Cybersecurity researchers have uncovered a sophisticated mobile forensics tool, Massistant, allegedly used by Chinese law enforcement to extract sensitive data from confiscated phones. Developed by SDIC Intelligence Xiamen Information Co., Ltd. (formerly Meiya Pico), the tool is believed to be a successor to MFSocket and can covertly access GPS data, SMS messages, images, contacts, and even information from encrypted messaging apps like Signal.

China's Covert Data Extraction Tool Unveiled

Key Revelations About Massistant

• Developer: SDIC Intelligence Xiamen Information Co., Ltd. (formerly Meiya Pico), a company specializing in electronic data forensics.

• Functionality: Extracts a wide range of sensitive data including GPS location, SMS messages, images, audio, contacts, and phone services.

• Method of Operation: Requires physical access to the device for installation, often used at border checkpoints. It works in conjunction with desktop forensic software.

• User Interaction: Prompts for permissions upon launch; attempts to exit result in an error message. Automatically uninstalls upon USB disconnection.

• Advanced Features: Connects via Android Debug Bridge (ADB) over Wi-Fi and can download additional files.

• Messaging App Data: Expands on its predecessor by collecting data from Signal, Telegram, and Letstalk.

• iOS Capabilities: While analysis focused on Android, evidence suggests an iOS equivalent exists, supported by Meiya Pico's patents related to iOS data collection.

How Massistant Operates

Massistant, like its predecessor MFSocket, necessitates a physical connection to the mobile device and a desktop computer running specialized forensic software. Once installed and launched on the phone, it prompts the user to grant extensive permissions to access sensitive data. A notable feature is its resistance to user attempts to exit, displaying a message indicating it's in "get data" mode. The application is designed for stealth, automatically uninstalling itself from the device once disconnected from the USB.

Meiya Pico's History of Surveillance

Meiya Pico, the company behind Massistant, has a documented history of involvement in surveillance activities. In 2017, The Wall Street Journal reported on their collaboration with police in Ürümqi, Xinjiang, to scan smartphones for terrorism-related content. This led to sanctions by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) in 2021, citing the company's role in enabling the "biometric surveillance and tracking of ethnic and religious minorities in China, particularly the predominantly Muslim Uyghur minority in Xinjiang."

Implications for Travelers

This discovery highlights the potential risks for individuals traveling to and within mainland China. As Lookout, the cybersecurity firm that uncovered Massistant, noted, "Travel to and within mainland China carries with it the potential for tourists, business travelers, and persons of interest to have their confidential mobile data acquired as part of lawful intercept initiatives by state police."

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones, The Hacker News.