You are currently browsing the category archive for the 'Mobile Phones' category.
A move by legislators in the US state of Maine to require brain-cancer warnings on mobile phones is expected to trigger a worldwide response, the Australian industry has said.
A Democrat state representative, Andrea Boland, wants new mobile phones to carry health warnings like those on cigarettes and is pushing ahead with the legislation despite a lack of scientific consensus.
Read more here:
http://www.watoday.com.au/digital-life/mobiles/push-for-cigarettelike-warnings-on-mobiles-20100104-lnvo.html
A presentation and paper on Reverse engineering JTAG at the 26th Chaos Communication Congress is now available to download here:
http://events.ccc.de/congress/2009/Fahrplan/track/Hacking/3670.en.html
Other Hacking and reverse engineering papers and talks from the conference can be found here:
http://events.ccc.de/congress/2009/Fahrplan/index.en.html
The hacking track is here:
http://events.ccc.de/congress/2009/Fahrplan/track/Hacking/index.en.html
More on the story here:
This report concerns the theoretical and practical issues with automatically populating mobile devices with reference test data for use as reference materials in validation of forensic tools.
It describes an application and data set developed to populate identity modules and highlights subtleties involved in the process. Intriguing results attained by recent versions of commonly-used forensic tools when used to recover the populated data are also discussed. The results indicate that reference materials can be used to identify a variety of inaccuracies that exist in present-day forensic tools.
The Paper can be downloaded in PDF format from here:
http://csrc.nist.gov/publications/nistir/ir7617/nistir-7617.pdf
More on the paper here:
http://www.testandmeasurement.com/article.mvc/NIST-Develops-Experimental-Validation-Tool-0001?VNETCOOKIE=NO
The tool itself can be downloaded from here:
http://csrc.nist.gov/groups/SNS/mobile_security/mobile_forensics_software.html
The tool is called SIMfill, and it’s a java application that populates Subscriber Identity Modules (SIMs) with reference data and can be used to assess the data recovery capabilities of forensic SIM tools. The package includes an initial set of reference data for use with SIMfill, the source and compiled code, a readme file, a user’s guide, and a video demonstration. It can be downloaded free from:
http://csrc.nist.gov/groups/SNS/mobile_security/mobile_forensics_software.html
According to a survey by the Australian Communications and Media Authority, about 75% of Australians are either “very satisfied” or “somewhat satisfied” with their telecommunications services. I was surprised to see that there wasn’t a massive difference between metropolitan and rural areas, despite rural areas having a much less options and less bandwidth as metro areas. Those users who weren’t happy largely focused on price, customer service and poor mobile reception.
Read more here:
http://www.acma.gov.au/WEB/STANDARD/pc=PC_311777
Here is an article about the security of the newly released iPhone 3.0 software for both iPhone 3G and iPhone 3G S:
http://www.net-security.org/secworld.php?id=7647
Medialets created the world’s first shakable advertisement for Dockers, together with agencies OMD and Razorfish. Users shake their iPhone to make the Dockers guy dance. This ad utilizes the iPhone’s accelerometer as well as audio capabilities and appears in targeted, free iPhone applications.
A research team from Ben Gurion University in Beer-Sheba, Israel, found that talking on a cellular phone harms the mental abilities of the user.
The influence of cellular phones on brain functions and general health has been widely researched in recent years. Most of the experiments try to understand whether electromagnetic radiation is cancerous or not. Researchers from Ben Gurion University and Soreq Research Center for Nuclear Energy have decided to take a closer look at the effect mobile phones have on people’s cognitive functions.
Read more here:
http://thefutureofthings.com/pod/7033/cell-phone-usage-damages-memory.html
Having a rooted phone means you can do tricks like setting up a 3g/wifi bridge. The process starts by using a rooting app to revert the phone to the rc29 build. then using the “android stupidly executes everything you type” exploit to launch telnetd and upgrade the bootloader. After that, the upgrade process is fairly easy. Just flash a new baseband and build. once you’ve got your new custom firmware, you can do future updates using an app from the android market.
Read More here:
You might know some of them but most of them are just an inside code and some can raise red flags.
Here are some of them:
D46 - “Do you want to have sex?”
LG6 - “Let’s have sex”
GNOC - “Get naked on camera”
TDTM - “Talk dirty to me”
LMIRL - “Let’s meet in real life”
See the link below wich includes a video:
The video talks about a couple of people who’s lives are ruled by harrasing calls and threats. They claim that their phones are tapped with special software.
Rick Mislan talks about the software and how easy it is to be placed on mobile phones.
Software such as:
- http://www.mobile-spy.com/
- http://www.world-tracker.com/
- http://www.flexispy.com/
- http://www.e-stealth.com/
- http://www.fonefunshop.co.uk/spyphone/
- http://www.thespyphone.com/allinone.html
Link to Video on YouTube:
http://www.youtube.com/watch?v=uCyKcoDaofg
Learn more here:
http://news.bbc.co.uk/2/hi/programmes/click_online/7991777.stm
It looks and functions like a Blackberry 8830 but it sure is NOT a regular Blackberry. It is locked down by NSA. I am not really sure if it is a good idea at all. NSA is installing the SecurVoice software on it for both voice and messaging as one of the ways to secure the phone. I am sure that there is a whole infrastructure that is required to run his handset services. Even considering all that, I Still believe that a mobile-phone-carrying president opens so many doors for hackers.
Can NSA and Obama get away with using a (persumably) secure mobile phone service and handset? That is the question of the day!
Read more here:
http://blog.wired.com/gadgets/2009/04/obama-to-get-ba.html
It is persumed that the phones can be modified and used in receiving SMS verification codes sent from banks:
criminals have already collected thousands of login details for online bank accounts in countries such as Germany and Holland where banks send a transaction authentication number (TAN) code by SMS to a person’s mobile phone in order to complete transactions.
Read the original post byUltraScan here:
http://www.ultrascan.nl/html/press_room.html#25.000%20Euro%20for%20your%208%20years%20old%20Nokia%201100
Read more about it here:
http://www.arabianbusiness.com/553344-hackers-pay-top-dollar-for-old-nokia-1100-handsets
and here:
http://www.dialaphone.co.uk/blog/?p=2922
A man accused of raping a university student was cleared because of the mobile phone footage showing the woman ‘actively’ having sex with him. The jurors voted to acquit the man, who’d been charged with four counts of rape, including two of rape by oral penetration.
Read more here:
http://www.dailymail.co.uk/news/article-1166466/Man-cleared-rape-court-shown-phone-footage-woman-actively-taking-sex.html
It might not be because they are secure, but simply because the ROI is just a mere phone handset! Add to that the device, OS, and carrier variations.
Read more here:
http://mobile.slashdot.org/article.pl?sid=09/03/25/1238246&from=rss
and here:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Mobile+and+Wireless&articleId=9130346&taxonomyId=15&pageNumber=1
Growth projection for the mobile sector does not look good 
Read More Here:
http://www.iphonestalk.com/new-survey-results-bring-good-and-bad-news-for-the-mobile-sector/
We acquired the domain names AndroidForensics.com and AndroidHack.com . Both domain names should take you to MySecured.com for now. We might dedicate the Android Forensics domain in the future to a website catering specifically to the Forensics of Android-Based Cellular Phones. The Android Hack domain name will be probably dedicated to the Hacks and Mods for the Android Based mobile phones and other devices such as netbooks and laptops.
Try the domain names now:
http://www.androidforensics.com
http://www.androidhack.com
An interesting article about pedophilia and ’sexting’ in the mobile age. Sexting means sending nude or semi-nude pictures of oneself on mobile phones to others. Two cases are discussed in the article.
In my opinion, lawmakers should consider the changes in technology and evolve the laws to deal with the new issues emerging from the proliferation of cell phones in our societies and changes to the ways mobile phones are used.
Robert Scoble aka Mr. Twitter talk to Larry Magid at CES. Robert has 48,000 people who follow him (read his Twitter posts which are called “tweets”) but he follows nearly 21,000 people. How he does that? Tweetdecks is one way! They also talk about the Palm Pre Surprise. Listen to the whole podcast here:
http://news.cnet.com/8301-19518_3-10141183-238.html
This is starting to be like citizen reporting via tweets again. This time it has help from tweet decks. Can this be the beggining of a new way for us to get news from the inside of conflicts, disaster areas and maybe even anonymous news tips? Rumors?
A new site dedicated to the Palm Pre Mobile Phone and its WebOS operating system and Application Catalog. Visit it at:
http://www.PreMobilePhone.com
I don’t know if this is true or not yet but here it goes! There seems to be a vulnerability that affects Nokia Series 60 phones, including N95 and N73 handsets that blocks all SMS and MMS from reaching the phone, hense the name “Curse of Silence”. attacker in this case sends a specially designed SMS message to the target phone. What’s worrying is that the recipient will receive no indication that they got the message.
The only way to get the target phone to recieve messages again is to factory reset it. Even after the factory recet, the phone still remains vulnerable to future silent curses. The attack will only work on phones running version 2.6, 2.8, 3.0 or 3.1 of Symbian S60.
An in-depth look at the new Palm Pre Mobile Phone:
I love how fast it is and how they allow you to have “pages’ of applications running at once… Look at the videos to see what I mean. What I hate is the numbers on the keyboard are Orange just like punctuation marks on the T-Mobile G1… I can’t see them at all! But that’s just me…
Related:
Plam stocks are up.
Google Finance on Palm, Inc.
Is it going to be the iPhone killer? or will it suck like the Google Android did before it? Give it six months and we’ll see 
The video is Long (32 Minutes!).
- It starts with a parody song (as usual!).
- 3:35 Trends for 2009
- 4:30 VoIP cell phones
- 6:40 VoIP on Mobile Phones with T-Mobile (By the way BT has it too!)
- 10:40 Grand Central: A service that rings all your phone numbers at once at the same time on a single number! Watch the demo 
- 12:50 Google Cellular: Free SMS and Voice initiated 411 directory enquiry service
- 16:25 1800 Cha Cha: Ask any question by voice and get answer by text
- 18:00 Voice Messagase by email or SMS services e.g. spinvox, PhoneTag and CallWave
- 21:00 More on Callwave and a feature demo
- 22:35 Popularity Dialer .com
- 23:50 iPhone beginings. How iPhone changed US carriers
- 25:00 iPhone with internet all the time
- 26:30 iPhone shuffle and App Store apps demos like: Midomi, Pandora, Urban Spoon
- 28:30 T-Mobile G1 and Verizon
- 29:30 End with a Song: The iPhone Song
Modding Education for iPhone users AKA ModEdiPhone.com is a new website for all iPhone users who would like to jailbreak their iPhones or SIM unlock them whether they are using a first generation iPhone or the 3G iPhone. It provides guides and step-by-step videos and advice on how to do each hack or mod without any complications. It includes software, firmware, and hardware mods and hacks. It also contains the last five posts from the most popular iPhone blogs and news sites. It is a must visit and subscribe-to website so make sure you add it to your favourites
Here is the link:
http://www.modediphone.com/
Cellphone Gun:
Pen Gun:
Yes you can Watch this:
Get your gadgets coated with this micro polymer here:
http://www.golden-shellback.com/
for more information go here:
http://www.electronics-au.com.au/blog/computers/apple-iphone-underwater/
A man in the United States used his mobile phone and the social networking service Twitter to inform the world even as he was trying to escape a burning 737. Read or hear more from the ABC:
http://www.abc.net.au/am/content/2008/s2453641.htm
I have previously heard of a case where a man used the twitter service to let people know he was arrested by Egyption authorities:
http://www.cnn.com/2008/TECH/04/25/twitter.buck/index.html
Both stories might be looked at as extreme uses of the twitter service or other micro-blogging and social services. As mobile phones become more location-aware, social networking services such as twitter are tapping into this capability of mobile phones making them even more usable in distress situations or even to report crime. Coupled with cameras, these services in addition to location-aware devices can become effective crime fighting tools.
As predicted, it did take a long time to unlock the 3G version of the iPhone as compared to the 1st generation iPhone. It is never the less a great achievement for the Dev-Team. So, if you are still using a SIM proxy to unlock you iPhone 3G, then this unlock is for you. For all others, this makes no difference at all
For those who do require the SIM unlock I give you this warning: never upgrade you phone to 2.2 as it will unpgrade your modem software making it impossible to unlock with the SIM unlocking solution from the dev-team.
So: NEVER UPGRADE OR RESTORE YOUR IPHONE IN ITUNES
For more information, please visit the dev-team’s website at:
http://blog.iphone-dev.org/
For more information on the harmless totally-reversable hack, go to:
http://www.engadget.com/2008/12/10/video-android-rocking-on-the-htc-touch/
Get the hack and instructions directly from xda developers here:
http://forum.xda-developers.com/showthread.php?t=382265
It’s the two hottest touch-screen phones duking it out. Can the new kid on the block take down the champ?
Want to learn how to upgrade your Android to RC30 and get root access on it? get a step-by-step guide here:
http://modmygphone.com/wiki/index.php/Main_Page
Here is a sample video of Noise Alert:
For more videos visit the website:
http://www.androidapps.com/
For Apple iPhone App reviews, visit AppVee’s iPhone website at:
http://www.appvee.com/
Your iPhone can not delete or forward SMS Messages? Yes it can! Use MySMS to do that!
Your iPhone can not forward a contact number to another one? Now it can! Just use MySMS
You want more options such as:
- landscape typing
- punctuation keys at the right side of typing window
- sms forwarding (even conversations)
- single / individual sms or conversation deletion
- character counter (to know if your text will be sent as one or multiple SMS messages)
- send contacts through sms
- Use message templates
- set password on app loading/launch
- Easy contact list search!
- disable auto correction in SMS typing (very useful if you are typing in other languages)
- skins (downloaded from the dev’s repo: isoftru.ru/repo/)
- set mySMS as the default SMS app
- Option to Tap return key twice to send message
For more information go to:
MySMS
and to see more screen shots and instructions on how to downlad the application from Cydia, go to:
http://iphonehelp.in/2008/11/13/mysms-ultimate-sms-app-for-the-iphone-3g-2x-via-cydia/
A good start is Google’s own documentation page:
http://code.google.com/android/documentation.html
Books are another good source for step-by-step development. One Andoid book that I read is:
ANDROID A PROGRAMMERS GUIDE (Paperback)
It guides you through installing Eclipse, Android SDK and all the different steps that lead you into developing a “Friend Finder” application.
Other books of interest that i found on Amazon include:
I love David Pogue… He gave us the iPhone Music Video when the iPhone first came out 
See it again here:
http://au.youtube.com/watch?v=vniMR6Ez9cE
Just watch
A new book with companion DVD by Jesse Varsalone. Expected retail price is AUD 79.00.
Key Features include:
- Companion DVD Contains Custom Materials That Can Be Used in a Real Digital Forensic Investigation
- Includes Unique Information about Mac OS X, iPod, iMac, and iPhone Forensic Analysis Unavailable Anywhere Else
- Authors Are Pioneering Researchers in the Field of Macintosh Forensics, with Combined Experience in Law Enforcement, Military, and Corporate Forensics
Sounds good? Then for more information go to:
http://www.elsevierdirect.com/product.jsp?isbn=9781597492973
Call it “on-demand computing”, “grid computing” or “software as a service”, cloud computing is the wave of the future whether people like it or not. When it comes to smartphones both iPhone and the Android platform are betting their success on cloud computing. Apple’s MobileMe and Google through its Google Apps on G1 did not get a great start but they are improving their acts with fixes and updates. Microsoft announced lately that they are getting into the cloud computing arena with cloud based servers that target both smartphones and sub-laptop devices called “netbooks”. There are too many news articles to list here to support this post and new articles on the subject seem to pop up every singe hour of the day. So, I am going to leave all the searching for cloud computing articles to you! Here is a google search for smartphone and “cloud computing” to get you started:
People living in Australia can get their hands on a T-Mobile G1 via eBay.com. They will be able to use the 3G HSDPA fuctionality on Carriers other than Telstra though. For 3G connectivity, the G1 will work only if the carrier’s network uses the 2100MHz frequency band. Currently those carriers include Vodafone, Optus and Three. Telstra’s Next G network runs on the 850MHz frequency so it’s not supported.
For more information, read on:
http://www.theage.com.au/news/technology/biztech/google-phone-hits-australia-via-ebay/2008/10/29/1224956120782.html
Get more information about this application and much more on Android’s Developer blog.
Also, visit Google Code Pages for Android.
Google Marketplace is where developers can easily publish and distribute their applications directly to users of Android-compatible phones including the T-Mobile G1.
In an article in The Register, Google defends limiting accress to Non-Marketplace applications to the following:
At this point, we think it is too dangerous to give a third party application blanket access to install applications without the user being involved. That may change in the future, but for now that is the way it is.
Read more about it in the article.
On the G1, T-Mobile customers will be the first to check out about 50 available applications. T-Mobile says that all apps are free until 2009. Here is a look at the top 15 out of those.
The one that scares me is the sex offender warning application. It tells you where your G1-carrying daughter or grandma are and how far and in which direction is the nearest registered sex offender to them!
See what I mean by watching the demo here:
http://www.freefamilywatch.com/demo.html
Follow the link for the story and pictures:
http://www.pcworld.com/article/152384/in_pictures_15_killer_android_apps_for_the_g1.html
As you might know, the iPhone 3G comes either on a contract which means that it is locked to the provider or Unlocked via iTunes on pre-paid plans or through a special arrangement with the service provider for a small fee. Locked phones however can be unlocked via hardware SIM attacments such as TurboSIM (discussed in detail in my paper) or other cheaper alternatives such as Universial SIM. What you might not know is that some sellers sell iPhones as if they are officially or leagally unlocked but in actuallity they are unlocked with alternative SIM attachments as shown in the pictures below:
SIM insertion slot showing extension wires
The actual Universal SIM attachment
To find out if the iPhone you are buying is unlockable by its carrier or not, ask the seller for the phone’s serial number and then visit:
http://support.apple.com/kb/HT1937
Buying a fake-unlocked iPhone could mean that your phone might be illegal to use in some countries because it violates usage laws. Also, it means a degration and sometimes the denial of service when it comes to data services and the quality of phone calls.
Pictures and Story from the Arabic source iPhone Islam. The only source for Arabisation of iPhone.
The beggest selling points for the Android and the G1 in my openion are the simultanious execution of applications and street level on google maps. Who needs any of these?!
You can run applications in the background on iPhone by using the Cydia app Backgrounder and you can use google earth for now to get street level pictures and wait for 2.2 iPhone software for full street view capabilities
I am sticking to my iPhone for now Gotta love the big screen and the safari browser responsiveness and page browsing speed.
The LayerOne 2008 talk by David Hulton titled: Intercepting Mobile Phone/GSM
Visit the GSM Hakcing WIKI at:
http://wiki.thc.org/gsm
The USRP is available at: http://www.ettus.com
Learn more about the GNU RADIO project at: http://www.gnu.org/software/gnuradio
David is the Chairman of Toorcon
An interesting news article about the work of BT (formerly British Telecom), Glamorgan University, Australia’s Edith Cowan University and Sim Lifecycle Services where researchers recovered data from handsets from mobile phone recycling companies:
Mobile phones can never be totally wiped clean of data
To get more information on the research at Edith Cowan University and its upcoming conferences please visit SECAU Security Research Centre’s website:
Here are some published refereed journal and conference papers to give you an idea of what to expect for the Edith Cowan University conferences in December:
- Valli, C. and A. Jones (2008). A study of 2nd Hand Blackberry for sale - World class security foiled by humans. Proceedings of the 2008 World Congress in Computer Science, Computer Engineering, and Applied Computing - SAM 2008 - The 2008 International Conference on Security & Management., Las Vegas, USA.
- Al-Zarouni, M. (2007, 3rd December, 2007). Introduction to Mobile Phone Flasher Devices and Considerations for their Use in Mobile Phone Forensics. Paper presented at the The 5th Australian Digital Forensics Conference, Edith Cowan University, Mount Lawley Campus, Western Australia.
- Yap, L. F., & Jones, A. (2007, 3rd December, 2007). Profiling Through a Digital Mobile Device. Paper presented at the The 5th Australian Digital Forensics Conference, Edith Cowan University, Mount Lawley Campus, Western Australia.
- Yap, L. F., & Jones, A. (2007). Deleted Mobile Device’s Evidence Recovery:. Paper presented at the Media and Information-War Conference 2007, Kaula Lumpur, Malaysia.
You can register to attend Edith Cowan University’s conferences here:
http://conferences.scis.ecu.edu.au/
Hope to see you there
According to the article below, iPhone 2.2 beta which was provided to developers contained an Android-like Street View capability within the Google Maps App.
I Don’t know about you, but to me, it seemed like the street view feature was one of the most attractive features that Google used in selling the Android platform to consumers. I personally see a great potential in Android for app development but I still think that the iPhone will keep on keeping on especially after the dropped the NDA requirement for app developers
I’ve had my iPhone 3G with MobileMe for a while now but it didn’t seem like the push service from mobile me was working at all. This changed starting from yesterday though It is working now and I am happy with it so far.
Here is a link to the T-Mobile G1 website where you can play around with a basic emulator without having to download the SDK. You can also get a basic guide on features here:
http://tmobile.modeaondemand.com/htc/g1/
A more functional emulator can be downloaded with the Android SDK here:
http://code.google.com/android/reference/emulator.html
Finally here is a good video Introduction on Android OS for Developers. A must see if you have anything to do with the Android Platform(WARNING: 52 MINUTES LONG!):
More demo videos on user interface and applications can be found on the Android developer site:
http://code.google.com/android/index.html
Here is one of them to get you started:
These are some of the prototype Mobile Phones on show.
3D Navigation and Situational Awareness in a Mobile Phone:
Separatable mobile phone:
Projector Mobile Phone:
Ideally the emergency dial screen should allow ONLY EMERGENCY NUMBERS to be dialed out on a passcode locked phone. The iPhone however allows for ANY NUMBER to be dialed when it is passcode locked! This bug is not new, it was present in iPhone 2.0.2 as well!
Here is a video demonstrating the issue:
I discovered this bug in 2.0.2 just a couple of days before 2.1 came out. So, it was too late for me to give a heads up to Apple. So, I waited for 2.1 to come along to see if it was fixed. I did that today and found out that it wasn’t fixed.
This of course could be an Auatralia-only issue or even an Optus-only issue. Nevertheless it is a security issue with the iPhone and should be addressed.
UPDATE 18 Sep 08:
There is some debate on whether it is a bug or feature! Look at the following link for some more information on the issue:
http://www.macrumors.com/iphone/2008/09/17/iphone-2-1-emergency-call-anyone-bug-or-feature/
–
About the author:
Marwan Al-Zarouni CISSP is currently pursuing a Doctor of Information Technology award at Edith Cowan University. He is a member of the Security Research Centre at Edith Cowan University in Perth, Western Australia.
The features include: live rss feeds, live TV streaming channels, TV guide while watching TV, credit card and transport card functions on the phone, biometric fingerprint reader, 3+Mbps speed 3g data speeds… etc.
It has street view
The CSI Stick is a portable USB stick kind of device that can be connected to a mobile phone to conduct a copy of some sort of memory from the mobile phone device without the need for a computer to be connected to the mobile phone. The type of data collected form the mobile phone can be chosen through a slider switch. The device currently supports certain Motorola and Samsung phone models with more manufacturer support coming soon. The data collected by the device can then be interpreted via the use of Paraben’s Device Seizure or DS Lite. The cost is $199 USD.
For more information, please visit:
http://www.physorg.com/news139460365.html
and
http://computing.in.msn.com/safe/article.aspx?cp-documentid=1658902
or the device’s official website:
http://csistick.com/
WOLF claims to forensically extract the information from the internal memory of the iPhone without altering the device.
-
WOLF claims it can obtain the following information from devices:
The price, training and other information can be obtained from Sixth Legion LLC, a division of IDFS LLC on:
http://www.hex-dump.com/wolftest/index.html
or
http://sixthlegion.com.
PwnageTool 2.0 MACOSX version is released.
For more details, please visit:
rlslog.net
also see:
UPDATE: Don’t have a Mac? You can do it in Windows as well. For instractions, go here:
Step-by-Step Guide to Pwn first generation iPhone running firmware 2.0 using Windows
In a previous post http://www.mysecured.com/?p=202 I showed that your data is not wiped when you do a normal restore. So in this post I will show you some of the ways you can wipe your phone with some degree of certainty that the information on it is wiped.
If you want to wipe your iPhone before you sell it on eBay or give it back to Apple because the touch screen stopped working all of a sudden! Then here are the different ways you can wipe it:
- Jonathan Zdziarski’s method:
http://www.zdziarski.com/papers/wipe.html
It involves jailbreaking and command line access. It is best suited for people with jailbroken iPhones and are really paranoid and control freaks!
- Rich Mogull’s (securosis.com) method:
http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/Which is an easy to do 2 restores and 3 overwrites of the iPhone device’s user data area. Look at this video from CNET on youtube:
- BigBoss Wipe App Method:
http://sleepers.net/news/?p=174
This needs the iPhone to be jailbroken as well. It does a zero out wipe on the device, so it will require a restore afterwards.
The basic idea of all of the methods is to overwrite the data in the user area. Be it by overwriting it with music as in Mogull’s method or by using a wipe tool as with BigBoss or by overwriting it with zeros as in Jonathan’s method. I prefer the latter two methods as overwriting with music might leave some of the data intact (call me paranoid!). But on the other hand it could be the only option for people who do not want to jailbreak their iPhone or do not have the technical expertise to do so.
UPDATE (28 August 2008):
iPhone software 2.0 and above comes with an erase all feature that was not available in previous versions of the iPhone and therefore this feature can be used to completely wipe the iPhone. This can be done on the iPhone itself without needing to connect it to iTunes.
So, on the iPhone tap Settings -> General -> Reset and then select the “Erase All Content and Settings” option from the buttons shown. Users must note that under the 1.x iPhone software, invoking this setting erased the iPhone’s obvious data, but not did NOT PERFORM A ‘bit-by-bit’ WIPE. Under the 2.0 software however, you get a much more thorough wipe (bit-by-bit). which can take an hour or two to complete depending on the storage size of the iPhone being wiped.
According to Jonathan Zdziarski:
A detective from the Oregon State Police notified me this afternoon that an out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit.
So, if you have to return your iPhone to an Apple or AT&T store and they offer to replace it with a new one, make sure that you wipe your data properly first. A proper bit level wipe is needed here and NOT a system restore!
When: April 17, 2008 at 17:00 GMT
Who: Jonathan A. Zdziarski.
Details: While some of a suspect’s data can be viewed using the direct GUI interfaces in the iPhone’s software, much hidden and deleted data is available as well, which may provide for more thorough evidence gathering. Existing commercial forensic tools are sadly lacking their ability to perform deep raw disk level recovery, and so Jonathan will demonstrate how to install his custom forensics toolkit on any existing model iPhone and send a raw disk image to a desktop machine. He will also show you how to recover files specific to the iPhone including deleted keyboard caches, photos, web objects, and much more. Jonathan’s custom forensics toolkit and his accompanying forensic manual will be available free to forensic investigators in law enforcement.
Read More here:
http://www.oreillynet.com/pub/e/949?CMP=ILC-orm_webinars&ATT=iphone-forensics
Here is a link to a Video demo shown on CNET News.com. It shows the potential of software-as-a-service (SaaS) applications like Basecamp or Salesforce.com on the iPhone. This could boost the sales of the iPhone and at the same time provide another dimention to information accessable to the iPhone mobile device.
Blogged with the Flock Browser
Get them here:
http://www.macworld.com/article/60232/2007/10/nov07mobilemac.html?t=213
Thanks to Macworld magazine
As requested by Haitham. The Hard drive is not actually a hard drive. It is a Samsung 65 Nanometer NAND flash part number “K9HBG08U1M” the same one used earlier in the 8GB iPod Nano.
Data sheet can be found here:
http://www.datasheet4u.com/download.php?id=604473
More information and other links can be found here:
http://www.iphonefreak.com/2007/07/iphone-componen.html
Good news for iPhone forensics:
Paraben’s Device Seizure can get a variety of data depending on the operating system version as well as whether or not the phone has been unlocked (often called Jailbreaking). The following is a general guide to what data can be acquired from the different versions, however, our testing shows that different Jailbreaking methods unlock different portions of the phone (for instance, one method allowed Device Seizure to acquire most media files but did not allow access to phone records, contacts, or images uploaded to the phone):
Firmware 1.0, 1.0.1 and 1.0.2: Most logical data can be acquired from the phone Firmware 1.1.1, 1.1.2, 1.1.3, and 1.1.4: Only the /var/root/Media folder will be acquired Firmware Unlocked by a Jailbreaking Utility: Should
acquire most logical data depending on the unlocking software used. This is our first release for the Apple iPhone and we expect to see many more additions to this technology in the future. Keep your subscription
current to make sure you get all the new updates.
As quoted from Paraben. For more information please visit Paraben.
Instructions in Arabic can be found here:
http://www.iphoneislam.com/?p=62
Instructions and download in English can be found here:
If you get error “The application failed to initialize properly (0xc0000135)” you need to install .NET Framework 2.0. The executable unzips the GUI executable to “Program Files\ziphone”
Now you can unlock new iphones that are OTB 1.1.2 and 1.1.3 (bootloader version 4.6) with just software and no need for special microchips that go behind your SIM card. Here is a link to the guide:
http://iphone.unlock.no/OTB112unlock.htm
To see it in action, check out this youtube video:
Gear Live has a cool gallery of pictures of the new additions to the iPhone interface in its 1.1.3 release. The most impressive feature for me was the locate-me feature for the google maps application. Other features include dragging and dropping icons on the springboard and bookmarks icon on the springboard. Another much-needed feature is the multiple-people SMS capability.
To see some screen shots of the changes please follow the link below:
An Arabic keyboard has been developed for the iPhone. Now you can write Arabic SMS messages on you iphone
For more information and to update you iphone to support arabic typing please visit:
http://www.iphoneislam.com/?p=20
Also, make sure to bookmark their site for the latest islamic and Arabic related links and stories about the iPhone:
All you have to do is place a font file in the direcotry:
system/library/fonts/cache
It can be downloaded from here:
http://rapidshare.com/files/70430782/arialuni.ttf.html
And your safari browser will be able to ready arabic in the correct direction this time! As shown below
Credit for this one goes to Mishary.
Thanks
Finally, someone did something for the iPhone and the iPod touch that enables users to get full disk level access with read/write prevliges on the iPhone’s disk via AFP. The AppleTalk Filing Protocol makes the iPhone show up on the Mac desktop as a disk with full read/write access. For more from the “Core” click the link:
Where: Chicago, Illinois, USA.
When: 8-10 May 2008
What: World’s first conference to be dedicated to performing Mobile Device Forensics.
How much: Registration prior to March 1, 2008: $250 and after $300USD
More details can be found on the official website:
http://mobileforensicsworld.com/
Speakers include:
Rick Ayers, NIST
Sam Brothers, CBP
Michael Harrington, MSP
Wayne Jansen, NIST
Gary Kessler, Champlain College
Ben LeMere, USCG
Kyle Lutes, Purdue University
Agents from Matrix Solutions
Kevin Mansell, Control-F
Rick Mislan, Purdue University
Lee Reiber, MFI
Amber Schroader, Paraben
Greg Smith, TrewMTE
Workshop Sessions in:
Cellebrite UME36
Cellular Data Resources
Control-F
CSurv Cell Site Analysis
DataPilot
Pandora’s Box
Paraben Forensics
Project-A-Phone
It is like a SecureID token but for your Mobile Phone. It is based on Java and provides 1024bit RSA encryption and GrIDsure’s ID technology. Want to learn more, then head to:
http://www.itsecurityportal.com/itsecurity_news.asp?articleid=260033
I have to admit, I thought this is like CommonWealth Bank’s NetCode SMS but it is clearly nothing like it. For more information on that go to:
It is finally here Now you can safely update your 1.0.2 to the new 1.1.1 and have it work like a charm Make sure you know what you’re doing though
Here are the detailed instructions:
http://www.tuaw.com/2007/10/29/instant-jailbreak-for-iphone-and-ipod-touch/
Remember, if you brick your iPhone, don’t blame us!
برنامج لقراءة الرسائل العربية على الـ آيفون
For more information please visit:
http://mem9.net/iphone/
Thanks also for the following people who contibuted to bringing us one step closer to an Arabic iPhone
Metasploit for hacking iPhones:
http://www.pcworld.com/article/id,137741-c,iphone/article.html
Apple releases an update to Patch 10 flaws with the iPhone:
http://www.news.com/8301-10784_3-9786507-7.html?tag=nefd.blgs
The patch also Bricks unlocked iPhones
Here are two guides to SIM unlock your iPhone for free:
Here is a simple guide to install Arabic fonts on your iPhone. You still can not connect the Arabic letters but at least this one is right to left
Thanks to Nawaf Alsabhan for the guide. Any help in this area is greatly appreciated. So, if you know anything about Arabic font support for OSX or iPhone please contribute
Also, look at:
For instructions in Arabic
This time it is by the iPhone Dev team iPhone is finally free from its AT&T ball and chain!
For more information and to download the needed files, head to Gizmodo. Instructions are not out yet. So, if you are one of those people that never RTFM, then download it and wing it!
Thanks again for EVERYONE on the Hackint0sh forums for all their efforts and all the good times we had with the iPhone
Otherwise, (if you’ve got money to burn) then go for the commercial unlock software found here:
http://www.iphonesimfree.com/cgi-bin/iphonesimfree/engine.pl?page=buy
Got questions? We got answers! Don’t be hatin’ start participatin’! Head to Hackint0sh.org!
Image above is from: http://blog.scifi.com/
There are so many iPhone clones that some online shops have a special category for them! Check out IPMart for example:
http://www.ipmart.com/main/browse.php?cat=1758&cat=2308
The De Say M888 shown below is the most impressive of them all but at USD 251.25 plus shipping fees won’t you rather buy an original 4GB iPhone at 299 USD including shipping?
According to WIRED Magazine:
http://www.wired.com/gadgets/wireless/news/2007/08/iphone_forensics
It quotes an expert from Paraben and Blackbag saying that it is a challange.
After the Super SIM and Turbo SIM methods, we have a hardware unlock method. Follow the links below for more details:
- http://www.reghardware.co.uk/2007/08/24/iphone_unlocked/ Contains the video
- http://iphonejtag.blogspot.com/ The instructions site
- http://www.tech.co.uk/gadgets/phones/mobile-phones/news/new-instructions-for-iphone-hardware-unlock?articleid=1348296214
- http://blogs.pcworld.com/staffblog/archives/005210.html
I would not try this at home… Super Sim simply works and it is CHEAP! Why bother with anything else, it is simply not worth the time or effort. Not to mention the risk of damaging the phone!
Whould you attempt this on your phone?
It is STILL NOT a software hack! This one revolves around something called TurboSIM. It supports all kinds of SIMs not just V1 SIMs. For more information go to:
http://www.iphonestalk.com/iphone-unlocked-for-all-use-any-sim-card-in-your-iphone/
and here is how to do it:
http://www.hackint0sh.org/forum/showthread.php?t=2619
or
http://www.jasonmadigan.com/2007/08/13/turbo-sim-iphone-unlock-confirmed-working/
Enjoy and this time, no need for SIM card programmer devices or Silvercards!
At least this is a SIM fabrication hack that works. For instructions, please follow one of the links below:
http://www.hackint0sh.org/forum/showthread.php?t=2215
or
http://www.myitablet.com/iphone-unlocked-for-european-use-061341.php
Enjoy your new unlocked iPhone Now, if only they can come up with the software hack before the 45 day deadline
Update: Rumor has it that the unlocked iPhones are already being sold in Hong Kong!
http://www.gearfuse.com/hong-kong-is-selling-fully-unlocked-iphones-now/
Well, so far we have three choices. They are:
- M300 : Sold by IPMart
- M500 : Sold by SMS Technology Australia (to be released at the end of August)
- Cect Mobile Wrest watch: A Chinese prototype announce by CECT
Picture from mobilemag.com
Here are the details on How to do it (according to the hacker) :
1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com
This is not a true unlock. It is a hack that enables you to make calls with the iphone but does not enable you to recieve calls or use Telstra’s network to browse the Internet. At least not yet
Links:
http://www.smh.com.au/news/phones–pdas/iphone-hacked-for-australia/2007/07/30/1185647803146.html
For more information go to the MSN Video:
http://ninemsn.video.msn.com/v/en-au/v.htm?g=7386e8dd-6f00-4c67-931b-cea66739a91e&f=&fg=copy
Read the following articles for more details on the case:
I’ve been searching for iPhone unlocking sites and so far I found the sites below. I would like to emphasize that it is only a matter of time until a workaround can be found to use the iPhone with other providers other than AT&T. So, here are the two sites:
- The following blog post claims that it will send you an email with information about unlocking the iPhone once it is available for a small fee:
- The following company mentioned in this “the register” article claims that it is close to unlocking the iPhone and that once it is able to do that, it will provide iPhone users with a $50 software that will unlock their phones for them:
It is also worth noting that unlocking phones was ruled to be legal by the US copyright office last year.
If you don’t already have this one, please download and read this Computer Security Division NIST Interagency Report (IR). It was published in March 2007:
- http://csrc.nist.gov/publications/nistir/nistir-7387.pdf
- Zipped version of the pdf: http://csrc.nist.gov/publications/nistir/nistir-7387-pdf.zip
It is an update and complement to NIST Reports:
- Guidelines on Cell Phone Forensics (Special Publication 800-101):
- Cell Phone Forensic Tools: An Overview and Analysis (NISTIR 7250):
If you were wondering if there are any hacks for the iPhone, well here are two of them for you:
- The Activation Hack: http://nanocr.eu/2007/07/03/iphone-without-att/
This lets you access features of the iPhone without activiting it with your service provider.
This provices shell access the the iPhone. Here is a command list:
http://iphone.fiveforty.net/geohot/cmdlist.txt
Enjoy! If you’ve got more hacks, please let us know by commenting on this post
For an interesting look at the cellphones of the future, watch this short video from cnet:
Where: Liverpool Library, U.K.
When: 5pm on 25th June 2007.
What: read the pdf brochure.
For more information, follow the link:
http://www.criminalsolicitor.net/forum/forum_posts.asp?TID=2450
Preliminary Call for Papers
The First ACM Conference on Wireless Network Security (WiSec ‘08)
When: March 31 - April 2, 2008, Alexandria, Virginia, USA.
WiSec aims at exploring attacks on wireless networks as well as techniques to thwart them.
Topics include:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attacker modeling
- Incentive-aware secure protocol design
- Jamming
- Cross-layer design for security
- Monitoring and surveillance
- Computationally efficient cryptographic primitives
The considered wireless networks encompass cellular, metropolitan,
local area, vehicular, ad hoc, satellite, underwater, and sensor
networks as well as RFID.
Important dates:
Paper submissions due: September 15, 2007
Notification of acceptance: December 10, 2007
Camera-ready version due: January 15, 2008
Conference: March 31 - April 2, 2008
WiSec results from the merger of three workshops:
- ESAS (European Workshop on the Security of Ad Hoc and Sensor
Networks)
- SASN (ACM Workshop on the Security of Ad Hoc and Sensor Networks)
- WiSe (ACM Workshop on Wireless Security)
For more information, go to:
I have received many visits to this site searching for “Nokia Hidden Codes”. So, I decided to include some more Here is a list of codes and some links to get some more codes:
*#06# Gets you the Serial Number/IMEI.
*#0000# Gives you the software version (e.g. V 5.27.0 / 28-06-04 / NHL-10) The NHL-10 is important and makes your life easier when you try to use flashers!
*#2820# Gives you the Bluetooth device address
xx# - Quick contact access (xx = location number, e.g. : 17#)
*#62209526# Gives you the MAC address of the WLAN adapter, this information is only available on the new models (S60 3rd edition) which have wireless connectivity.
To get some more codes (some of which can do damage to your phone and/or data residing on it, approach the codes on these sites with caution:
- N-Gage codes: http://www.gamefaqs.com/portable/ngage/code/915353.html
- In polish (Patryk, please translate!): http://www.eplay.yoyo.pl/viewpage.php?page_id=79
- From GSM-Hacks: http://www.gsmhacks.com/forums/mobile-technologies/1429-codes-s60.html
Again, please exercise caution.
RIM announced that it is going to release a “Virtual BlackBerry” for selected Windows Mobile 6 devices. Now you CAN have the best of both worlds after all
Read more at I4U.
4 days after I posted the “Must Have Applications for your Windows Pocket PC” I received an email saying that I should post the link from xda-developer wiki. Somebody sent it to me… I am not gonna say who, … Somebody So here it is:
http://wiki.xda-developers.com/index.php?pagename=Must_have_tools
Enjoy
Some of the topics discussed in the site might not be legal in some places! So, you’ve been warned. It has tips and tricks for mobile phones of all makes and models with a community supported hacks and forum discussions:
I know many people will look at this and go “We’ve seen this before… Cellular phone spying is not new” but I have to say that the technology is now more readily available than before. To understand what I am talking about, please read the following from zone labs:
- http://blog.zonelabs.com/blog/2007/04/they_can_hear_y.html
- http://blog.zonelabs.com/blog/2007/03/warning_this_ce_1.html
Also, visit this site:
Beware of cellphones left in your office, on your table at a coffee shop and in meetings. The FBI has been doing cell phone spying apparently:
http://www.youtube.com/watch?v=O61YfvPZGJs
On Demand Webcast “Compliance in the Mobile Enterprise” by James Wilcox CISSP. This session will include detailed information about:
- Security considerations for mobile devices, including laptops and handhelds
- An overview of key government regulations and how they apply to mobile deployments
- Strategies to achieve mobile compliance
You can watch the webcast by going here: http://viavid.net/dce.aspx?sid=00003DD7 and filling up your details.
Picture from MobileFanatic
The article below discusses issues that law enforcement agencies have with intercepting VOIP calls on Mobile phone networks and whether traces are left on the devices about the phone calls taking place.
Link: The Australian Newspaper.
A very helpful pdf documents from SEARCH : The National Consortium for Justice Information and Statistics. It highlights some of the hardware and software solutions that can be added to the investigator’s arsenal along with how much each of them costs. The document can be found here:
http://www.search.org/files/pdf/CellphoneInvestToolkit-0806.pdf
The “Cryptography, Law Enforcement, and Mobile Communications ” article in IEEE’s Security and Privacy magazine sheds some light on the use of flashers in mobile forensics as well as the use of tools such as XRY. The article also mentions the use and importance of Faraday cages.
Here is a link to the full article:
Link.
Read what Prof. Rick Mislan said about the use of Phone Flasher Technologies and their role in the acquisition stage of mobile phone forensics and their use by students in digital forensics courses at Purdue University in the US.
The official site for Western Australia’s Digital Forensics Practitioner Interest Group (DFPIG) is now active. If you live in Western Australia and you are interested in Digital forensics, then you should come to our meetings in Edith Cowan University. For times and dates, please visit the official site at:
A dual phone with GSM and VOIP and running Windows Mobile Smartphone Edition. Sounds like it is going to run Windows Mobile 6 by the time it’s going to be released. Find out more on:
http://www.engadgetmobile.com/2007/03/28/zyxel-launches-the-v660-smartphone/
Ever wanted to show your mobile screen on a computer screen or a projector? You can now with Project-A-Phone! A picture is worth a thousand words.
Some interesting research topics from Purdue Uni. related to mobile phone forensics under Prof. Rick Mislan:
Click here to visit the site.
Otherwise, their main pages are found here:
http://www.cyberforensics.purdue.edu/DNN/
The Mobile Forensics blog by Michael Harrington has useful information on: SMS forensics, phone flashers, Faraday cages, forensics seizure procedures and much more. The site also includes posts on the forensic examination of BlackBerry devices. The blog was created in February 2007.
You can visit the blog here:
http://mobileforensics.wordpress.com/
The blog is frequently updated and links to Michael’s http://www.mobile-examiner.com/ website. This site has online training and on-location training and it also has mobile forensic tools and a forum.
CellDEK™ is a portable handset data extraction kit designed for use at the scene of a crime and all working environments associated with on-going investigations. The kit is fully integrated within a ruggedised briefcase. It has approximately 10 hours of battery life and can be recharged through a vehicle, or mains electrical source. The website for the product is here:
http://www.celldek.com
More information is also available through logicube:
http://www.logicubeforensics.com/products/hd_duplication/celldek.asp
It is privided in the UK by the Forensic Science Service® (FSS) a provider of forensic supplies to police forces in England and Wales. The FSS is also a source of training, consultancy and scientific support. FSS can be reached here:
http://www.forensic.gov.uk/
The project is looking for smart people (like you) to join in the fun. They are trying to build a cheap GSM scanner/receiver by using an ettus hardware board and the gnu-radio software. The reason the project got started is because GSM scanners cost a heap of money and that the builders of the site believe that the price is exaggerated and they could build a scanner/receiver for under a $1000 USD. This project’s aim is to help researchers learn more about GSM traffic or at least we hope so!
Need more info? Go here:
The project is looking for smart people (like you) to join in the fun. They are trying to build a cheap GSM scanner/receiver by using an ettus hardware board and the gnu-radio software. The reason the project got started is because GSM scanners cost a heap of money and that the builders of the site believe that the price is exaggerated and they could build a scanner/receiver for under a $1000 USD. This project’s aim is to help researchers learn more about GSM traffic or at least we hope so!
Need more info? Go here:
http://scratchpad.wikia.com/wiki/Gsm
Read more about it in Engadget Mobile:
Link
It can connect to any home, office, cafe, or municipal wireless access point that does not require browser-based authentication. Supports WEP, WPA and WPA2 with PSK.
Before you read my comments below, please read the article:
http://www.digitalworldtokyo.com/2006/10/ceatec_ps3s_cell_chip_coming_t.php
It just a matter of time until we see this processor in cellphones. Even with the current processors, mobile phone forensics remains an issue. How the power of the processor from the most powerful game console will change mobile phone forensics remains to be seen.
Moreover, this opens the door for more devices to be merged with cell phones and will demand a more powerful power source to support such a powerful processor.
At least online shops! First we have the Citizen VIRT will be the first commercially available Bluetooth watch. Read more about it from Watch Report including a list of its features.
Secondly, we have this more elegant prototype from Seiko. Read more about it from Watch Report including a list of its features.
If you’ve read the features, these watches are NOT bluetooth headsets nor bluetooth MP3 players… ‘Cause both of these were already done! Check out these links:
Bluetooth Mp3 player watch:
Translated article from Engadget China
You can buy it on eBay: Here is the link.
Sporty Bluetooth Mp3 player watch:
http://www.gizmodo.com/gadgets/bluetooth/cebit-06-geil-bluetooth-sports-mp3-watch-159650.php
Bluetooth Headphone/Watch:
http://www.bluetoothwatches.com/
How far would you go to use a mobile phone in a prison cell. Apparently pretty far! Literally. Four guys in a maximum security prison in El Salvador hid their mobiles and a charger into their rectums far enough to reach their intestines. Ouch!
Link:
http://blogs.reuters.com/2006/09/07/pssst-amigo-answer-my-phone-and-say-im-not-here/
If you thought that “Snakes on a Plane” was scary, then read this:
Australia’s national carrier Qantas has announced that from 2007, passengers will be able to use their mobile phones to make voice calls send text messages and even email on some of its domestic flights. Users will need to have roaming enabled though and pricing was not announced yet. The trial is expected to last for three months.
The question is, what are the security issues that are involved here. What about safety issues, like mobile phone signal interference with flight instruments.
Link:
http://networks.silicon.com/mobile/0,39024665,39161877,00.htm
A new service by a company called Synchronica can remotely make a Windows Mobile-based handset sound a high-pitched alarm so it can be found after it has been stolen or misplaced. The service also lets the user wipe his data remotely when he finds out that the mobile is stolen or lost.Link:
http://networks.silicon.com/mobile/0,39024665,39161849,00.htm
The US National Institute of Standards and Technology (NIST) released the draft version of “Guidelines on Cell Phone Forensics” on August 31st. I found out about it today! Here it is:
http://csrc.nist.gov/publications/drafts/Draft-SP800-101.pdf
Just like Hard Disks, selling your used mobile phone can be dangerous. It can reveal potentially unsafe and secretive information about you or your business. Sometimes, following manufacturers’ data erase instructions is not enough as the article below shows.
Links:
Sydney Morning Herald Article 1
Sydney Morning Herald Article 2
A post I published on Marwan.com in 2004:
http://www.marwan.com/2004/09/think-twice-before-selling-your-mobile.php
Sorry, the link to the Khaleej Times article is outdated.
UPDATE:
Hard Disks Still Discarded
For all the doubters and the haters of the E911 mandate, read this:
http://www.news14charlotte.com/content/local_news/?ArID=125463&SecID=2
I am not saying that the system can’t be abused, but at least it has the potential to save lives.
Read more on the E911 Mandate here:
http://www.globallocate.com/RESOURCES/RESOURCES_MAIN_Frameset.htm
http://en.wikipedia.org/wiki/Enhanced_911
http://www.fcc.gov/911/enhanced/
You simply download this to your mobile and run it with minor settings modifications. You need to register the software and you do need a GPRS/UMTS based Internet on your mobile. WAP only access will not do.
Nine MSN video report:
http://ninemsn.video.msn.com/v/en-au/v.htm?g=E2E33982-18A4-4833-A655-B9B09EEF9F1C&f=39
Did I read this right?
Then there’s Idokorro, which means whereabouts in Japanese. That company found itself providing software to the U.S. Air Force, the National Guard and the FBI. The software — originally developed for the BlackBerry, but also compatible with other mobile devices — allows users to access computer servers remotely.
I found this article on the Phone Magazine Site. Here are some snippets from it:
The number of households relying on mobile phones (one in ten) has equalled the number of those who use landlines.
While incidences are currently low, smarter phones and the adoption of standard internet technologies leave users vulnerable to attack.
It goes on to say that the answer to all of this lies in operators introducing measures to safeguard records held on mobile phones. This is done in the form of anti-spam and anti-virus, anti-abuse and blacklisting.
Using antispam and antispoof technology, operators can detect abnormal patterns in messaging traffic, confirm legitimate senders, filter content, and block suspicious messages. Filtering content also helps the fight against the spread of viruses and trojans. Mobile operators can use technology to share spam control with their subscribers by providing solutions to black-list certain phone numbers and block messages coming from these phones. As an industry there is much we can do to fight fraud. Many of us think we are doing all we can but there are always ways to improve on this to ensure confidence in the mobile industry. Due diligence and taking advantage of new technologies are major contributors to controlling fraud.
It doesn’t take a genious to figure that one out. Look at it this way: If you have diabeties and you carry your glucometer with you all the time and you carry your mobile with you all the time as well… The thought of merging the two must have crossed your mind at some point, right? Well it did for HealthPia and LG and they came up with this device. It is basically a hardware device that attaches to an LG mobile phone (called Glucopack) and some software that needs to be installed on the LG phone. There… Now you have yourself a “GlucoPhone”. I wonder what the smartphone will merge with next. Here is the list of things we already merged with mobile phones:
- Digital Cameras.
- Polaroid Cameras.
- Image and video editing software
- Other productivity and business related software. (including word processing, spread sheet and presentation tools)
- Personal Digital Assistants (PDA)
- Global Positioning Systems (GPS)
- Wallets, signatures and keys (Digital wallets, encryption keys and signatures)
- Glucometer
- Biometric readers (fingerprint and voice recognition at least)
- Web browsers
- Email clients and push email
- Services (such as check-in hotels and ordering stuff from ringtones to pizzas)
- Other connectivity related devices (Wi-Fi, bluetooth and infra-red)
- TV and radio including terrestrial, satellite and Internet based
- Media recorders and players (Music and video)
- Data storage devices
- Video Games (Engage and Java games to name a few)
- Sex related hardware, software and content (yes they are out there!)
- Etc…
If you can think of anything more, or if you know of a link to some of the above, let me know by commenting or emailing me.
Link:
http://www.gizmodo.com/gadgets/health/glucophone-a-cellphone-for-diabetics-194711.php
Mariott hotels began testing the smartphone based system which provides services such as check-in, room changes, rate confirmation and welcome information. All the guest has to do is fill in his/her information digitally on their smartphone and an automatic dispenser provides them with their keys. Read more at Gizmodo Mobile:
http://www.gizmodo.com/gadgets/smartphones/mariott-begins-tests-on-smartphone-checkin-194709.php
The Qtopia Greenphone is an open Linux mobile device released only for developers. It will not be sold commercially as of yet. Too bad for non-developers. It is currently on display at Linuxworld in San Francisco.
OK, here is the scenario:
- An SMS is sent to mobile phones that lures the victims to visit a web dating site.
- After they visit the specially crafted website address, another message thanks the recipient for subscribing to a dating service, which is fictitious, and states the subscription fee of $2.00 per day will be automatically charged to their cellular phone bill until their subscription is canceled at the online site.
- Recipients visiting the site to cancel their subscription are redirected to a screen where they are prompted to enter their mobile phone number to unsubscribe, then given the option to run a program which is supposed to remove their subscription to the dating service.
- When they run the executable file, it adds several files to the host and changes registry settings to open a backdoor port and lower Windows security settings. The host file is modified to prevent the victim from browsing to popular anti-virus Web sites. The executable also turns the infected computer into a “zombie” network, which can be remotely controlled by the hackers.
So, how do you classify this attack? phishing (notice that no emails were sent), mobile virus, computer malware , Trojan, “no patch for stupidity” or “all of the above”?
Note: notice that bank sites always warn their customers not to trust emails… But they say nothing about SMS! Even the banks that provide services such as mobile banking.
Links:
http://www.zone-h.org/content/view/13889/31/
http://www.ic3.gov/media/2006/060628.htm
The Fixed-Mobile Convergence Alliance (FMCA) is a global alliance of telecom operators. The FMCA plays a critical role in driving the availability and adoption of Convergence technologies when it comes to mobile phones. With FMC capable devices and supporting networks, the end user can (according to Persona Software):
- Communicate over cellular networks as well as public and private unlicensed wireless networks (WiFi and Bluetooth).
- Be reached on more than one number on the same device irrespective of the network that he/she is currently attached.
- Roam with access to a consistent set of calling features, as well as handover calls, between cellular networks and WLAN networks.
- Get consistent user experience for their voice and data services.
“One example of this convergence is the BT Fusion offer in UK, where British Telecom offers a Vodafone handset capable of making calls through the ADSL line via a bluetooth connection. Other examples are provided in France with wifi connectivity around the base station, by the BeautifulPhone from “neuf cegetel” by the means of a QTek 8300 or Home Zone from Wanadoo with a Nokia handset. Free (french ISP) develops a wifi mesh network of HD freeboxes to be used to provide mobile telephony and compete with traditional cellular operators. (wikipedia.org)“
Sources:
http://www.thefmca.com/
http://en.wikipedia.org/wiki/Fixed_mobile_convergence#Fixed_Mobile_Convergence
http://linuxdevices.com/news/NS6470081317.html
http://www.ptc.org/events/ptc06/program/public/proceedings/Daryl%20Mossman_slides_w133.pdf
http://linuxdevices.com/news/NS9786564813.html
http://www.gtek.com.tw/pwg-500.htm
I am not even sure that they even qualify as a “smartphone”! Both models feature:
- 3.2 megapixel Zeiss lens camera
- High resolution 2.4-inch display
- Bluetooth
- MiniSD slot
- Quad-band GSM support
- 3G UMTS Support
The N93 also has:
- 3x optical zoom camera
- Support for 30fps VGA video capture
- Built-in WiFi with UPnP functionality
- Video out
- In-camera editing capability
Link:
http://www.engadget.com/2006/07/24/nokia-releases-n73-and-n93-multimedia-computers/
The Generic Access Network (GAN) was formerly known as Unlicensed Mobile Access (UMA), until it was adopted by the 3GPP in April 2005. It describes a telecommunication system allowing seamless roaming and handover between local area networks and wide area networks using the same dual-mode mobile phone.
The local network could be based on private unlicensed spectrum technologies like Bluetooth or 802.11. The wide network is alternatively GSM/GPRS or UMTS mobile services.
It lets mobile operators deliver voice, data and IMS/SIP (IP Multimedia Subsystem/Session Initiation Protocol) applications to mobile phones on local networks. Its ultimate goal is the convergence of mobile, fixed and Internet telephony (Fixed Mobile Convergence).
On the cellular network, the mobile handset is communicating over the air with a base station, through a base station controller, to servers in the core network of the carrier. Under the GAN system, when the handset detects a LAN, it establishes a secure IP connection through a gateway to a server called a GAN Controller (GANC) on the carrier’s network. The GANC translates the signals coming from the handset to make it appear to be coming from another base station. Thus, when a mobile moves from a GSM to a Wifi network, it appears to the core network as if it is simply on a different base station.
GAN was developed as UMA by the Unlicensed Mobile Access Consortium (UMAC) and is now part of the 3rd Generation Partnership Project (3GPP) specification TS 43.318 (Source: http://en.wikipedia.org/wiki/Unlicensed_Mobile_Access).
I’m not surprised. I’ve been asking people about their mobile’s model number for my research and all I hear from them is “I don’t know”. So, I don’t even bother asking them what OS version it is running. What surprises me though is people often know what their model is NOT!… Here is a typical scenario:
Me: Hey, what model number is your mobile phone?
Them: I don’t know…. Some crappy model!
Me: Is it the N90?
Them: No….. I wish it was! This is a crappier older one. I don’t know the exact model number though.
And that marks the end of the conversation… No point asking them what Symbian version they are running…
One of the problems in my openion is that some phone manufacturers produce model numbes with a difference of one digit like 6600 and 6610 ans so on. Or something like SPX240 and SPX240i or something… Confusing ay?
Link to article on the study:
http://www.engadgetmobile.com/2006/07/18/study-many-dont-know-the-model-of-their-phone/
A site called “Mobile Gadget News” has pretty nice articles, notable ones include:
Salvatore asked me for this, so here you go my friend. It is not a new program though as it was out in 2005! It can track the CIDs (Cell IDs) of mobile phone towers around you, their LAC (Location Area Code) and their SIG (signal strength). Having that information can help in tracking the location of your mobile phone and the accuracy will depend a number of factors including the 3 above.
It is a Korean mobile phone called HS-RSS. It has also an MP3 player amongst other features. Click here for more pictures.
This article reports that 16% of mobile phones are proprietary and quoted: “Standard forensics tools don’t address the less popular types of phone,” from Tyler Moore, a researcher at the University of Cambridge Computer Laboratory, speaking at the Workshop on the Economics of Information Security.
I recently got a proprietary phone and it does look like there are no connectivity options provided with it apart from the usb cable that provides access to mp3 and mp4 content only and no access to other phone data. I am yet to test it with forensics tools though. If you have any experience with there kinds of phones, please comment on this post.
My mobile phone details:
- Sansing S5688 (also known as P990)
Contains links to tools, websites and articles on the subject. To jump to articles click HERE.
Link: E-Evidence.info
Download it here. Features added include syncing favorites, notes and files. It supports both pocket PCs and smartphones of course
W-ZERO3 not only looks good, it is packed with features and it’s not a brick!
