You are here : Home > Criminality, Terrorism, and Encrypted Data: “Exceptional” results for the European ExFiles project

News | Focus | Cybersécurité

Criminality, Terrorism, and Encrypted Data: “Exceptional” results for the European ExFiles project


​​​​​​​​​​​Developing new methods to extract encrypted data from cell phones and assist with criminality or terrorism matters: such was the purpose of the European ExFiles project, which was under the technical coordination of CEA-Leti from 2020 to 2023. The European Commission described the results as ‘very positive’.

Published on 23 April 2024
A hundred ‘case studies’ solved on the European Union scale: ExFiles supplied law enforcement personnel with new software and material tools that will make telephones ‘talk’ in criminal investigations. Equipped and trained, the French gendarmerie was able to establish new digital investigation methods.


A Very Strict Legal Framework

Research was conducted in a strict legal framework. Five national police services (France, Germany, Spain, Netherlands, and Norway) participated in ExFiles. They volunteered telephones linked to serious crime and terrorism cases, and were the only ones authorized to handle retrieved data.
 
As the project’s technical coordinator, CEA-Leti provided encrypted data extraction techniques that harness the material characteristics of telephone components.


​‘Paired with software methods, these techniques proved to be effective in several cases,’ said Driss Aboulkassimi, a CEA-Leti researcher. ​

​​ 

When used alone, software methods can be thwarted by the constant efforts of smartphone makers to eliminate security vulnerabilities as they are discovered, through updates. Conversely, electronic components in telephones that are already in circulation cannot be altered easily: it is one of the strengths of techniques based on material features.​

 

A Method that Bypasses Secure Booting on Smartphones

A major CEA-Leti achievement for ExFiles: a new electromagnetic fault injection method that makes it possible to bypass an important protective mechanism, the secure boot function (which guarantees system integrity and authenticity). Naturally, these methods are very protected, and can only be implemented by state-of-the-art laboratories.
 

‘We are able to boot smartphones with software that isn’t the one installed on a telephone, in order to decrypt its data,’ said Driss Aboulkassimi.


In 2022, this breakthrough was rewarded by a Best Student Paper in an international conference on cybersecurity. CEA-Leti has also filed two patents.


Although the ExFiles project ended in 2023, research is continuing through the REV project (which researches and takes advantage of vulnerabilities), as part of the National Strategy for Cybersecurity research program (PEPR). For this project, which is coordinated by Eurecom, CEA will continue developing material methods that are adapted to the most recent cell phones, combining them with software approaches.​

Top page