for obtaining information from the platform and unethical means using such hacking equipment. “If we approach a social media platform for information regarding any investigation, they never part away with data and only furnish IP address. We are forced to resort to use such equipment for retrieving chat details,” Goud added.

But, when are these tools used? “Cellebrite is a forensic tool. We use it on a device only after catching the suspect, interrogating him/her. For using this tool first we have to prove that using this particular device, the crime was perpetrated,” Goud said.

Despite these clarifications, concerns remain regarding the usage of such equipment, especially in light of the Pegasus attack on several Indian academics. Researchers are urging political and judicial intervention for bringing in reforms in regards to surveillance and usage of invasive technologies.

Advertisement. Scroll to continue reading.

“There is a severe need for surveillance reform in criminal procedure, evidence law and forensics in India — something particularly brought to light after the targeting of human rights defenders in the Pegasus case, and the more recent revelations around Bhima Koregaon. In other jurisdictions, rules and principles regarding police access to digital devices have been checked by political and judicial authorities. However, criminal procedure and practice in India has not seen similar reform. The implication is, of course, that there are few safeguards currently against very invasive surveillance of people by the police using digital surveillance technologies,” Joshi added.

Also read:

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ