Chinese Authorities Are Using a New Tool To Hack Seized Phones and Extract Data

In a concerning development, security researchers have revealed that Chinese authorities are using a sophisticated new type of malware to extract sensitive data from seized phones. The hacking tool, known as Massistant, has been developed by Chinese tech giant Xiamen Meiya Pico and is being used for forensic extraction of data from mobile phones.

The news comes as part of a report shared exclusively with TechCrunch, detailing the capabilities of this new malware. According to Lookout, a mobile cybersecurity company, Massistant allows authorities to obtain text messages, including those from popular chat apps like Signal, images, location histories, audio recordings, contacts, and more.

It's worth noting that Massistant is Android software specifically designed for the forensic extraction of data from mobile phones. This means that authorities using it require physical access to the devices in question. While Lookout doesn't know for sure which Chinese police agencies are using this tool, its widespread use is assumed, making it essential for Chinese residents and travelers to China to be aware of its existence and the risks it poses.

While there is some good news - Massistant leaves evidence of its compromise on the seized device, allowing users to potentially identify and delete the malware. This can happen because the hacking tool appears as an app or can be found and deleted using more sophisticated tools such as the Android Debug Bridge, a command-line tool that lets a user connect to a device through their computer.

However, there is also some bad news. At the time of installing Massistant, the damage is already done, and authorities have access to the person's data. According to Kristina Balaam, a researcher at Lookout who analyzed the malware, "It's a big concern. I think anybody who's traveling in the region needs to be aware that the device they bring into the country could very well be confiscated and anything that's on it could be collected."

"I think it's something everybody should be aware of if they're traveling in the region," Balaam added. The revelation highlights the importance of being vigilant when it comes to data protection, particularly for individuals traveling to China.