A Device to Grab Data From Cell Phones 161
what about writes
"Apparently there is a quick, simple, and undetectable way to grab all of your cellphone data. CNet reports on the Cellular Seizure Investigation (CSI) Stick, developed for law enforcement but available to the public, which 'connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.' I use mobile knox, a secure storage application, for my important data, but I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone."
*duh* (Score:1, Offtopic)
Abby and McGee have had a copy of that for what... five seasons?
Plot Device Failure. (Score:3, Insightful)
This device will never be used to solve a real crime. Cell phone companies already keep the required records for billing. This will simply allow TSA and other would be snoops to dig into people's private business. I had to laugh when I saw this:
Re:Plot Device Failure. (Score:5, Funny)
That is precisely the sort of crap they spooned out when Verichip tried to persuade parents it was a good idea to have their kids RFID chipped ("If your kid is lost or kidnapped, they can be located!").
And that, my friends, was just the first salvo in the attempt to get people-chipping popularly accepted.
As I once said, the day they start chipping people is the day I start offering my services to remove them and feed them to the migrating geese that pass through our area, in little balls of bread dough.
Re: (Score:3, Interesting)
I've used this device, physically. Had the csi sticks in the lab and attempted to seize cell phone information via this device...
Your data is perfectly safe. It couldn't acquire data from any phones more recent than 3 years old and even then, a quick click through your cell phone would yield just as much results. (doesn't retrieve deleted items).
Put your tinfoil hats away, I've had better methods
Non free is always this way. (Score:1, Insightful)
Anyone have any doubts left about the importance of software freedom for all your devices?
Re: (Score:3, Insightful)
I think its great. Theres now a way to copy DRM-laiden MP3s and ringtones from your phone.
Re:Non free is always this way. (Score:5, Insightful)
Re: (Score:1)
Re: (Score:1)
Re:Troll, mod down (Score:5, Insightful)
oye! (Score:1)
Re:oye! (Score:5, Insightful)
I always knew that cell phones are vulnerable, but to know there is a device which can basically clone your data out, with NO trace, that's downright scary! Even when LOCKED? We should start reading our contracts and our EULAs on our phone, somehow, somewhere, there's got to be something to rely on legally, if this can happen.
Such a device is called a "computer", and many people already own one. By means of a secondary device, called a "USB cable", one can attach a computer to a cell phone and read the contents from it.
If you read the "instruction manual" that comes with your cell phone, you can see plainly that a cable can be connected between the phone and the computer and the contents read from it. No phone manual I have ever read says anything about authentication of the USB cable connection. Therefore you have already been informed of as much as you need to know, legally.
Re: (Score:2, Interesting)
Re: (Score:1)
Isn't it just a little bit naive to put your secrets in your phone and then permit untrusted people unmonitored physical access to it?
Re: (Score:3, Insightful)
Uh.. gee, let's put imagination 101 to the test.. say for example, your phone is:
In real life, who the hell would locked their phone and maybe lose it uh? right? can't possible happen, that's way to fictional, going on sci-fi here..
You would THINK your phone numbers and whatever else is stored, at least is somewhat safe, but wait.. not anymore.. if a company sells you a phone and says it's safe when it is locked, only for anyone with the right software to override the locked feat
This only works on SOME phones (Score:5, Insightful)
Phones without a data port are immune.
Phones whose firmware will not send a particular piece of data over the data port are immune as long as the firmware isn't updated. Updating the firmware leaves a trace.
This goes to show that in many cases, physical access is ultimate access.
I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.
Re: (Score:1)
Re: (Score:2, Interesting)
Whilst this is getting better pretty damn rapidly with newer smartphones, I wouldn't have thought most phones would be able to handle that much encryption. Tis rather processor intensive, killing the battery. Although I guess they could add in extra hardware for the purpose, again killing the battery.
For a lot of people phones should be basic things that make calls, send texts, and not die on them, enryption doesn't even enter their head. With the phone makers, it not about not allowing you to have strong e
Re: (Score:3, Insightful)
We're not talking about a stream cipher that encrypts megabytes of data per second but phone number, a string with a maximum of about 15 digits, maybe more.
And then the contents of SMS, again 160 half-bytes at max. I mean, these phone CPUs can decrypt tiny videos at 15fps and not break a sweat, come on, they CAN encrypt less than a dozen kilobytes without killing the battery.
Then again, I'd rather recharge the phone every fourth day instead of every fifth when I can be sure that no one can clone its content
OpenMoko (Score:2)
is an OS distribution, not a phone.
And unfortunately, it is next to impossible to get cell phone parts manufacturers to make their interface specifications open such that an open-source developer can make their software work with it. I doubt we will ever see OpenMoko make any real progress in the near-term future, or open-source software of any kind.
Re:This only works on SOME phones (Score:5, Informative)
I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.
You know what those "secure" phones are called? Blackberries. Go buy one today!
On a blackberry, you can have all content on the phone strongly encrypted with AES. If your company has a blackberry enterprise server, you can even make this mandatory and prevent the user from disabling content encryption.
If content encryption is on, then the blackberry won't send data via the data port or bluetooth until the password is entered. Enter the wrong password 10 times and the blackberry securely wipes itself.
Despite the proliferation of mobile phones & wireless email, no one comes close to the blackberry platform for features & security. Not iphone, not windows mobile, not nokia. Some very smart people at RIM have looked at wireless email from end-to-end. The blackberry platform has also been audited from end-to-end by many governments and tech experts. What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.
Breaking into a Blackberry (Score:1, Funny)
adds a whole new meaning to the term "crackberry."
Re: (Score:1)
you have it backwards (Score:4, Insightful)
Despite the proliferation of mobile phones & wireless email, no one comes close to the blackberry platform for features & security. Not iphone, not windows mobile, not nokia. Some very smart people at RIM have looked at wireless email from end-to-end.
Um- wrong. Blackberry wanted to get government contracts, so they went through all the government security requirements.
You make it sound like this is some sort of rocket science. It's preposterous to suggest that only RIM has the talent to design a "secure" phone. It's not a matter of talent; it's a matter of whether or not the market demands it. We've seen it with the iPhone; after the initial crazy rush for v1.0, v2 has much more for enterprise users.
What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.
You incorrectly assume that RIM wants to compete in a "cool" market. Many companies purposefully restrict the market they target.
Re: (Score:2)
they need to adopt a moron urban vibe, maybe do a commercial with kanye west.
yo, where you at, dawg?
Re: (Score:2)
Proprietary software is untrustworthy. (Score:2)
Proprietary encryption, like any other proprietary software, is untrustworthy. You don't really know what you have or who can read the encrypted data when it's encrypted with proprietary software.
Re: (Score:2)
And you know nothing about encryption. Quit following up all the posts criticizing Crackberry with that link about NATO AUDITING CRACKBERRY AND FOUND NO DINGLE BERRIES OK?
And just in case you think certifications mean a damned thing - Windows is also certified under the rainbow books. So fucking what? Still hacked and broken in all the time.
Re: (Score:2)
No, because I don't trust those organizations so their audits mean nothing to me. I wouldn't even trust them to tell me the full scope of their audits nor would I trust them to tell me if something turned up that they were unsatisfied with. I do trust my own code inspection abilities and when I paid others to do comparable work, I trusted them. I trust the free software community to inspect and fix things therefore I run free software on my computers. Using S/MIME and PGP encrypted messages atop proprie
Re: (Score:2)
You smoke something really really good. There are so many issues with blackberry security that it is scary. To start - everything goes through their "cloud". They own your keys. What makes you think that there's no backdoor in there? If someone as big as IBM/Lotus Notes will put a backdoor in, can a small company like RIM, which actively targets the govt market, not put something in?
Re: (Score:2)
Hey, Lotus Notes is used by CIA and many governments all around the world. I don't think they chose it without auditing.
Re: (Score:2)
Hey Fucking Anonymous Coward, here's a way to grab the information off an encrypted blackberry.
http://www.blackberryforums.com/general-blackberry-discussion/49434-blackberry-forensic-research.html [blackberryforums.com]
So much for your "it's so fucking secured ooooooo" nonsense.
And let's not talk about things like bbproxy and other things that opens your inside network completely to attacks. Yes, finally RIM recommends putting your BES inside a DMZ, but that was only after a proof of concept was shown, and how many companies dep
Re: (Score:2)
You know what those "secure" phones are called? Blackberries. Go buy one today!
Hah! RIM doesn't even support it's own device security properly. Want to get your encrypted photos back off the device? Good luck! You have to downgrade your desktop software installation to a special old version just to do it because the later revisions that feature a Roxio application in place of the media manager don't seem to support decrypting photos.
Just Google ".jpg.rem" to see the extent of the problem.
Re: (Score:2)
What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.
They need to lose about 99 buttons too, the user interface and physical design are messes.
Re: (Score:2)
The connector on it looks like a Nokia handsfree connector, so it'll only work on those phones that have that sort of connector... and even then only those that have a data port there (very few in fact.. most have the data port under the battery these days).
A single device that would get data off *any* phone is impossible - there are too many differences in them. You need a device per phone model, and even then you'd need the data format which is often proprietary (connecting to an iphone is totally unlike
Re: (Score:3, Insightful)
I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.
So long as the data port is not playing double duty as the charging port, take a screwdriver to it. That's what people in sensitive government jobs to the cameras in their cellphones. In Israel, it doesn't even void the warranty under most circumstances.
Re: (Score:2)
since when were data ports standardized anyway?
Re: (Score:2)
I was kind of thinking of doing this myself.
Finding out which contact(s) in the port are for data transfer, and wire in an INTERNAL (as in, have to take the fucking thing apart) switch to manually sever the data circuit(s). While I was at it, I was wondering if I could also hardwire a switch for the camera lense in case my phone ever becomes compromised (without my knowledge), it couldn't be used for visual snooping.
Then I realized that my tinfoil hat would probably interfere with the transmission of such s
How much? Where? (Score:3, Interesting)
Re: (Score:2)
Anyone know where I could pick one up? It could be useful for backing up my phone.
My thoughts exactly. It would be nice if it could also *write* to the phone though. Backing up without being able to restore isn't all that useful.
Re: (Score:3, Informative)
It is a forensic product. Any product in that field that changes the evidence is worthless, therefore it is entirely appropriate that it does not write anything at all to the phones.
Re: (Score:2)
just plug it into your pc, this is just an automated gadget that speeds up the process.
Re: (Score:2)
just plug it into your pc, this is just an automated gadget that speeds up the process.
Not all phones support all functions by plugging into the PC. Some barely even support charging through USB. If this gadget is as great as the summary claims, then it would be worthwhile for those phones that don't cooperate as well through USB.
Re: (Score:3, Informative)
*cough*Anything from Verizon*cough*
Re: (Score:2)
how would verizon change what the hardware/firmware support. apart from getting moded informative for being a shot at verizon i doubt a network could change how the phone behaves when plugged into your pc.
Also if a phone doesn't support a function when plugged into a pc how is it going to support it when plugged into a piece of hardware with only a subset of the abilities a pc has
Re: (Score:2)
Not to mention more basic functionality like syncing with another device. Verizon removes almost all Bluetooth profiles; I think I can tether my LG VX8300 to a computer, and can use my Bluetooth headset/remote "control", but OBEX and everything else is disabled.
Re:How much? Where? (Score:5, Informative)
I have a couple of these at work, since my job is as a forensics investigator, and they're nifty, but they're very limited in what you can do with them since they only support Motorola and Samsung. There are better tools out there:
PDA Seizure, Cell Seizure, Pilot-Link (Open Source), BitPIM (Open Source), ForensicSIM, etc.
Re: (Score:2)
Re: (Score:3)
Re: (Score:1, Offtopic)
Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up
Maybe I'm crazy, but I would say there has been a trend of my un-moderated comments being hit with the "overrated" tag. And being as the "overrated" tag seldom (if ever?) comes up for meta-moderation, it is a pretty bullet-proof way for someone with an ax to grind to knock down the comments of someone they don't like.
You could be right. It may be that someone honestly felt that this product is irrelevant and nobody cares where it is sold or how much it costs. And I wish I could believe that is the cas
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
I think you could say.... Well thats what you get for using a phone as a data storage unit. We all know that once some one has physical access it's just a matter of time. So all this just showed us is that its a small matter of time. You want you data secured? Keep it on a secure server somewhere. Access it in a way that doesn't leave copies on your phone.
Re: (Score:3, Insightful)
You want you data secured? Keep it on a secure server somewhere. Access it in a way that doesn't leave copies on your phone.
So, how does one exactly go about dialing a number without leaving a trace on the phone?
keep your calls from showing up in the call list (Score:1)
2. Make your calls through a forwarding service, only one phone number will show up on your dialed calls list.
Re: (Score:3, Insightful)
Sign up with a dialing/switchboard service that uses voice recognition, maybe?
suggestModerate(parent, -1, "D'oh");
this.append(smiley);
Re: (Score:3, Funny)
So, how does one exactly go about dialing a number without leaving a trace on the phone?
Maybe put on a glove?
Re:Wait... "troublesome for corporate employees"? (Score:5, Insightful)
You completely missed the point. This is not about the employee being able to keep their actions private from the world, or even their own employer. It is about the company being able to keep their actions private from the world, which obviously includes the actions of all of their employees.
It is a completely reasonable expectation, and indeed quite desirous by corporations, that an employee be able to maintain some level of privacy (and security) from the rest of the world. So when the article mentions that it is "troublesome for corporate employees" it is really talking about the implications for security for the entire company.
Security Cameras, Data Sucks, I'm Not Surprised (Score:4, Insightful)
Re: (Score:2)
All phones? (Score:2, Informative)
Re: (Score:2)
So it doesn't support even most phones let alone all phones. Not even the common ones, even. Seems a bit of a waste.
Re: (Score:1)
My guess is if the phone can be set up as a USB device, it can be breached.
So I wonder when they will have one for the iPhone?
Only Samsung and Motorola, so far (Score:2)
I wonder if those are the most common phones, or the easiest to mess with via the port?
Re: (Score:3, Insightful)
Well it's missing the largest cellphone company in the world - Nokia - and within that the most popular phone in the world - the 3310.
So no, they are not the most common ones. (You'd need Sony Erricson and LG in there as well for the popular ones, even if you limited it to phones in the last year or two).
Possibly easiest to hack.
If they can make this (Score:3, Insightful)
Then why is it so hard for me to sync my phone?!
Re: (Score:2)
Use a nokia and its not an issue.
I've been using various Nokia S60 smartphones since 2003 and I've always used the nokia pc suite to sync outlook contacts and calendar with my phone. Initially the PC suite software was extremely flakey, but its improved a _Lot_ in the last year or so. Still leaks memory badly though...
Yes this is a windows/outlook solution only, but it has worked extremely well for me. I get a new phone, sync with outlook, change sim cards and sync again.
The PC suite software also lets m
Probable Cause and Warrants (Score:3, Informative)
In the US, we used to have this requirement that the government protect our rights:
Without probable cause and a legitimate warrant based on it, there is no reasonable search or seizure, no usable evidence. There's only an armed gang assaulting and violating their victim.
A fancy new way to invade privacy is just an expensive and effective battering ram.
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Like I said: we used to have requirements to protect our rights.
Clarence Thomas, as everyone not blinded by Republican loyalty knows, isn't a "Constitutional" justice. He's a rightwing pawn.
Which is why he and his Republican Supreme Courts have tended to throw out the requirements that the government protect our rights. Including the long-understood requirement that a warrant be produced from probably cause to be reasonable.
But hey, if you want a "literal Constitution", let's finally dismiss that standing a
Re:Probable Cause and Warrants (Score:5, Insightful)
Clarence Thomas, as everyone not blinded by Republican loyalty knows, isn't a "Constitutional" justice. He's a rightwing pawn.
Statements like this is why you're a commie stooge, Doc. Clarence Thomas has been on the side of individual rights far more often than Ginsburg, Souter, Stevens, or Breyer.
Kelo vs Connecticut...who sided with government power and who sided with individual property rights?
Heller vs DC...who sided with government police power and who sided with an individual's right to self defense?
Raich vs US...who sided with personal growth and consumption of marijuana and who sided with the government's prosecution of such under the Commerce Clause?
As for the expectation of privacy when crossing the border, there has NEVER been an implied or explicit right. The US government has always maintained the power to search your belongings on entry. Your allegation that Thomas is somehow throwing out the Constitution with this decision illustrates your basic ignorance on the Constitution, Constitutional law, and Clarence Thomas...in other words, par for the course for you.
Re: (Score:3, Informative)
I notice you failed to address cases that support the parent's argument, perhaps the most obvious was Clarence Thomas agreement with the Bush administration regarding executive authority in Hamdi v. Rumsfield. Please feel free to outline an argument that indicates Clarence Thomas was not acting as - what does the right wing call it - an "activist judge" promoting an ideology over law. Also, for extra credit, add in a comment or two about Clarence Thomas and stare decisis and what that means in a legal syste
Re: (Score:3, Informative)
Doc...a commie stooge???? Hilarious???
Niggling points about Thomas are truly silly, as he is indeed a rightwing stooge, and the Justices, similarly to "our" senators and representatives, practice something known as "throwaway votes" (or decisions in this case), whereby the vote one way after ascertaining the way the majority is voting to appear to be politically rightwing, or leftwing or centrist. If your state has two senators of the same party - d
Re: (Score:3, Interesting)
The border has always been an exception to enforcement of government protections of our rights, even when unjustified by any actual risk response. This decade has seen those exceptions turn extremely abusive, even on totally legitimate US citizens and visitors.
We have to fix our border to protect us from both foreign threats and domestic abuses. And we especially must reverse the trend of finding any exception to protecting our rights as an excuse to violate them elsewhere.
Hmm... (Score:2)
I think this should be highly illegal. What about the whole secure in your person, papers, and property bit? This is like copying all your papers and transactions for the past few months so that they can just look at them when ever! If the law enforcement needs this, it needs to be required by law that they need a warrant signed by a judge to use!
On corporate phones/PDAs, it's completely impractical to say that you aren't going to have a data/charging port. You've pretty much have to have one. Now, initiall
Re: (Score:3, Insightful)
Do you mean the product should be illegal, or the act of using the product as it is intended?
This is being marketed as a forensic product. The primary user of this device is going to be a forensic technician in the field. That usually implies crime scenes, etc. There are no problems legally in that context as the technician clearly has rights to be there, or is working in a lab on evidence.
So the product itself is legal as any use in a forensic capacity does not violate the 4th amendment. There are quit
Synch vs snarf (Score:2, Interesting)
Umm, why is it easier for them to steal my data than its for me to synch my phone to my computer? :(
Re: (Score:3, Funny)
Because compliance with the government's requirements are enforced by large men with guns and the power to throw people in jail forever (ask Qwest's former CEO), and compliance with your requirements... isn't.
why are you letting strangers have your phone (Score:3, Interesting)
Of all the things you can worry about, this seems to be one of the sillier ones - a phone is one thing pretty much never out of sight or touch in public. How is anyone going to plug in anything without your permission?
Look to your Bluetooth stack if you are concerned about data leakage.
Re: (Score:2)
Of all the things you can worry about, this seems to be one of the sillier ones - a phone is one thing pretty much never out of sight or touch in public. How is anyone going to plug in anything without your permission?
Any occasion where you undress... Imagine having a sex-date, and while you have fun in the bedroom, an accomplice of your date is having it with your phone that you carelessly left on the coffee table.
Re: (Score:2)
Nice fantasy life you have there, Mr. Bond.
The rest of us won't be worrying about this....
Re: (Score:2)
Mostly nuisance for most of us (Score:2)
Then of course it is only going to download at the speed of the phone, so it is in no way instantaneous. There is a warning on the product that says downloading an entire phone could take hou
Re: (Score:1)
Yes, there are excruciatingly easy ways to unlock certain phones without the password..
When I got my first cell phone, a Razr V3C, I put a password lock on it, only to find out on the first try what if you power it up and then close the lid while it boots, it will simply not ask for your password, and you'll be in.
Fantastic!
Why should we worry? (Score:1)
FUD?? (Score:2)
Ok, so after RTFA, I'm a bit confused. What exactly does this device do that you couldn't already do with a laptop using bitpim and bluetooth or the correct usb cable for the phone??
Sure, it's more portable, but it's still not so small that you wouldn't notice someone using it.
Re: (Score:2)
Nothing at all that I can see. And it's only for a limited number of phones at that.
I'm sure it has a use in its field but to sell it as a general use device is just silly.
Useless.. (Score:2)
Why use something like that?
Don't you know the super-secret-one-world-government PIN code? 0, 0, 0, 0, YES.
It works in 99.9% percent of the cases.
Those 0.1% must be used by some kind of hackers.
You know... Like Keanu Reeves.
if so, i am fux0red (Score:1)
Undetectable... (Score:1)
Physical access? get physical (Score:1, Funny)
The device requires physical access .
Warning ! If somebody stuck a device in my cellphone , I wonder if the hospital can remove it from their Arse or stomach . because that is where it would be, and I'm not Joking
BlackBerrys (Score:1)
A convenient list of phones not to buy (Score:3, Informative)
http://csistick.com/models.html [csistick.com] -- Remember, before buying or recommending a phone, check this list to be sure your phone is not on it.
Re: (Score:1)
Undetectable? (Score:2)
I'm sorry, but if someone runs up and connects something to my data port on my phone, I am pretty sure I am going to notice it.
A Device to Grab Data From [SOME] Cell Phones (Score:1)
"It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly."
Ask anyone in the mobile forensics field, and they will tell you what a joy it is to have so many choices of software/hardware that can get data from every mobile phone out there. [/sarcasm]
Take a look through the documentation of any of the mobile phone forensi
You have NOTHING to worry about.... (Score:1, Interesting)
I'm sure this device... (Score:2)
...is good at what it does, but isn't the real problem getting your hands on the cell phone at all? When it's not charging at home, it's usually in my pocket and you'd have to be a pretty good pickpocket to steal and return it. I don't usually leave it anywhere due to thieves, so what would you do? Break into the locker at the gym? Ask me to borrow it to make a call? If I had something sensitive on it I wouldn't unlock it and give it to you. If you steal it or have a warrant it doesn't matter one bit what y
Re:unfortunately, I use a blackberry! (Score:3, Interesting)
Where all the content is strongly encrypted with AES. Maybe you shouldn't have bought that iphone if you were concerned about security!
They have a model for the Blackberry in the works. Since this device is designed for forensic investigation by either law enforcement or corporate compliance investigators, I would not be surprised if it hooks into low level OS calls put in place for this purpose. The NSA has a back door into virtually all systems out there.
Re: (Score:2)
If the Blackberry is locked and password protected, there is no way to interface with the device via the USB port until the password is provided.
Furthermore, if the incorrect password is entered a predetermined number of times, all data on the device is wiped.
Lastly, if the Blackberry is connected to a Blackberry Enterprise Server (or a BES-lite consumer solution like Blackberry Unite), the device can be wiped clean of all data remotely by the server at any time.
I don't doubt that a