Campus Cyber and the French secret service, the Direction Générale de Sécurité Extérieure (DGSE) joined forces for the CacheCache hackathon held from the 8th to the 15th of November 2023. This inaugural edition showcased mobile security by presenting a high-stakes challenge to 10 carefully selected French companies. On Wednesday, November 15th, an expert jury, which received daily reports from the participating teams, heard their final presentations before selecting the winners.
This mission allowed Pradeo to showcase its expertise in mobile security, securing the first place in the Hackathon. Discover how Pradeo tackled this technical and innovative challenge.
The mission: Contribute to thwarting a terrorist attack by retrieving crucial data from a mobile phone.
The scenario was presented as a terrorism-themed plot where candidates were asked to assist the DGSE in identifying information related to an imminent terrorist attack. Companies such as Orange Cyber Defense, GRT Gaz, and Safran took on the challenge alongside Pradeo.
"After intercepting coded messages, the DGSE is alerted to an imminent terrorist attack. Investigators quickly identify the mobile phone of the group's leader as the source of these communications. Your company is engaged to help the DGSE retrieve data from the phone through a complete dump of the RAM memory. This phone contains crucial information about the planning of an attack. The DGSE needs your technical expertise to determine the location, date, and time. Time is of the essence, and you have 7 days to decode the data and prevent the terrorist attack from happening."
A tangible technical challenge
The mission was intentionally and particularly delicate due to advances in system security by manufacturers. Indeed, access to the entire RAM is highly protected, and the volatile nature of the data adds a layer of complexity. Any manipulation of the terminal could lead to data erasure or even the phone crashing, also resulting in the loss of information. For this surgical operation, Pradeo mobilized two computer science doctors, one specialized in reverse engineering Android, iOS & WebApp, and the other in software reverse engineering; an expert in mobile development Android & iOS, and a system, network & pentesting expert.
Pradeo had to think outside the box and use unconventional means to meet the challenges of this task. For obvious reasons, the methods employed will not be disclosed, but this success attests to the innovation and creativity of the Pradeo team.