Jun 20 , 2020
Cellebrite, Cyber Kiosks & Grey Key are tools which put the fear of god into some whilst being touted as the future of law enforcement by others. At Omerta we see these devices as a benefit to the victims of crime & overall as a positive step for privacy (which will surprise some).
These devices enable specially trained police officers to quickly scan through a mobile device and identify useful data to their enquiries. The benefit of this cannot be understated - a persons mobile phone can have thousands of files and having an officer visually review each file is far more intrusive than using a computer to intelligently highlight files which could be of interest.
Whilst we support the use of these devices, we also appreciate that they can be used to unlock peoples phones without consent. Effectively these are hacking devices, dressed up as professional, legal tools.
Companies like Cellebrite, who make data extractors, essentially are hackers who continually are seeking exploits for phones & then adding these exploits to their devices so they have a repertoire of unlocking techniques to test on any device connected.
Devices at risk from such machines are Android handsets running old versions of the OS – a statistic to shock is almost 90% of Android handsets are running Andriod 9 or less meaning they are at risk from a Grey Kiosk.
Data Extraction firms have a huge financial incentive to find vulnerabilities on phones. iPhones are particularly vulnerable as manufacturers have a financial incentive to hack these devices due to Apples significant market share & Law Enforcement Agencies finding a significantly higher proportion of iPhones in crime.
So how does Omerta fair? Extremely well – Our handsets tick all the right boxes from a security perspective, the hardware is designed and manufacturer by Google to the highest of standards. The Titan M chipset is based on their Titan chip used to defend their global data centres & it is designed to deter state players; not bedroom coders. The degree of protection this provides cannot be understated & rest assured, Google is not going to build a back door into their premium technology and ruin their reputation so a British Bobby can review the contents of a teenage pot smokers phone. We then look at the anti-tamper chip; again another Google-designed chip designed to protect the phone from USB attack. Finally, tying it together is the security-hardened OS. Its memory management and sandboxing of apps means exploitation & vulnerabilities are of very limited value since any exploit is isolated from the rest of the phone. But do remember - these defences only work if you have adequately protected your PIN; studies have shown 26.5% of PIN codes can be guessed by testing the top 20 PIN code choices!
So the long story is, a cyber kiosk will get nothing from a locked Titan phone. You might see examples of a device getting all manners of data gleaned from them (certainly Cellebrite claim their technology is compatible with the Pixel 3) however, and this is a key point, their baseline is an unlocked phone! Of course data can be extracted when the phone is unlocked – when we unlock a phone it is because we want access!
Finally, economics play a part in security. The Pixel 3 has a tiny market share. Omerta has an even smaller footprint. This means there is no financial benefit for ethical hacking firms to commit resource to actually breaking these phones in the first place.
So how does Omerta stack up? From an IT security perspective, it stands up to the test. The hardware is modern, with an operating system that benefits from regular security updates, a professional release schedule with beta testing and quality control. Users have access to a plethora of guidance on how to best use their phone & strong emphasis is placed on keeping a good PIN. Its actually really boring - but boring keeps the lights on in IT security!
Ultimately, Omerta is the benefactor of my experience working as an IT Manager at the University of Leeds, managing over 24,000 end-users with an estate comprising of over 2500 computers, servers & mobile devices whilst also providing Research Data Management & Security for high-value commercial research projects. Omerta is a platform for me to provide you with the same high quality service.