Facebook Personal M...
 
Notifications
Clear all

Facebook Personal Messages sent Twice?

7 Posts
3 Users
0 Reactions
948 Views
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
Topic starter  

We are acquiring an iPhone 4S via Lantern by Katana 3.1. Client suspects that Cell Phone Spyware had been installed on her phone.

Lantern results display approximately 30 Facebook Personal Messages that seem to be exact duplicates. As if two copies of each FB PM were transmitted at the same time. When inspected with the Lantern software they report identical

transmission dates and times

wording

message IDs

latitude

longitude

user ids

domains

Paths

IMEI numbers

and many more attributes are exactly the same between the two messages…

What is NOT the same between the two messages are the MD5 and SHA1 content hashes, the message size, and the source hashes.

Also, while one message indicates an original creation and modification date of 7-12-13 its duplicate indicates the acquisition date (8-27-13) as the creation and modification dates.

This leads me to believe that Lantern is somehow showing the duplicate message and in reality only one PM was transmitted. However, during my initial client interview, she reported that her estranged spouse was immediately reacting to FB PMs that she had sent to others but not to her estranged spouse. So, maybe there really was two messages sent when she only sent one?

IOWs she believes her estranged spouse was receiving her FB PMs at the same time she was sending them to someone else.

If cell phone spyware is not responsible for this could the spouse have been using another method to intercept those PMs?

We are of course examining the phone for spyware but we want to look at other infection vectors as well.

Thank you,

Mike


   
Quote
harryparsonage
(@harryparsonage)
Estimable Member
Joined: 20 years ago
Posts: 184
 

The most likely way that an ex partner discovers details of the other's messages is by logging into the others account.


   
ReplyQuote
Adam10541
(@adam10541)
Honorable Member
Joined: 13 years ago
Posts: 550
 

Logging in to the account from a different device wouldn't cause duplicate messages to appear on the phone itself, however it would explain your client's husband's immediate reaction to facebook posts.

The date/time issue you raise does sound like Lantern is reporting the message twice given the current date stamps. Have you contacted Lantern to see if this is perhaps a known glitch/issue with that version of iOS?

Do you have other tools to confirm findings (UFED, XRY)

As far as I'm aware for the spy tools to be installed on iPhones they need to be jailbroken and physical access to the phone is required to install the phone. If both these aren't met then the spy software scenario is unlikely IMO.


   
ReplyQuote
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
Topic starter  

The most likely way that an ex partner discovers details of the other's messages is by logging into the others account.

That is certainly correct and has been discussed with my client already. Of course she denies that could happen but we are not ruling it out.

Thank you,

Mike


   
ReplyQuote
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
Topic starter  

Logging in to the account from a different device wouldn't cause duplicate messages to appear on the phone itself, however it would explain your client's husband's immediate reaction to facebook posts.

Correct…

The date/time issue you raise does sound like Lantern is reporting the message twice given the current date stamps. Have you contacted Lantern to see if this is perhaps a known glitch/issue with that version of iOS?

We are trying to contact Katana but they seem to have a problem with their support server yesterday.

Do you have other tools to confirm findings (UFED, XRY)

iXAM and IEF. Will try those too.

As far as I'm aware for the spy tools to be installed on iPhones they need to be jailbroken and physical access to the phone is required to install the phone. If both these aren't met then the spy software scenario is unlikely IMO.

You are exactly right on those points. The phone is not currently jailbroken, but, the spouse did have physical access. In fact they are still living in the same house. One upstairs and one downstairs.

We believe that the iOS was recently updated which we think would have eliminated the jailbreak. We are also looking for artifacts of the jail brake process.

At this point we need Katana to determine if this is a know issue with Lantern or not.

Thank you for your response.

Mike


   
ReplyQuote
Adam10541
(@adam10541)
Honorable Member
Joined: 13 years ago
Posts: 550
 

iXam is a solid iOS tool, I'd be interested to know what that reports.


   
ReplyQuote
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
Topic starter  

I agree that iXAM is a solid iOS tool. We have used it for years now and when we have a phone that it can acquire we use it first. The problem has been that whenever an iOS update is rolled out it takes a bit of time before FTS comes out with their update. In this specific case iXAM will not acquire the phone due to the iOS version.

Thank you,

Mike


   
ReplyQuote
Share: