Only high-end criminal gangs or state-sponsored actors could hack a phone in the way a man accused of sexually abusing a teenage girl claims happened to him, an expert has told the court.
MoD-trained forensic expert and ethical hacker Tony Haddow said it was “extremely unlikely” a hacker could have gained remote access to Trevor Fernandes’s Samsung to set up an encrypted partition without his knowledge.
Fernandes is charged with convincing a Texan girl to strip naked and perform lewd acts on herself, her baby sister and pet dog, before threatening to release sexually explicit images of her unless she complied with his every instruction.
The messages, sent on Instagram and Kik, were traced by American police back to the 37-year-old’s address in Swindon, and by the National Crime Agency to his Samsung Galaxy S10, where he had an encrypted partition that held the apps in question.
Swindon Crown Court heard yesterday that Fernandes “denied all knowledge” of the partition, known as Knox, and claimed “someone else hacked into his phone”.
‘China and Russia would have that capability’
Today (May 13), Mr Haddow told the court that only a hostile, state-sponsored actor such as Russia or China, or a high-end criminal gang, could hack into the phone to set up Knox to open biometrically, and not alert the user of the phone.
He said he “wouldn’t say anything is impossible”, but when asked what skillset someone would need to be able to carry this out, he said “hostile states like China, Russia, would have that capability”.
“It’s not the capability that a general avid user would have,” he added.
In a day of evidence dedicated to forensic analysis of Fernandes’s Samsung, Mr Haddow, head of forensic at cyber security company 4Secure, was asked whether “anything is possible” once a hacker has penetrated a device.
READ MORE: Swindon man ‘used nude images to convince teen to perform sex act on dog’
“It is a very specialised skillset,” he told jurors. “Someone would have to be pretty determined.”
Later, Mr Haddow cited the Israeli government’s Pegasus malware, exposed in 2016, where he said that it was “one of the most sophisticated” malwares but was “not very functional” as it could only harvest limited information – and not perform the functions claimed in this case.
“It doesn’t give them much control,” he said.
“Even the Israeli government’s malware doesn’t give full control over the phone?” prosecutor Daniel Sawyer asked. “So far,” replied Mr Haddow.
“In 2018, did it?” the prosecutor followed-up. “In 2018, probably not.”
Mr Sawyer asked: “If the Knox files show that something has been accessed with the fingerprint, what level of hacking would be required to have accessed it remotely, but to leave Knox saying it was accessed by the phone?”
“That’s extremely sophisticated, we’re talking state-sponsored actor.”
‘Not compromised in any way’
The Crown are trying to prove to jurors that the defendant’s claim that his phone was hacked is, in the words of Mr Sawyer, “nonsense”, whilst Fernandes’s team claim that he had no knowledge of the partition which contained the apps used to send the offending messages.
Earlier in the day, jurors had been told that Mr Haddow was more than 95 per cent sure that the phone “had not been compromised in any way”.
Another prosecution witness, forensic computer analyst Michael Campbell, had also said that he had never heard of anyone being able to set up an account with fingerprint login, as is the case here, by hacking.
“It may be feasible but I’ve never heard of it,” he said under cross-examination from Fernandes’s barrister, Beata Kopel.
“I can comment on it as much as I know what the digital footprint of a fingerprint is, it’s an enormous hash value.
“It would seem improbable that could be replicated by someone using malware.”
The trial will continue on Monday.
Fernandes denies 16 charges – seven of causing or inciting a child to engage in sexual activity and nine of making indecent photographs of a child.