TinyBrain - please explain the importance of "roaming state IR.21 highest possible bandwith" and cryptography and data potentially originating from and arriving to a smartphone?
I could not Google IR.21 and find a relevant hit.
It sounds like the executive who went to the PRC is trying to deflect blame for actions she took herself.
There are logically only three possibilities
1. She lied
2. She is the victim of an automated exfiltration
3. She is the victim of an active adversary action
Number two seems likely and I believe the NSA does as well in US domestic market.
I theorize that PRC's version of the US's NSA ingests and runs key word and analytic filters in a tool like Nuix. I would guess that world VIPs' names are on the key word list.
I am very interested to know what different or overlapping artifacts are left on a phone in above situation 2 or 3.
This is what is hurting my tiny brain
Can a system on a chip embedded in a smartphone strictly siphon or redirect data passing through it like DNS hijacking or does there have to, defacto, be interaction with Android OS or iOs in order for data exfiltration to occur from a smartphone? Forensic analysis will work on the latter.
If smartphone makers could embed a system on a chip. (“SOC”) on a given smartphone’s motherboard, and the SOC could if “triggered to, would run the equivalent of command line FTK Imager to generate a physical forensic image of a smartphone’s data and then upload the physical image to a predetermined IP address, then forensic analysis of a Cellebrite extraction would not detect such SOC physical imaging activities.
The clear forensic case is the mobile, the UICC (unfortunately I got pushed into this tech domain by the Iranian case) and the datacenter of this R&D institute. Another team is looking deep into the mobile and all aspects of infection, rooting and SoC spying. No information received about hardware espionage in the mobile. The datacenter as evidence domain is the R&D's own responsability.
The UICC and the framework of roaming. Its a T-Mobile UICC all flat. Normally the scientist works in Swiss and is roaming over Swisscom. At home in Germany T-Mobile and in P.R.C. in roaming by China Mobile. My initial question about what bandwidth is possible over IR.21 (International Roaming 21 GSMA standard) focussed on how fast is it possible to transit data from home over roaming. OWA Outlook Web Access and UCC Unified Communication and Collaboration by BYOD Bring Your Own Device was in use to access data from the datacenter. IAM Identity and Access Mgmt.
I have to cryptographically investigate these questions.
#1 - How could China Mobile hack into the T-Mobile UICC?
#1a - Were they able to hack the SE Secure Element in the UICC (Mobile ID tokens inside for IAM, OWA and UCC)
#2 - What legitimate data can a roaming partner write on a foreign UICC?
#3 - SoC TrustZone to UICC secure communication, what logs Android 9.0 (Pie) out?
The R&D institute has no badges. They have strictly! biometric mobiles and an R&D app for access to all physical and digital domains with the Mobile ID tokens (hard and soft).
If the SE got hacked it was possible to get legitimate access to the datacenter.
In the eyes of the R&S institute it looked like Our employee needs access to data from outside, all credentials fine.
In reality Unknown - nightly remote data request and retransmission to unknown destination.
@UnallocatedClusters, did not forget you. Your aspects are here work-in-progress. Thank you! The scientist is clean in every aspect and all sources say she has nothing to hide. Full trust of the R&D institute towards this person. They say she is a jewl in her scientific domain.
Please all consider this. I depend on what given information is forwarded to me. The nightly details I only mentioned for better understanding of the case. All information on this planet can be wrong, misunderstood and on purpose falsified. I am just human.
The case is complex and 4 teams involved. My crypto team looks into the layer of identification and authorization of data flows. The piece I still dont really deeply understand and feel home is the UICC. Thanks to trewmte I learned a lot out of the Iranian case. But I miss a reliable overview or database of UICCs of the world, their security and crypto parameters.
Questions like 'What data integrity encryption runs China Mobile on their LTE network' I dont know how to find out.
Only a trial, see on this link my state of thinking. You can refer to the numbered entities or AVxs.
Order from top for secreasons link removed
See upd board, what do you think? Do we miss something?
See upd board, what do you think? Do we miss something?
Gents, with all respect, but I think that in order to answer at least some of the questions at hand, one would need to recrute an informant within the "hostile" telco or as a second best option, a telco operating within the partner network of the telco in question.
There are too many varaibles to be able to answer any of the primary information requirements of TinyBrain. At this point in time there are too much assumptions to ever being able to craft a forensically sound answer.
A personal favorite is to "just ask" the telco in question.
You might be surprised what you get when you ask nicely.
In short, the only viable option I currently see is HUMINT.
Saludos,
Lex
Lex, we took your advice up from your very first post. The T-Mobile insider we already have.
When I ask I also listen.
Here is a very interesting potential test vector for you
https://