The Chinese Cell Phone Menace

The lack of manufacturing standards in the Chinese cell phone industry makes analysis of these devices challenging.

A new challenge to digital forensics investigators is emerging from China, and it is coming to a mobile device near you. The threat is Chinese-made, grey-market cell phones known as “white-box,” “clone-phones,” or “Shanzhai” (Chinese for pirated goods), and they are taking the world by storm. These devices are sleek, stylish, and surprisingly advanced. Unfortunately, they are built with a lack of adherence to industry standards, making them difficult to analyze.

About 800 million cell phones were produced in China in 2011, up nearly 50% from 2010. Approximately half of those devices were exported around the globe, making up 30% of the cell phone market worldwide. That share is expected to grow to 50% in the next few years.

These phones are usually built with multiple SIM card ports and multiple IMEI Numbers, allowing them to operate across multiple networks. That allows these devices to be quickly internationalized, increasing their popularity throughout Asia, Africa, South America, and beyond.

With so many of these devices in existence, an understanding of the technology behind them and knowledge of new methods of analysis is becoming critical for any investigator.

Humble Beginnings
White-box phones started to appear around the year 2000 as a direct result of China’s gargantuan manufacturing capacity and a major hardware innovation. The southern Chinese city of Shenzhen had already been established as the epicenter of Chinese cell phone manufacturing. At the same time, a Taiwanese integrated circuit (IC) manufacturer, MediaTek, began offering advanced hardware packages called “systems on a chip” (SoC) for wireless communication devices. The combination of affordable technology and production capacity opened the door for small, entrepreneurial teams with only a handful of people to design and contract manufacture cell phones quickly and affordably, with some ultra-low cost devices being sold for as little as $30.

While white-box phones were initially cheap and simple, hundreds of small companies known as independent design houses (IDH) emerged in Shenzhen, as well as other industrial cities, to capitalize on the trend. These IDH continue to develop devices with increasingly sophisticated features, some of which are real and innovative along with others that are completely made-up or non-functioning. Devices currently on the market support advanced operating systems, like Android, and some are nearly identical to popular handsets like the iPhone 4—many even use components from the same sub-suppliers as the legitimate manufacturer.

As sophisticated as these devices can be, white-box phones are generally a “flash in the pan,” built for massive but often single production runs that end once a new design is on the table. A typical design cycle for a white-box phone IDH is concept to mass production in 30 days or fewer, an astounding figure for any handset manufacturer. Different levels of quality do exist among these devices, but the concept of low cost or ultra-low cost and trendy devices remains the same. With stiff competition among the estimated 800 IDHs today, any tactic may be used to gain market share. Often these devices will be adorned with popular brands that have nothing to do with the cell phone industry, like Adidas, Marlboro, or BMW. The transient and shadowy nature of the industry means that the hardware or software found in these phones is rarely standardized, making them extremely vexing for investigators.

Challenges to Investigators
The lack of manufacturing standards in the Chinese cell phone industry makes these devices difficult to analyze for a variety of reasons. The fact that these devices are often built in single production runs means that manufacturers have little concern for hardware or software support. That makes finding a validation phone for analysis or supporting accessories like chargers or data cables virtually impossible.

The operating systems (OS) on these devices present still more challenges to investigators. Until recently, all white-box phones were embedded platforms, not open source, and many contain distinct file system structures not found elsewhere in the industry. Newer devices often run OS that are designed quickly with little regard for software support, so they can be inconsistent or unstable and may not be supported by traditional mobile analysis tools.

Further compounding the issue, the data cables on these devices may look the same as their legitimate counterparts, but they often contain different wiring. Sometimes this is a deliberate strategy by manufacturers to maximize accessory sales, but it also impedes the task of the digital forensics investigator, as it can be difficult to establish compatibility between these phones and forensic analysis tools.

Even when data cables allow for physical connectivity, white-box manufacturers often block data synchronization on the software level, as a way of cutting costs. Customers of these devices are not usually interested in syncing data, nor do the manufacturers care to support it. Typically, however, the transfer of media files is available.

“The barriers to analysis of white-box phones come down to one core issue: the absence of industry standards,” according to Eric Ryan, President of eDEC Digital Forensics, manufacturer of mobile device analysis tools. “Unfortunately, hundreds of millions of cell phones are circulating in worldwide markets that are so cheap they are nearly disposable, they accommodate multiple SIM chips, function across national borders, and are inherently difficult to analyze, making them highly desirable for criminal activity and a huge challenge for investigators.”

The Solution is in the Chipset
Fortunately, despite all of the complications in the analysis of whitebox devices, there is a silver lining to this looming grey cloud. While there are tens of thousands of different Chinese-made handsets available today, over 90% of the chipsets used in these devices are built by four major manufacturers: MediaTek, Spreadtrum, Infineon, and MStar.

By focusing on the chipsets, mobile forensics tool manufacturers are able to design hardware and software capable of analyzing white-box phones. These solutions are designed to support either physical extraction, logical extraction, or both, and they range from kits with interface tools and adaptable data cables to software upgrades to existing tools. The most advanced of these devices are capable of analyzing over 75% of all Chinese-made handsets.

Staying Ahead of the Curve
Chinese cell phone technology is here to stay, and it is only becoming more advanced. MediaTek and Spreadtrum now offer chips for Android devices, making it evident that Chinese white-box technology is only a half step behind the legitimate market. International handset manufacturers like Motorola, Alcatel, Lenovo, Micromax, and more are now designing low cost phones around Chinese chipsets. As this segment expands and changes, mobile forensic investigators need to ensure that they are trained on the latest analysis methods and tools to tackle it effectively.

Kevin J. North is an American freelance journalist who specializes in the fields of finance and technology. He is a graduate of Monmouth University in West Long Branch, New Jersey, with a Bachelors Degree in Public Relations and Journalism. Currently, Mr. North resides in Santa Barbara, California, where he writes and edits articles related to digital forensics, automotive safety technology, and financial advice for investors. In addition to his work as a journalist, Mr. North serves as a consultant to the health and wellness, Web design, entertainment, and data acquisition industries.