APT96.Com

Leaker Reveals Which Pixels Are Vulnerable To Cellebrite Phone Hacking

2025-11-01T12:00:00+00:00

There was an interesting article on Ars Technica about someone who logged into a Microsoft Teams meeting at Cellebrite and was able to find out which Google Pixels are vulnerable to hacking by the digital forensics firm.

For the most part it confirms what is already well known in the privacy community:

Devices in BFU with an unknown passcode are generally secure
BFU devices with a shorter passcode can be brute forced
AFU devices can usually be hacked even without the passcode

But the one part I found most notable was that “even a fully unlocked GrapheneOS device is immune from having its data copied”. While they could obviously look at data on the screen of an unlocked device and extract information accessible to the user, it would seem Cellebrite can’t actually get a complete FFS extraction of a GrapheneOS device even with the unlocked phone in their hands. If the team behind GrapheneOS has been able to make their system this resistant to industrial level phone hacking, it is quite the accomplishment for a small non profit and begs the question of why Google don’t implement the same security for Pixels running stock Android OS.

NPAS Testing Out New Drones

2025-07-24T00:00:00+01:00

The National Police Air Service (NPAS) is set to trial the Schiebel Camcopter S-100 drone.

Police forces have been using drones for a while now, but usually on a smaller scale like DJI consumer drones. While these are still quite useful in law enforcement, they are hampered by their short loiter time, and can’t carry as much payload. By contrast, the S-100 can loiter in the air for over 6 hours and can carry a 50kg payload.

Canon Disconnect

2025-04-10T00:00:00+01:00

I have long used the “Canon Connect” app as a convenient way to transfer pictures from my camera to my phone, without the hassle of having to physically remove the SD card and transfer photos over each time. But as of the latest update, it appears they are forcing people to create a Canon ID account in order to keep using the app. If you don’t create an account, the app no longer works. Now I could easily create an account, it’s free. But I won’t. There is something about them doing this which annoys me. This app has worked just fine without users needing to create an account for years, so why this sudden change? I suspect it lays the groundwork for a future subscription model, where you will have to pay an ongoing fee to keep using the app.

Coastguard Callsigns And What They Mean

2024-11-08T00:00:00+00:00

Coastguard helicopters in the UK use two callsigns, “RESCUE” and “COASTGUARD”. The one they use depends on what they are doing at the time.

“RESCUE” is used when they are on a real emergency callout. Your flight tracking app may display this callsign as SRG
“COASTGUARD” is used for non emergency operations, like a training exercise or a repositioning flight. Your flight tracking app may display this callsign as SRD

The callsign will then be followed by a 3 digit number, which refers to the base that aircraft is operating from. Each Coastguard base has its own number. For example, Prestwick uses 199. So when there’s an emergency one of the fells in the Lake District and they call in SAR support from Prestwick, the heli will deploy with the callsign RESCUE 199.

When you watch OpenADSB long enough you will start seeing times where a Coastguard heli on a training or routine flight gets caled into action. The SRD will suddenly change to SRG along with a drastic change in course and speed.

German Police Timing Attack On Tor Users

2024-09-18T00:00:00+01:00

It seems like German law enforcement has carried out a successful timing analysis attack on Tor users.

https://www.krone.at/3530134

What implications could this have for anonymity and privacy? Well it has always been known that Tor is not completely foolproof and that a nation state adversary who can see and monitor the entire internet backbone could theoretically carry out timing attacks to deanonymize users. The NSA has had the capability to deanonymize some Tor users, some of the time since at least 2012. The Krone article would suggest that this is now a practical attack even for law enforcement, who are usually considered to have less capabilities than intelligence agencies. However, The Tor Project has published this post in response to the news, which goes into a bit of detail and concludes that the success of the operation was more down to luck and user error. The suspects in this case were apparently using an outdated version of Tor, one that lacks some of the in built protections included in recent versions. This appears to have made them easier to deanonymize.

See Where GPS Jamming Is Active With FlightRadars New Map

2024-09-18T00:00:00+01:00

FlightRadar24 has released a new tool allowing you to see where GPS jamming is active

https://www.flightradar24.com/data/gps-jamming

It works by aircraft measuring the strength and quality of the GPS signals they receive when travelling, and then broadcasting this data which is then picked up by FlightRadars network of receivers and fed into the system. When there is no GPS interference, aircraft will usually get a decent signal. These areas are marked green on the map. If aircraft are getting a very weak signal, or struggling to get one at all, that could suggest there is jamming in the area. It doesn’t mean there definitely is, because there are a number of other reasons why an aircraft might be struggling to get a signal. For example, their equipment could be damaged. But if FlightRadar sees that multiple aircraft in a specific area are all having trouble getting a signal, they mark that area as red as that is more suggestive of jamming rather than faults with the individual aircraft.

Follow Emergency Services Aircraft On OpenADSB With These Filters

2024-03-31T00:00:00+00:00

OpenADSB is an aircraft tracking app for iOS and iPadOS. By default it uses the ADS-B Exchange (adsbexchange.com) data feed, but it can be configured to connect to any dump1090, tar1090 or Virtual Radar Server. The app has a filter tool, with some pre configured options, like military aircraft only. Here are some additional filters you can use to follow UK emergency service aircraft. In OpenADSB, add a new filter and put the following strings into the “Registration” field.

Note: I made this post in early 2024 and the aircraft used by these organizations may have changed since then Check https://github.com/APT96/OpenADSB-Aircraft-Filters for a list which is regularly updated

Show All Air Ambulances

G-CRWL,G-KRNO,G-TAAS,G-WNAS,G-PICU,G-TCAA,G-NICU,G-CPTZ,G-DAAS,G-DAAN,G-DSAA,G-RESU,G-HEMC,G-EHEM,G-HHEM,G-NHAC,G-NHAD,G-NHAE,G-GWAC,G-HIOW,G-KSST,G-KSSC,G-LNAC,G-KSSA,G-EHMS,G-LNDN,G-MGPS,G-RMAA,G-OMAA,G-HWAA,G-NWAA,G-NWAE,G-NWEM,G-SPHU,G-HEMZ,G-RSCU,G-SCAA,G-EMAA,G-ISAS,G-GSAS,G-SASC,G-SASD,G-TVLY,G-WENU,G-WOBR,G-WROL,G-WASC,G-WLTS,G-YORX,G-YAAA

Show All Police Aircraft

G-POLA,G-POLB,G-POLC,G-POLD,G-POLF,G-POLG,G-POLJ,G-POLH,G-POLX,G-POLV,G-POLW,G-POLZ,G-POLU,G-EMID,G-CPAO,G-NWOI,G-TVHB,G-CPAS,G-DCPB,G-MPSA,G-MPSB,G-MPSC,G-HEOI,G-SUFK,G-POLS

Show All Coastguard Search & Rescue

G-MCGI,G-MCGF,G-MCGE,G-MCGH,G-MCGZ,G-MCGY,G-MCGJ,G-MCGK,G-MCGG,G-MCGL,G-MCGP,G-MCGM,G-MCGS,G-MCGV,G-MCGW,G-MCGU,G-MCGO,G-MCGX,G-MCGR,G-MCGT,G-UASA,G-UASB,G-UASD,G-UASE

UPDATE: Deleting Data From Flash Memory

2023-12-23T00:00:00+00:00

Earlier this year I posted my thoughts on securely wiping data from devices, and recommended PartedMagic’s Secure Erase¹ for wiping SSD’s. I am no longer recommending this method, as I have recently read that it can be ineffective. A standard Secure Erase only removes the mapping table that keeps track of allocated data. This does seem to make data recovery more difficult, but not impossible. The data is still on the drive, but the SSD will return all zeroes when someone attempts to read it. However, an adversary could perform what is known as a chip-off extraction to access the data.² This technique is more complex and time consuming but well within the ability of a moderately capable adversary.

There is an Enhanced Secure Erase option that does appear to properly overwrite the data, but this option doesn’t show as being available for many drives. And the PartedMagic interface doesn’t really make that clear, which I think should be fixed. The name Secure Erase clearly suggests that your data will be properly wiped, PartedMagic should put some prominent warnings in the interface to let people know that isn’t the case unless they choose the enhanced option.

The procedure I now recommend for wiping SSD’s and flash memory is nwipe ³(a fork of DBAN/ Darik’s Boot & Nuke). This tool is also available on the PartedMagic live OS. Follow the instructions on the interface carefully, you need to select which drive you want to wipe and be careful you don’t get the wrong one. I have been told that if you start the process without selecting any drive, it will start wiping them all but I have not tested that. Chose the PRNG Stream option as the method, this will overwrite the selected drive with random data. Once that is complete, run the same method again. The reason you should run it twice is because flash memory usually has a bit more space on the drive than advertised. For example a 16GB flash drive might actually have 20GB. A single pass will just write 16GB of random data, leaving a lot of that hidden “overprovisioned” space untouched. Running it twice ensures you wipe the overprovisioned space as well.

I have tested nwipe with a couple of USB flash drives, and could not recover any files once the drive had been overwritten twice, so I think it is a secure enough method.

Why overwrite with random data instead of zeros?

On magnetic hard drives it’s fine to overwrite data with zeroes, but on SSD and flash memory it is vital that you overwrite with random data instead. Flash storage can detect when it is being told to write a long string of zeros and will often just mark that sector of the drive as being all zero without actually writing the data. This is a feature that helps prolong the life of your drive by avoiding unnecessary write cycles, but it makes secure deletion a little more complicated. But if you overwrite with random data, you don’t get this issue. The data will be properly overwrittenitten and the drive wiped.

Citations

[1] Parted Magic's Secure Erase

[2] Forensic Focus - Countering Anti-Forensic Efforts – Part 2

[3] nwipe

Securely Wiping Data From A Device

2023-01-25T00:00:00+00:00

When you delete a file on your device, it isn’t truly erased. A good analogy here is to think of a file as a chapter in a book. When you delete your file you are ripping out its entry in the chapter list at the start of the book. On the surface, that chapter now appears to be gone. Any reference to it has been removed and it can’t be easily located by someone looking through the chapter list. But the chapter itself still exists, and can be found by someone who simply looks through the entire book until they find it. Many people have realized that the hard way, giving away or selling an old computer full of sensitive financial or embarassing data and suffering fraud or worse.

To truly remove data from a device, such that it can no longer be recovered, you need to overwrite it, replacing the old data with new data. Below are the procedures I would recommend

Type Of Device	Procedure
HDD	Download and boot ShredOS on a live USB and run the 3-pass DoD wipe on the HDD
SSD	~~ATA or NVME Secure Erase from PartedMagic~~ No Longer Recommended See here for why, and an alternative method
Android	Factory Reset the device Set a new 16 character passcode (the longest Android allows) Fill up the device with random data Factory Reset the device. Set a new 16 character passcode and fill it up with random data again Factory reset a third time. At this point, there is virtually no chance of recovering any old data on the device
iPhone	To Be Added
USB Flash Drive	On Linux, open a terminal and run dd if=/dev/urandom of=/path/to/usb to overwrite the entire USB stick with pseudorandom data. You must run this command twice, in order to be reasonably sure that you've also wiped any overprovisioning space On Windows, download Eraser and run the 3-pass DoD wipe on any files currently on the USB. Once this is done, run the "Erase unused space" option on the USB. Once completed, run the "Erase unused space" option once more, to account for any overprovisioning space.
SD Card	Same process as USB flash drive
Individual Files	On a HDD use the secure erase feature on Eraser or CCleaner to overwrite specific files. Use the 3-pass wipe, or optionally more passes if you like. On an SSD you can't reliably erase individual files. The only way to be sure you've properly deleted something is to wipe the entire drive but that is often not practical. What you should do is use Full Disk Encryption on the drive before storing any sensitive data on it, then it's protected by the encryption. I recommend Truecrypt (Version 7.1a - Download here) for full disk encryption if you are using Windows, and LUKS for Linux systems.

Pantone wants $15/month for the privilege of using its colors in Photoshop

2022-11-04T00:00:00+00:00

Here we go again. From now on if you want to use Pantone colours in Adobe Creative Cloud, you’ll have to pay $15 a month. That’s in addition to the subscription you’re already paying for Photoshop/Creative Cloud itself, given that you can no longer outright buy it. It seems that slowly but surely everything is moving to a subscription model that denies the end user proper ownership over what they purchased. This highlights the importance of free and open source software, so that companies cannot lock our access to what we already bought behind a paywall. If we keep going down the closed source, locked down device model what’s next?

“You’ve already opened Chrome 30 times this month. Click here to subscribe to our Web Browser Ultimate Plan which will let you open your browser as many times as you like. Just $19.99 a month, reduced to $14.99 today!”

It sounds ridiculous now but give it 10 years and I wouldn’t be at all surprised