Black Phones to combat Police Software

Things that can be undeleted from your phone using police software:

Things that can be undeleted from your phone using police software

Things that can be undeleted from your phone using police software

Software like Oxygen Forensic and AccessData allows anyone to recover data from phones and other mobile devices even after it has been deleted or undergone a factory reset.

Almost all of all handsets sold to recycling companies are reused, not recycled in the “conventional” context, making phone recycling a prime target for hackers using forensic data retrieval software. Here are the more concerning of the things that can be recovered from your phone using FDR software:

1. Images and videos

Even if you take a quick photo and delete it immediately after, along with all your other pictures and videos, it can be recovered.

What most people don’t know is that when you delete information off your phone or undergo a factory reset, the data itself is not being deleted, it still remains in areas of the flash chip called solid state memory. Factory resets only destroy the paths to the data. This obviously allows forensic software users to re-establish their own pathways and retrieve the data.

A YouGov poll showed 26 percent of people (in the UK, at least) believe that manually deleting a piece of data completely removes it from the device, whereas 37 percent believe a factory reset is enough (neither will fully remove personal data).

A full removal of personal data is not possible using a device’s in-built factory reset or by re-flashing the operating system.

2. Bank details on apps

Despite banks doing their best to make smartphone banking as secure as possible, as long as a code or pin is required to access a customer’s details, they are susceptible to forensic recovery.

The flat information that can be retrieved from the solid state memory also includes passwords and cryptograms that have been used within the phone’s apps.

This actually applies to any app that has ever been uploaded on a mobile device, which is a worrying thought for people who have sold their old phones or unwanted upgrades. To make matters worse, recent EU data security regulations have pushed legislation making it the responsibly of the handset owner to wipe all their data, not the recyclers or phone buyers. Despite this possibly being one of the most absurd legislations in history, until it is revisited (which should be March 2014), mobile phone consumers have been forced into a subjugate position.

However, if you happen to live outside of Europe, you aren’t affected by this legislation.

3. SMS and email messages (sent and received)

This could apply to all messages involving SMS, email, Whatsapp, WeChat, instant messaging, Skype, and MMS logs that have ever been used on the phone.

The level of detail a hacker could undelete from your phone depends solely on the level of patience the hacker has. Forensic retrieval and the replacement of data pathways can be a laborious process because there are so many areas within the phone where the solid state memory can hide the flat data.

4. Web browsing history

Over the years, more people have been using their phones to search Google and browse the Internet. To accommodate that, smartphone technology has become more sophisticated. The downside to this is that the more complex and intrinsic something becomes, the more it can be exploited.

5. Geo-positioning and location sensors

If having access to your private photos, messages, and passwords wasn’t enough, another concerning bit of information a potential hacker can get their hands on is the smartphone’s position sensor history.

So whenever a smartphone user has gone to lunch with their friends and tagged them all in a Facebook status update, all this logged information can be salvaged.

This could lead to a hacker being able to discover a former phone owner’s home address or hangout spots.

A military-standard data wipe is the only known way to properly erase not just the data paths but the data itself. There are many different terms for this kind of wipe, but it essentially works in a similar way to forensic retrieval software itself: it reforms the deleted pathways, but instead of recovering the data, it deletes it.

Companies like Cashinyourgadgets, Bozowi Sell My Mobile, and Money4urmobile offer this level of permanent data removal.  In the U.S., cell recycling companies like Cellularreturns, Celltradein, and Gadgetgobbler offer military-standard wipes.

Costs for this service vary significantly, but the price is usually about 5 percent to 15 percent of the phone’s recycle value. So if your handset could be recycled for $150, the cost to have it properly wiped would be somewhere around $15. However, the more aware the world is of forensic data retrieval software, the quicker companies like these will begin offering such a service for free (because they will have no choice).

A word of warning: If you are going to use an external company to perform a permanent wipe on your phone, always make sure they provide you with both a tracking number and a certificate of destruction. Companies like these will almost always arrange for a delivery service to pick up your phone from your home and drop it off afterwards, so a tracking number is important to monitor the process and make sure you are getting the full data removal. A certificate of destruction is useful because it means the company is accepting full responsibility for the data, so if your phone still manages to get hacked after the service, they will be legally accountable.

There have been some studies suggesting that multiple factory resets could also deleted the flat data due to it slowly wearing down the solid state memory, but the results were inconclusive.

One piece of good news: It’s likely this threat won’t be a permanent issue. The major mobile device developers will eventually find ways to bypass it altogether. Already we’re hearing about the upcoming Blackphone, which is apparently NSA-proof and allegedly impossible to hack. However, until it’s released, we won’t know for sure.

It’s unlikely forensic software will ever be outlawed, and even if developers fully bypass the threats it poses, another more advanced incarnation will be conjured up (the police still need to recover data, remember). What’s important is that mobile phone users are aware of the threat and begin to pressure electrical recyclers to do everything they can to prevent it.

Warrantless Phone Tapping for Next Five Years

Senate Approves Warrantless Phone Tapping for Next Five Years:

Senate Approves Warrantless Phone Tapping for Next Five Years

Senate Approves Warrantless Phone Tapping for Next Five Years

By a vote of 73 to 23, the US Senate just voted for the warrantless surveillance of American citizens until 2017. The vote, set to affirm to eradicate the FAA Sunsets Extension Act of 2012, means we’ll be living with Bush-era spy laws for another half decade. In 2007, the Senate voted to grant blanket immunity to companies like AT&T, which conspired with the NSA to monitor American digital conversations without government oversight after 9/11. Today’s vote continues that immunity, and provides further carte blanche for the American intelligence-gathering apparatus. Phone calls, texts, and emails are all fair game—and a judge doesn’t have to give the OK, so long as it’s in the name of counterterrorism. Which is a very easy guise.

This should anger and worry you. The EFF has a nice summary of why:

The FISA Amendments Act continues to be controversial; key portions of it were challenged in a case before the U.S. Supreme Court this term. In brief, the law allows the government to get secret FISA court orders-orders that do not require probable cause like regular warrants-for any emails or phone calls going to and from overseas. The communications only have to deal with “foreign intelligence information,” a broad term that can mean virtually anything. And one secret FISA order can be issued against groups or categories of people-potentially affecting hundreds of thousands of Americans at once.

The bill now goes to Obama for his signature, which it wil almost surely get—he’s a vocal supporter of the legislation. Domestic spying will be a reality for the rest of his administration, and beyond.

Police copy your phone in two minutes

Police Can Copy Your Cell Phone’s Contents In Under Two Minutes:

police-state

police-state

 

It has emerged that Michigan State Police have been using a high-tech mobile forensics device that can extract information from over 3,000 models of mobile phone, potentially grabbing all media content from your iPhone in under two minutes.  The CelleBrite UFED is a handheld device that Michigan officers have been using since August 2008 to copy information from mobile phones belonging to motorists stopped for minor traffic violations. The device can circumvent password restrictions and extract existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags.

O2MOBILE SOFTWARE Cellebrite UFED 520x286 US Police Can Copy Your iPhones Contents In Under Two Minutes

In short, it can copy everything on your smartphone in a matter of minutes.  Learning that the police had been using mobile forensic devices, the American Civil Liberties Union (ACLU) has issued freedom of information requests which demand that state officials open up the data collected, to better assess if penalised motorists warrant having their data copied.  Michigan State Police were more than happy to provide the information – as long as the ACLU paid $544,680. Obviously not pocket change.

“Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide,” ACLU staff attorney Mark P. Fancher wrote. “No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure.”

Once the data is obtained, the device’s “Physical Analyzer” can map both existing and deleted locations on Google Earth, porting location data and image geotags on Google Maps.  The ACLU’s main worry is that the handheld is quietly being used to bypass Fourth Amendment protections against unreasonable searches:

“With certain exceptions that do not apply here, a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity.

A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched.”