Skip to main content

Police arrest hundreds of criminals after infiltrating their encrypted phone system

Cyber security. Data protection concept. Banking security. Hands touching digital icon padlock and network connection on mobile smartphone, virtual interface screen. - Image
(Image credit: Shutterstock)

The UK's National Crime Agency (NCA) has arrested 746 career criminals after intercepting millions of encrypted text messages.

The messages were sent through a subscription-based phone system called EncroChat which costs roughly $1,994 per month. For that price, the criminals received a customized Android smartphone which had its GPS, camera and microphone functionality physically removed. 

While these devices ship with Android and have numerous encrypted messaging apps installed on them, they also have a secure secondary operating system and can be wiped by entering a PIN thanks to a self-destruct feature.

Up until recently, EncroChat had customers in 140 countries before its network was hacked by French police. The police deployed a “technical device” to penetrate EncroChat communications after they discovered that some of its servers used to were hosted in the country.

Infiltrating EncroChat

As reported by Motherboard, EncroChat users received a text message in June warning that law enforcement agencies had taken over part of the company's infrastructure and were trying to hack into its encrypted messaging system.

At the time, the person who ran the service's email address explained to the news outlet that it would have to shut down, saying:

"We fully understand the inconvenience and frustration this decision has caused our customers. Our main priority has always been our customers integrity and security, and when we no longer can guarantee that, we have no other choice than to shut down the service even if it destroys our business."

Back in May, the company received a number of complaints that EncroChat phones were no longer wiping correctly when the self-destruct feature was activated. This was because law enforcement had managed to install malware on one of its X2 devices that was designed to avoid detection, disable the phone's factory reset feature, record the screen lock password and clone application data.

Although EncroChat has now been shut down and many of its customers have been arrested, other encrypted phone providers will likely surface to fill the gap left by the service.

Via The Verge