China Hacks Seized Phones to Extract Data - New Tool Revealed

New Malware Used by Chinese Authorities to Extract Data from Seized Phones

Security researchers have revealed that Chinese authorities are employing a novel form of malware designed for data extraction from confiscated mobile phones.

Data Targeted by the Malware

This tool enables the acquisition of a wide range of personal information, including text messages – even those from encrypted messaging applications like Signal – images, location data, audio recordings, and contact lists.

Introducing Massistant

Mobile cybersecurity firm Lookout has published a report detailing this hacking tool, known as Massistant. The report, shared exclusively with TechCrunch, identifies Xiamen Meiya Pico, a Chinese technology company, as the developer of this software.

How Massistant Operates

Massistant functions as Android software utilized for forensic data extraction from mobile devices. This implies that authorities require physical possession of the targeted phones to deploy the tool.

While the specific Chinese police agencies utilizing Massistant remain unconfirmed, its usage is believed to be extensive. Consequently, both Chinese citizens and individuals traveling to China should be cognizant of its existence and the associated risks.

Expert Concerns

“This is a significant concern,” stated Kristina Balaam, a Lookout researcher who analyzed the malware. “Anyone traveling within the region should understand that their device, if confiscated, could have its contents entirely collected.”

Balaam emphasized the importance of awareness for all travelers to the region.

Evidence of Use

Balaam discovered numerous posts on Chinese online forums where individuals reported finding the malware installed on their devices following interactions with law enforcement.

“The tool appears to be widely implemented, particularly based on discussions observed on these Chinese forums,” Balaam added.

System Requirements

The malware necessitates installation on an unlocked device and operates in conjunction with a dedicated hardware tower connected to a desktop computer, as illustrated on Xiamen Meiya Pico’s website.

Limitations and Potential iOS Version

Lookout’s analysis was limited to the Android component, and a compatible version for Apple devices was not found. However, Xiamen Meiya Pico’s website displays iPhones connected to their forensic hardware, hinting at a potential iOS version of Massistant.

Ease of Use

The use of Massistant does not require advanced hacking techniques, such as exploiting zero-day vulnerabilities. According to Balaam, individuals readily surrender their phones to authorities.

Legal Framework in China

Since 2024, Chinese state security police have been legally authorized to search phones and computers without a warrant or an ongoing criminal investigation.

“If a device is seized at a border checkpoint, access is typically granted by the owner,” explained Balaam. “The need for sophisticated exploits is diminished in such scenarios.”

Detecting and Removing Massistant

Fortunately, Massistant leaves detectable traces of its presence on compromised devices. Users may be able to identify and remove the malware, either by recognizing it as an installed application or by utilizing advanced tools like the Android Debug Bridge.

The Critical Timing of Compromise

However, the damage is already done at the time of installation, as authorities have already gained access to the user’s data.

Predecessor Tool: MSSocket

Lookout identifies Massistant as the successor to MSSocket, a similar mobile forensic tool also developed by Xiamen Meiya Pico and analyzed by security researchers in 2019.

Market Share and Sanctions

Xiamen Meiya Pico reportedly controls 40% of the digital forensics market in China and was sanctioned by the U.S. government in 2021 for providing technology to the Chinese government.

Lack of Response

The company did not respond to TechCrunch’s requests for comment.

A Broader Ecosystem

Balaam noted that Massistant is just one component of a larger ecosystem of spyware and malware created by Chinese surveillance technology manufacturers. Her team currently tracks at least 15 distinct malware families operating within China.