Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that’s used by law enforcement authorities in China to gather information from seized mobile devices.
The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the research, development, and sale of electronic data forensics and network information security technology products.
According to a report published by Lookout, Massistant works in conjunction with a corresponding desktop software, allowing for access to the device’s GPS location data, SMS messages, images, audio, contacts, and phone services.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Meiya Pico maintains partnerships with domestic and international law enforcement partners, both as a surveillance hardware and software provider, as well as through training programs for law enforcement personnel,” security researcher Kristina Balaam said.
Massistant requires physical access to the device in order to install the application, meaning it can be used to collect data from confiscated devices from individuals when stopped at border checkpoints.
Lookout said it obtained Massistant samples between mid-2019 and early 2023 and that they were signed with an Android signing certificate referencing Meiya Pico.
Both Massistant and its predecessor, MFSocket, work similarly in that they need to be connected to a desktop computer running forensics software to extract the data from the device. Once launched on the phone, the tool prompts the users to grant it permissions to access sensitive data, after which no further interaction is required.
“If the user attempts to exit the application they receive a notice that the application is in ‘get data’ mode and exiting would result in some error,” Balaam explained. “This message is translated to only two languages: Chinese (Simplified characters) and ‘US’ English.”
The application is designed such that it’s automatically uninstalled from the device when it is disconnected from a USB. Massistant also expands on MFSocket’s features by including the ability to connect to a phone using the Android Debug Bridge (ADB) over Wi-Fi and to download additional files to the device.
Another new functionality incorporated into Massistant is to collect data from third-party messaging apps beyond Telegram to include Signal and Letstalk, a Taiwanese chat application with more than 100,000 downloads on Android.
While Lookout’s analysis focuses mainly on the Android version of Massistant, images shared on its website show iPhones connected to its forensic hardware device, suggesting that there is an iOS equivalent to pull data from Apple devices.
The fact that Meiya Pico may also be focused on iOS devices stems from the various patents filed by the company related to gathering evidence from Android and iOS devices, including voiceprints for internet-related cases.
“Voiceprint features are one of the important biological features of the human body, and can uniquely determine the identity of a user,” according to one patent. “After the voiceprint library is built, a plurality of police seeds can be directly served, and the efficiency and the capability of detecting and solving a case of a related organization can be effectively improved.”
The digital forensics firm’s involvement in the surveillance space is not new. In December 2017, The Wall Street Journal reported that the company worked with police officials in Ürümqi, the capital of Xinjiang Uyghur Autonomous Region in Northwestern China, to scan smartphones for terrorism-related content by plugging them into a handheld device.
Four years later, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Meiya Pico for enabling the “biometric surveillance and tracking of ethnic and religious minorities in China, particularly the predominantly Muslim Uyghur minority in Xinjiang.”
“Travel to and within mainland China carries with it the potential for tourists, business travelers, and persons of interest to have their confidential mobile data acquired as part of lawful intercept initiatives by state police,” Lookout said.
The disclosure comes a couple of months after Lookout unearthed another spyware called EagleMsgSpy that’s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns