NEW DELHI: Despite the dire need to have a mobile password-cracking tool, no company could come forward to showcase their skill set. World-class Capture The Flag (CTF) hackathon to crack the passwords of locked mobile devices organised by Future Crime Research Foundation (FCRF), along with Root64 Infosec Foundation saw no participation from the so-called advanced tools providers.
This not only exposes the tall claims by big technology companies, but also puts a big question mark on the efficiency of sophisticated software and tool providers to government and security agencies.
Due to lack of participation, the hackathon scheduled on November 3, 2022 at Root64 HQ at Chaitanya, 5. Sect 106, Noida-201301 now stands canceled. However, the organisers still welcome entry to live demonstrate skills to unlock passwords of smartphones.
“The event is cancelled as no company came forward to showcase their strength. We are open to giving rewards and acknowledging anyone who can crack the lock of phones selected by our jury,” said Amit Dubey, Chief Mentor of Root64 Infosec Foundation.
The hackathon aimed to check the capability of the best tools and technologies available that can help law enforcement agencies in investigating complicated cases.
In a survey done by FCRF and Root64 Infosec Foundation, we found that cracking mobile phone passwords is one of the biggest problems that state and central agencies face.
Cracking a password or passcode is one of the most complicated parts of an investigation. The biggest problem for any law enforcement agency is unlocking mobile phones seized from criminals or finding data inside unidentified phones or devices recovered from dead people.
In such situations, cell phones are the only way to find out about crimes or get proof for investigation.
Ineffective Tools Being Sold At Hefty Price
Even though there are a lot of tools and claims from tech companies worldwide, law enforcement agencies told FCRF and Root64 in their survey that most of the tools are useless. Only 5-10 per cent of mobile phones can be unlocked using such expensive tools.
In a number of on-the-ground investigations, these mobile password-cracking technologies struggle to unlock the phone, leaving the investigators stuck in the middle of their inquiry.
Even mobile phone makers are increasing the security of their products. They are introducing complicated passcodes and phone protection, making cracking programs more difficult.
Question Of Procurement Of Such Tools
The problem occurs despite the fact that many state and central organisations in India use or purchase software from a variety of industry-leading companies. In addition, there is no regularity in the costs of these services (no defined MRP).
Many vendors are selling the same software with some add-on features as the advanced or premium version but need more real effectiveness.
Recommendation For Government, MHA & LEA
Insiders unanimously told The420, the government or any agency must buy such tools only based on their performance. A live demonstration should be done and the process should be recorded for efficiency and transparency. MHA and State Government should make live POC mandatory on handsets of different manufacturers, operating systems, and chipsets before purchasing these kinds of hyper-price-inflated tools so that taxpayers’ money does not go waste.
A technical committee comprising of competent officials should access and clear the multi-crore procurement process.
Currently, marketing agents are selling highly ineffective products at a highly inflated price.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube