Encrochat phones had a feature that erases the contents of the device when a specific PIN was entered, as well as two operating systems running simultaneously.
EncroChat, a phone encryption company whose client base was mostly dangerous organized criminals, used the Signal protocol in its encrypted messaging application. This was reported by the publication Motherboard Vice, which got the documents of law enforcement agencies.
According to the documents, the French police gained access to the messages of EncroChat users by downloading malware to mobile devices using a malicious update on the EncroChat server. The malware could collect data about the location of the device, messages stored in it, passwords and other information. The French police shared the collected data with law enforcement agencies of other countries, which, on the basis of this information, conducted large-scale operations to arrest criminals.
“EncroChat encrypts its messages using the Signal protocol. It is a widely used encryption protocol and is freely available. I am not aware of any ability to decrypt messages encrypted in this way”, says a document from a technical officer at the UK's National Crime Agency (NCA).
EncroChat used standard Android devices and loaded its own applications onto them. The phones had a feature that erased the contents of the device if the user entered a specific PIN, and also launched two operating systems in parallel. One OS looked harmless and resembled a regular version of Android, while the other contained the EncroChat messaging app.
For years, British criminals and gangs have used these devices. In July 2020, the largest operation in the history of British law enforcement agencies was carried out to shut down the encrypted service for communication EncroChat. Operation Venetic resulted in 746 arrests and the seizure of £ 54 million in cash, 77 firearms and more than two tons of drugs.