Slashdot Mirror
A Device to Grab Data From Cell Phones
what about writes
"Apparently there is a quick, simple, and undetectable way to grab all of your cellphone data. CNet reports on the Cellular Seizure Investigation (CSI) Stick, developed for law enforcement but available to the public, which 'connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.' I use mobile knox, a secure storage application, for my important data, but I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone."
Abby and McGee have had a copy of that for what... five seasons?
Do daemons dream of electric sleep()?
Anyone have any doubts left about the importance of software freedom for all your devices?
Friends don't help friends install M$ junk.
I always knew that cell phones are vulnerable, but to know there is a device which can basically clone your data out, with NO trace, that's downright scary! Even when LOCKED? We should start reading our contracts and our EULAs on our phone, somehow, somewhere, there's got to be something to rely on legally, if this can happen.
Phones without a data port are immune.
Phones whose firmware will not send a particular piece of data over the data port are immune as long as the firmware isn't updated. Updating the firmware leaves a trace.
This goes to show that in many cases, physical access is ultimate access.
I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Anyone know where I could pick one up? It could be useful for backing up my phone. I occasionally move my SIM card between phones (or multiple cards between my phone, depending on the need) and some phones drop certain things when they detect a SIM card swap.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
If you're using your employer's phone, you really shouldn't expect the things you do on it to remain private.
How can anyone feign surprise at having your entire electronic life be compromised. If you have a device smart enough to keep up with several email accounts and manage them all, of course you've also opened up a pig portal. If you want to have secrets, fill your world with post it notes under desks.
Seems to only support motorola/samsung (and I suspect usb only) http://csistick.com/models.html
I wonder if those are the most common phones, or the easiest to mess with via the port?
The parent is currently modded
(Score:-1, Insightful)
How does this happen?
Then why is it so hard for me to sync my phone?!
This device will never be used to solve a real crime. Cell phone companies already keep the required records for billing. This will simply allow TSA and other would be snoops to dig into people's private business. I had to laugh when I saw this:
These will be the real users of this kind of device. Free software for cell phones can not arrive fast enough.
In the US, we used to have this requirement that the government protect our rights:
Without probable cause and a legitimate warrant based on it, there is no reasonable search or seizure, no usable evidence. There's only an armed gang assaulting and violating their victim.
A fancy new way to invade privacy is just an expensive and effective battering ram.
--
make install -not war
I think this should be highly illegal. What about the whole secure in your person, papers, and property bit? This is like copying all your papers and transactions for the past few months so that they can just look at them when ever! If the law enforcement needs this, it needs to be required by law that they need a warrant signed by a judge to use!
On corporate phones/PDAs, it's completely impractical to say that you aren't going to have a data/charging port. You've pretty much have to have one. Now, initially, I could see the default to be to work with any device. If you or your IT department wants the device secured, then they'd have to read the manual and set it up, any computer that you hooked the phone up to could work, but you'd need at a min a username/password before you are given access to the device. (There is a part of me that would like little finger print readers/retina scans in the phone and you'd have to have the person their to unlock the phone before it could be used with other devices. Let's remember if they've got you and your device physically, there really isn't much you can do to defend yourself at that point.
Anyone know where I could pick one up? It could be useful for backing up my phone.
My thoughts exactly. It would be nice if it could also *write* to the phone though. Backing up without being able to restore isn't all that useful.
May contain traces of nut.
Made from the freshest electrons.
fear is unprecedented evile's primary weapon. that, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' greed/fear/ego based hired goons' agenda. Most of yOUR dwindling resources are being squandered on the 'war', & continuation of the billionerrors stock markup FraUD/pyramid scheme. nobody ever mentions the real long term costs of those debacles in both life & the notion of prosperity, not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.
http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE
is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.
http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying
dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);
http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html
the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real
Umm, why is it easier for them to steal my data than its for me to synch my phone to my computer? :(
slashdot rocks
just plug it into your pc, this is just an automated gadget that speeds up the process.
IranAir Flight 655 never forget!
Of all the things you can worry about, this seems to be one of the sillier ones - a phone is one thing pretty much never out of sight or touch in public. How is anyone going to plug in anything without your permission?
Look to your Bluetooth stack if you are concerned about data leakage.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Then of course it is only going to download at the speed of the phone, so it is in no way instantaneous. There is a warning on the product that says downloading an entire phone could take hours. It is clearly designed to steal text data. Again, at only 1 GB it will choke on any multimedia files in a smart phone.
The company also appears to have tool to take data from Garmin devices, so maybe that is upcoming too.
In the end I am not sure that this adds to the danger, beyond the script kiddie factor. There are clearly ways to unlock phones without knowing the code. It seems to me that you could spend $300 on a portable computer, get a dock cable, and just sync with whatever phone you like. This would certainly not take 'hours', and one could acquire more than 1 GB. This to me a much more credible threat profile. The key is smaller, but in most cases, for instance valet parking, the size is not necessarily a detriment.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
How many people are actually going to be running around stealing data by plugging a device into someone's phone. The only thing that I can see from this is someone actually writing a virus that can use the same program from this technology and add a simple mailto command, emailing all your data to them to use for statistics as well as more devious things.
Anything and Everything about the Net
Ok, so after RTFA, I'm a bit confused. What exactly does this device do that you couldn't already do with a laptop using bitpim and bluetooth or the correct usb cable for the phone??
Sure, it's more portable, but it's still not so small that you wouldn't notice someone using it.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
Why use something like that?
Don't you know the super-secret-one-world-government PIN code? 0, 0, 0, 0, YES.
It works in 99.9% percent of the cases.
Those 0.1% must be used by some kind of hackers.
You know... Like Keanu Reeves.
Mit der Dummheit kämpfen Götter selbst vergebens
Where all the content is strongly encrypted with AES. Maybe you shouldn't have bought that iphone if you were concerned about security!
On the other hand, I would love to have one of these - back when I had a regular cell phone, it was often ridiculously hard to copy the contacts from one phone to another phone when upgrading (these were non-GSM phones). Even cell phone stores would often have trouble.
It is a forensic product. Any product in that field that changes the evidence is worthless, therefore it is entirely appropriate that it does not write anything at all to the phones.
1. Clear your call list after a call. (most phones have this feature)
2. Make your calls through a forwarding service, only one phone number will show up on your dialed calls list.
This is just about reading the file system of the phone with RAW reads (as with hard disk) and not changing the content.
Hardly anything ground breaking to average user.
just plug it into your pc, this is just an automated gadget that speeds up the process.
Not all phones support all functions by plugging into the PC. Some barely even support charging through USB. If this gadget is as great as the summary claims, then it would be worthwhile for those phones that don't cooperate as well through USB.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
The CSI Stick does not do anything you couldn't do with a laptop and some software before. Heck you can pull much of the same information (from a limited number of phones as well) for free with Bitpim. Anyway, anyone who has used a Paraben product before would have dealt with so many bugs as not to be so scared.
Sounds like a Slashvertisement to me, a thinly-veiled attempt to advertise a crappy, nigh-on useless product to people who might just buy it. Try flogging it on QVC to their drooling watchers.
...or can i sue them for copyright infringement or violating other peoples intellectual property rights when they steal my crazy frog ringtone?
Do not trust this signature.
I do have to object to the term 'undetectable', it's not wireless or something so as long as you keep your phone in your pocket nothing happens. That being said, i'd like to have such device for ehr... dunno, i want one !
adds a whole new meaning to the term "crackberry."
Where all the content is strongly encrypted with AES. Maybe you shouldn't have bought that iphone if you were concerned about security!
They have a model for the Blackberry in the works. Since this device is designed for forensic investigation by either law enforcement or corporate compliance investigators, I would not be surprised if it hooks into low level OS calls put in place for this purpose. The NSA has a back door into virtually all systems out there.
Jesus was a compassionate social conservative who called individuals to sin no more.
The device requires physical access .
Warning ! If somebody stuck a device in my cellphone , I wonder if the hospital can remove it from their Arse or stomach . because that is where it would be, and I'm not Joking
This is not a software problem.
*cough*Anything from Verizon*cough*
Yeah, you can find it at csistick.com. Price is $299 for the hardware + Device Seizure Lite software to access the acquired data.
I have a couple of these at work, since my job is as a forensics investigator, and they're nifty, but they're very limited in what you can do with them since they only support Motorola and Samsung. There are better tools out there:
PDA Seizure, Cell Seizure, Pilot-Link (Open Source), BitPIM (Open Source), ForensicSIM, etc.
Remember the Alamo, and God Bless Texas...
I didn't RTFA, but does this apply to BlackBerrys too? I thought the entire partition on the phone was supposed to be encrypted.
Your evaluation period for Productivity 1.0 has ended. Please purchase more coffee to continue using this product.
someone created a portable hand-held bitpim dongle?
http://csistick.com/models.html -- Remember, before buying or recommending a phone, check this list to be sure your phone is not on it.
Looks like Richard Stallman was right about telling us not to own a cellphone.
If the Blackberry is locked and password protected, there is no way to interface with the device via the USB port until the password is provided.
Furthermore, if the incorrect password is entered a predetermined number of times, all data on the device is wiped.
Lastly, if the Blackberry is connected to a Blackberry Enterprise Server (or a BES-lite consumer solution like Blackberry Unite), the device can be wiped clean of all data remotely by the server at any time.
I don't doubt that a version of this is in the works for a Blackberry, but I'm sure it will only be effective if the phone isn't locked.
They have a model for the Blackberry in the works.
I really doubt it. The blackberry platform has been audited from end-to-end by the Communications Security Establishment (Canada), Communications Electronic Security Group (UK), Center for Secure Information Technology (Austria), Defense Signals Directorate (Australia), Government Communications Security Bureau (New Zealand), National Institute of Standards and Technology (USA), Turkish Standards Institute (Turkey), NATO, the Fraunhofer Institute for Secure Information Technology (Germany) and others.
Since this device is designed for forensic investigation by either law enforcement or corporate compliance investigators,
There is no need for corporate compliance investigators to use this. If your company has a Blackberry Enterprise Server (and you should), the BES manages, tracks & controls absolutely everything on the blackberry already. The BES can be configured to keep track of every call, text message and even where the phone is (if the phone has GPS).
Law enforcement has an easy solution: get a warrant from a judge!
I would not be surprised if it hooks into low level OS calls put in place for this purpose. The NSA has a back door into virtually all systems out there.
I doubt all the institutions listed above didn't notice the back door. Even if they all are in on the conspiracy, blackberries are used by senior government officials in the USA, Canada, Australia, etc. Even Barack Obama uses one. Would they use them if their government knew there was a secret gaping flaw?
Here's a little hack that you can all run from home, right now!
:3
It's the BlueBugger tool. Most phones with bluetooth support, if you're near them, you can send text messages through their phone, read their text messages, read/write phonebook entries, set call forwards (Which you can then turn around, to listen in on calls), connect to the internet, and forcing the phone to use other providers.
You might say "Oh, but you have to be close to them..", but hey you'd be surprised with how many phones go in and out of a Starbucks on a busy day. Just set a shell script to check for vulnerable phones once a minute and sit and relax.
Posting anonymously just incase.
How is this different than a PC, bitPM and a bunch of cables pulling down data?
I'm sorry, but if someone runs up and connects something to my data port on my phone, I am pretty sure I am going to notice it.
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up. Mine certainly did four years ago, although I've never used it, since I tend to sync via bluetooth, but it was one of the cheapest ones available back then (free with the cheapest contract on offer).
I am TheRaven on Soylent News
From TFA:
"It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly."
Ask anyone in the mobile forensics field, and they will tell you what a joy it is to have so many choices of software/hardware that can get data from every mobile phone out there. [/sarcasm]
Take a look through the documentation of any of the mobile phone forensic software packages, and you will find that one company supports this phone, another company supports that phone, etc. You will also find a very slow process in updating to support additional phones. The differences between hardware, firmware, and file systems on the devices vary too greatly right now, even from the same manufacturer.
Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up
Maybe I'm crazy, but I would say there has been a trend of my un-moderated comments being hit with the "overrated" tag. And being as the "overrated" tag seldom (if ever?) comes up for meta-moderation, it is a pretty bullet-proof way for someone with an ax to grind to knock down the comments of someone they don't like.
You could be right. It may be that someone honestly felt that this product is irrelevant and nobody cares where it is sold or how much it costs. And I wish I could believe that is the case. However, this trend suggests otherwise.
And on top of that, how often do you actually see the "overrated" tags applied in general contexts around here? I've seen plenty of posts of questionable merit moderated up to +5. Yet somehow my posts are being knocked down as "overrated" - sometimes while they are still just at their starting score of +2.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
All, 1. This device supports a VERY small list of phones. 2. Of the phones that are supported, the device rarely works. due to firmware diversity inherent in all phones. 3. You have a better chance of getting the data out of your phone using bitpim (www.bitpim.org). 4. The company that sells the device (Paraben) is notorious for making (and selling) poor software and feeding off the FUD (Fear Uncertianty and Doubt) of local PD that don't know better. It's stories like this that the company uses to sell their product. 5. The company makes other products: like software to predict lottery numbers. Not sure that I would trust them with MY data.
...is good at what it does, but isn't the real problem getting your hands on the cell phone at all? When it's not charging at home, it's usually in my pocket and you'd have to be a pretty good pickpocket to steal and return it. I don't usually leave it anywhere due to thieves, so what would you do? Break into the locker at the gym? Ask me to borrow it to make a call? If I had something sensitive on it I wouldn't unlock it and give it to you. If you steal it or have a warrant it doesn't matter one bit what you'll hook it up to later. I'm sorry, but I really don't see any need for any of the features except in a B-class action movie.
Live today, because you never know what tomorrow brings
BlackBerry also has user data encryption via its content protection feature. If this feature is turned on what they pull from the device's memory will be gobbledegook.
Despite the proliferation of mobile phones & wireless email, no one comes close to the blackberry platform for features & security. Not iphone, not windows mobile, not nokia. Some very smart people at RIM have looked at wireless email from end-to-end.
Um- wrong. Blackberry wanted to get government contracts, so they went through all the government security requirements.
You make it sound like this is some sort of rocket science. It's preposterous to suggest that only RIM has the talent to design a "secure" phone. It's not a matter of talent; it's a matter of whether or not the market demands it. We've seen it with the iPhone; after the initial crazy rush for v1.0, v2 has much more for enterprise users.
What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.
You incorrectly assume that RIM wants to compete in a "cool" market. Many companies purposefully restrict the market they target.
Please help metamoderate.
http://slashdot.org/comments.pl?sid=651859&cid=24683041
http://slashdot.org/~willyhill/journal/205317
That post may have deserved "offtopic", but certainly not overrated. You're only proving that person's point when you mod that post as "overrated" - you are making a cowardly moderation choice that is above the meta-moderation.
Don't you have better things to do with moderation points than trying to be funny, or retaliation against a member?
I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone.
Man, are YOU in for a surprise. Verizon has done nothing short of admit that it mines customer data and gives it to others in a secret fashion. See this article. There is no reason to believe that all the other telcos don't do the same.
So if you're afraid of someone getting your phone book or your SMS messages, hell, they might have all the conversations (voice, SMS, Email, or whatever) that you've ever had electronically.
Isn't this one of twitter's accounts?
anything that you know could be used on a blackberry....app wise, i still cant get one that does...
I am sure seeing as a blackberry has a port that it can be read, but i am not sure how well....is there not encryption?
It's interesting that the the comment you are replying to is moderated solely as "underrated".
You may be onto something here.
But I had heard of people getting 15 mod points several months ago (perhaps as early as February '08). I have had 10 points several times, but only 5 points each time over the past few months myself.
Although I guess as far as down-moderation goes, "overrated" is the perfect crime:
So in short, it costs you a point and nothing else. As opposed to using say "offtopic", "troll", or "flamebait", all of which can be overturned in metamoderation.
Proprietary encryption, like any other proprietary software, is untrustworthy. You don't really know what you have or who can read the encrypted data when it's encrypted with proprietary software.
Digital Citizen
Not as bad as you think, if you check out the stick's website it apparently only supports Samsung and Motorola.
I don't care if it's "traceable", ... I just want to find a way to get my contacts synced from my phone! I tried the software on the nokia site, but it just doesn't work.
Where can I buy one of these things??
and why, if they can build that, can't any cell phone company (that I've found) seem to build a simple phone that will let me import my contacts to my computer???
I bought a "smart" phone, but I can't imagine it being any dumber.
Paraben has renamed PDA Seizure to Device Seizure, and it supports Blackberry forensics acquisition. Also, check out this link at blackberryforums.com that explains the caveats of blackberry forensics and data acquisition.
Remember the Alamo, and God Bless Texas...
AnyPC for Cell phones?
I can't think of any reason for there NOT to be a protocol, where law enforcement broadcasts some magic numbers, and your phone responds by dumping a block of memory, or just turning on the mike - on top of probably triangulating your position.
The old Motorola brick analog one's even had a scanning function.
Just go to Thailand's MBK shopping centre floor of 2000 phone repairers - and you can see how everything is possible, and physical access = game lost.
how would verizon change what the hardware/firmware support. apart from getting moded informative for being a shot at verizon i doubt a network could change how the phone behaves when plugged into your pc.
Also if a phone doesn't support a function when plugged into a pc how is it going to support it when plugged into a piece of hardware with only a subset of the abilities a pc has
IranAir Flight 655 never forget!
Verizon overwrites the manufacturer's firmware with it's own crippled firmware. They do this to prevent you from putting your own multimedia and apps on their phones and instead force you to go through their store.
is an OS distribution, not a phone.
And unfortunately, it is next to impossible to get cell phone parts manufacturers to make their interface specifications open such that an open-source developer can make their software work with it. I doubt we will ever see OpenMoko make any real progress in the near-term future, or open-source software of any kind.
+++ATH0
Not to mention more basic functionality like syncing with another device. Verizon removes almost all Bluetooth profiles; I think I can tether my LG VX8300 to a computer, and can use my Bluetooth headset/remote "control", but OBEX and everything else is disabled.
If you look at the list of supported devices, you will notice that not a single Nextel phone is on there. Motorola makes the Nextel phones just like they make the phones that comprise almost 80% of the phones compatible with the CSI stick.
Why is this? Were the Nextel phones designed differently? Were the non-Nextel phones designed this way on purpose (with a back door)?
I know when I try to back up my contact list on my Nextel I have to enter the PIN. (I don't recall if it is the SIM PIN or the phone PIN.) Do the other Motorola phones require this?
Kudos to the first person who starts a company that will do this for average joes! I have my husbands old cell phone and would PAY to get the deleted text messages transcribed. Or the deleted pictures. Cheating spouses- watch your phone!
Do you know of any company that provides this as a service? I'd love to have my husbands text message content in a transcript form, delivered to my e-mail!!