Notifications
Clear all

Faked SMS mesage

Tackleberry
(@tackleberry)
Junior Member

We are looking at trying to discern between faked sms and real ones. NOT utilizing internet based websites for this discussion, but with an Android APP that is down loaded to the phone.

#1 Obviously we could potentially see the APP installed, or seen as deleted App if Physical dump is available.
#2 We could possible see that a search record for "Fake SMS" in the searched App store or browser.
#3 Also for discussion purposes the "Basic" call record / billing records not yet available for either phone that may "appear" to be involved in the fake sms exchange.

The App Allows you to select date and time of message and can be set up to display any phone number. It also allows you to set the message as incoming or sent (to create a back & Forth sms discussion), (also an option to put fake message into outbox, failed, or draft box). It appears to put the artifact directly into the mmssms.db ( on my test Moto Razor HD device at least)
This test device has been reset prior to this App install, it is on verizon but has not service currently, just connected via wifi.

Any thoughts with #1,2,3 possibilities not withstanding?

I am in the process of duplicating the test on a device with active cellular service.

Quote
Topic starter Posted : 09/10/2017 4:14 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Device rooted and bootloader unlocked?

ReplyQuote
Posted : 09/10/2017 4:31 pm
Tackleberry
(@tackleberry)
Junior Member

Its a stock (Verizon) XT926 Droid Razor HD. Using Cellebrite UFED for physical, Logical, and FS. Still running the test extractions.
The XT926 just happened to be the only test phone that was charged at the time…I would anticipate this issue coming from devices, that in all likely hood, we would NOT have a physical dump due to device limitations. For our applicable cases we would NOT be able to manually root the device.

ReplyQuote
Topic starter Posted : 09/10/2017 4:39 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Is the app still available in Google Play Store? Does the app withstand Google Play Protect?

ReplyQuote
Posted : 09/10/2017 5:23 pm
Tackleberry
(@tackleberry)
Junior Member

yes in the store.
16k downloads

com.neurondigital.FakeTextMessage

ReplyQuote
Topic starter Posted : 09/10/2017 5:32 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Ok, is there a possibility to put the app in a 'hidden apps folder'? Do you assume that the app was silently installed on a suspects device? What crime is potentially related too?

You should be able to find artifacts of multiple different user logins into Google Play Store.

ReplyQuote
Posted : 09/10/2017 6:09 pm
Tackleberry
(@tackleberry)
Junior Member

Agreed Rolf.
I am looking into the db files to see if "sms service center" data is captured, showing it was real sent or received msg. but not all phones are going to capture that. And dependent on what sort of dump is available.

This is hypothetical at this point, but would apply to all sorts of criminal or civil cases.

ReplyQuote
Topic starter Posted : 09/10/2017 6:45 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Good job! You may get in touch with the M(V)NO and submit a warrant to get the logs of the SMS Service Center equivalent to the CDR Call Data Record.

ReplyQuote
Posted : 09/10/2017 7:44 pm
Tackleberry
(@tackleberry)
Junior Member

My hope is that some examiners have come across this data without accessing the carrier side of things. Any if anyone has captured smsc records on specific devices..

ReplyQuote
Topic starter Posted : 09/10/2017 8:02 pm
Share: