The “how to crack mobile phones” tutorial posted by an Australian Taxation Office employee appears not, as widely reported, to be evidence that the agency has the ability to penetrate a wide range of devices.
The Australian Broadcasting Corporation reported that the ATO had “disciplined” a staffer who posted a presentation to LinkedIn's Slideshare service and to his LinkedIn profile. That account page has since been removed, but Google Cache has preserved much of the presentation and accomnpanying text.
The LinkedIn page that Google can't forget shows just 148 views of the presentation since May 2016, when it was posted. It's since spread to other free document hosting sites, with versions appearing as early as February 2017.
According to the ABC – and several other outlets – the presentation “reveals” the taxman's “fraud investigation tactics”, and suggests “a push for powers normally associated with police and intelligence agencies.”
But a glance at the presentation was cribbed from mostly-public information, all linked in the text:
- This piece from Digital Forensics is neither Earth-shattering nor new, since it was published seven years ago;
- The list of phone-crackern boxes here is still live, so apparently it's not considered a national security threat in the UK;
- The Nokia firmware archive supposedly here has been taken over by squatters, as has “Dream Fabric's” explanation of hex formats in text messages, and was even before the presentation was created.
What of the devices the document uses as demonstrations? While Samsung and Motorola are mentioned, that's only in the context of explaining things like time and date formats. The only example device in the presentation – that is, “how to unlock it” – is a Nokia 1100, which looks like this:
The ATO knows how to crack phones like this, apparently
In other words: rather than being a reveal-all leak of the ATO's “phone cracking” techniques, it was an obsolete for-dummies level presentation. If it represents current best practice in the ATO, Vulture South suggests phone cracks are better left to agencies with more up-to-date tools. And that's before we consider whether the document was presented as a "how-to" for staff, as has been assumed, or in another and more innocent context. ®
Sponsored: Ransomware has gone nuclear