Authorities recently revealed that the FBI and Australian Federal Police secretly operated an “encrypted device company” called “Anom,” which sold 12,000 smartphones to crime syndicates worldwide.
These phones were originally secure devices that relayed all messages to a server owned by the FBI.
The FBI has weaponized what the Android modding community has been doing for years.
Some Android phones have unlockable bootloaders that can be used to erase the original operating system and replace it with a custom build of an operating system called a custom ROM.
FBI’s custom ROM displays an “ArcaneOS” boot screen, and it replaced the normal Google Android distribution with the FBI’s skin of Android 10.
The selling point for alleged criminal groups was that the security-oriented devices had a lot of fun security theater.
A “pin scrambling” feature would change the order of the lock screen numbers so that no one could guess the code based on screen smudges.
The compromised phones of the FBI show some red flags that a tech-savvy user should recognize.
When launching an Android phone, the first check that happens is Verified Boot, which ensures that the operating system is cryptographically signed by the device manufacturer, which guarantees that it has not been tampered with.
If a device fails verified boot, either because it has an unlocked bootloader or a newly locked bootloader with manipulated software, it will display a message during startup. In this case, the FBI devices will display a message saying, “Your device is loading a different operating system,” complete with a yellow exclamation mark and a link to a Google support page at g.co/ABH.
The FBI modified a lot of the core Android operating system by removing helpful Android settings that could reveal the device’s true purpose.
The system settings for apps, storage and accounts have all been removed and there is now no way to see a list of all installed system apps where users might discover something suspicious like “FBI_Spyware.APK.”
The FBI also deleted the “Location” settings to prevent users from turning off GPS tracking.
The device also has the Play Store or other Google apps, and except for a watch and the calculator app which leads to a compromised chat app, no other apps worked.
For more information, read the original story in Arstechnica.