To say that China’s mobile technology manufacturing capacity is impressive would be like claiming that the ocean is a bit damp. It is estimated that approximately 800 million cellular phones were produced in China in 2011 with half of those devices being shipped internationally, making China both the world leader in cell phone production and the world’s largest market for cell phones. While this is great news for China’s massive cell phone industry, it presents a major challenge to forensic investigators.
In the Summer 2012 edition, DFI News discussed the menace presented by the enormous number of Chinese made, grey-market cell phones known as “white-box,” “clone-phones,” or “Shanzhai” (Chinese for pirated goods). Phones are produced rapidly by small design shops selling micro-brands or pirated brand phones. The phones often include hardware, accessories, and operating systems that have little adherence to industry standards, making them difficult to analyze. Two data cables may look the same but use entirely different pins for data and power. Devices typically have multiple SIM ports and associated IMEI numbers (sometimes legitimate and sometimes not), operating systems can be unstable, and manufacturers sometimes block synchronization to simplify the devices and eliminate the need for software support.
Today, it is really a misnomer to identify these handsets as “Chinese.” While the manufacturers of chipsets are in China and Taiwan, their chips are increasingly finding their way into phones and other mobile devices made by large internationally recognized companies like HTC, Nokia, Lenovo, and Motorola. China’s major chipset manufacturers—MediaTek (MTK), Infineon, Spreadtrum, and M-star, which recently came under the control of MediaTek—are pushing out advanced chipsets capable of powering smartphones, GPS systems, and tablets.
The Silver Lining
Despite the many barriers to analysis that Chinese chipped devices present, there is reason for investigators to feel hopeful about the future. Over 90% of all “white-box” devices are supported by chipsets made by just four major integrated circuit (IC) manufacturers: MediaTek, Spreadtrum, Infineon, and M-star. Because so many devices are powered by their chips, effective forensic tools for the analysis of tens of thousands of phone models have been developed, focusing on the analysis of their chipsets.
Tools of the Trade
With roots in China’s digital forensics market, Tarantula by EDEC Digital Forensics was initially developed for Chinese law enforcement investigators, who were obviously the first to confront the China phone problem. It is widely distributed, supporting the extraction and decoding of data from all four major Chinese IC manufacturers. A new version of Tarantula is set to release August 2012 with increased extraction support, better decoding, field-ready USB-powered hardware, and a compact data tip kit. Fully loaded, the new Tarantula kit weighs a scant 2.5 pounds, a fraction of the weight of its predecessor, further increasing the portability of the kit.
Cellebrite updated its UFED analysis platform with its UFED CHINEX connectivity kit. CHINEX supports physical extraction of data from a subset of MediaTek's chipsets. Mediatek’s range of chipsets comprise approximately 60% of the total Chinese cell phone market. To address the problem of non-standard cables and accessories, the CHINEX kit includes a variety of connectors designed to work with the most popular handsets that use MediaTek chips. Cellebrite recently announced the ability to extract data from a limited range of Spreadtrum chipsets, though no decoding is yet available.
One of the most recent entries into the field of Chinese mobile phone forensics, Logicube licensed and integrated EDEC’s Tarantula software into its standalone CellXtract platform. CellXtract–TNT is designed for field use with rugged construction and a built-in monitor. Because they share the same software, CellXtract–TNT has capabilities similar to Tarantula, including the ability to access and decode contacts, call logs, SMS, deleted data, media files, PIN codes, and more.
Other companies like Micro Systemation, Oxygen Software, and Paraben are increasing their efforts to analyze phones based on Chinese chipsets.
Cooperation and Collaboration
As Chinese manufacturing capacity expands and the scope of the problem grows, international firms have joined forces to offer solutions to keep investigators ahead of the curve.
Connecticut based Teel Technologies, provider of mobile device solutions and training, now offers three-day courses on Chinese-chipped phones. Focusing on state-of-the-art tools and methods, Teel aims to educate the forensics community on the unique nature of these devices and how to analyze them. Teel Technologies’ classes are held in locations across the U.S., and private trainings are available upon request.
“Chinese phone analysis has become a critical area of focus for the forensic examiner,” comments Sterling Bryan, forensic analyst and instructor of Teel Technology courses. “Both domestically and overseas, law enforcement has to contend with the seemingly infinite variations of mobile devices from China. For the examiner, new understanding and tools are required to address the phenomenon. In our class, we aim to provide a comprehensive education to enable students to acquire as much data as they can from the multitude of Chinese phones that may come their way.”
Addressing the vast number of Chinese phones is a high technical hurdle that requires an on-going commitment to development. As more firms attempt to leap that hurdle, expect to see an increase in collaborative efforts among top firms.
Kevin J. North is an American freelance journalist who specializes in the fields of finance and technology. He is a graduate of Monmouth University in West Long Branch, New Jersey, with a Bachelors Degree in Public Relations and Journalism. Currently, Mr. North resides in Santa Barbara, California, where he writes and edits articles related to digital forensics, automotive safety technology, and financial advice for investors.