In many modern criminal cases, the defendant’s phone is often the first thing that the police will turn to in order to find evidence to corroborate their case. This has sparked major controversies in recent years, perhaps most notably when Apple refused to unlock the phone of the San Bernardino shooter, but as Apple noted at the time, creating a backdoor into iOS would put every user at risk. It’s a complex issue without any simple solutions.
Matt Bergin, a senior researcher at security firm KoreLogic, decided that the best way to shed light on the issues that arise when cops start snooping through our phones was to make an app that is capable of countering digital forensics software like Cellebrite by factory resetting a phone as soon as the software is detected.
The app is called LockUp, and as Bergin explains, the point of the app is not to give criminals a Get Out of Jail Free card, but rather to show the ways in which the software law enforcement uses to support their cases is flawed.
He explained to Gizmodo in a phone call why he built the app and brought it to Black Hat Asia 2021: “Really, I wrote LockUp to support the research that I was doing and to prove a point that forensic software isn’t immune to issues,” said Bergin. “I wanted to demonstrate that not only can the Cellebrite software itself have issues, but there are ways to trick forensic software to do something that you might not expect it to be able to do.”
As Bergin explains, LockUp starts working as soon as a new app is downloaded on to a phone:
That’s when the interrogation of the application begins. We look at things like the hashes, the files themselves, the certificate metadata associated with the application. And if LockUp finds anything that it knows, it will programmatically factory reset the target device.
Bergin doesn’t think that Cellebrite should be wiped off the face of the Earth, but his research and the subsequent app he wrote help to show just how imperfect these tools can be. If courts are going to use data extracted from a phone to prosecute someone, they need to know definitively that the data hasn’t been tampered with.
You can’t download LockUp from any official app stores, so don’t go searching for it, but Bergin did dump a bunch of the code on Github. If someone really wanted to, they could turn that into a working app, but as Bergin says, “making this application so accessible that it may be easily used to avoid criminal prosecution was not my goal.”
If you want to read more about Bergin’s ongoing research, be sure to check out this lengthy blog post.
