Phones Backdoored By The FBI Are Being Sold To Unsuspecting People Just Wanting A Cheap Replacement Device
from the retooling-the-tools-of-the-trade dept
Now that it's been revealed the FBI -- along with an unnamed conspirator linked to encrypted phone development -- created a honeypot device to harvest communications between suspected criminals, the backdoored devices are making their debut in the (non-criminal) public domain.
Following the exposure of the FBI-created "Anom" chat service -- a backdoored service placed on secure phones supposedly only sold to members of large criminal organizations -- multiple law enforcement agencies announced the arrest of dozens of suspected criminals. The devices, however, are still out there. And they're showing up on classified ad sales sites and potentially suckering in people just looking for a cheap Android device.
Whatever the price is, you're getting screwed, as Joseph Cox reports for Motherboard.
Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn't do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device's settings.
Clicking the calculator doesn't open a calculator—it opens a login screen.
The devices have a sole purpose: to enable secure chats between owners of these devices. Their original usefulness was subverted by law enforcement agencies able to intercept the compromised communications. Now that they're ostensibly free of law enforcement meddling, they're equally useless. The only option is a chat app known to be a honeypot for law enforcement investigators. Whether or not they're still being monitored no longer matters. That the service itself is compromised makes it an untenable option.
If you want a phone that doesn't do phone stuff, these pre-compromised devices are an option, I guess.
"I bought this phone online, for ridiculously low price, now I understand why," that second person said. That person also provided Motherboard with photos and a video of their device. In that case, the Anom login screen appeared inaccessible, but other settings such as the decoy PIN code remained. "Probably this phone was used by some drug dealer :D," they said.
Hobbyists and other developers are trying to help people who've purchased phones that do nothing more than offer them the opportunity to share their communications with law enforcement agencies around the world. If they can get them to work like other Android devices, purchasers may find themselves with potentially more secure devices once they abandon the Anom app crafted by FBI agents.
There appears to be no way to activate location tracking (or turn it off, for that matter), suggesting these phones do not harvest this data. A built-in option allows for PIN scrambling that randomly rearranges digits to defeat shoulder surfing when detained perps input their passcodes. Users can also set up a wipe code that will wipe the device from the lockscreen or perform this task automatically if the phone is not logged into after a certain amount of time. This feature can be accessed from the status bar, making it ideal for quick deletion of incriminating content.
But those features can only be trusted if one assumes the limited OS is not also compromised. Given what we know about the built-in chat service, only the ignorant would assume any of these features would actually prevent investigators from recovering data.
So, if you're in the market for a pre-compromised phone, there are options out there. But most people looking for a cheap phone aren't going to be happy with the limitations of this device and even less so when they discover these are little more than an investigational tool for law enforcement agencies around the world.
Filed Under: anom, backdoors, doj, fbi, honeypots, resale market, used phones
