Slashdot Mirror
A Device to Grab Data From Cell Phones
what about writes
"Apparently there is a quick, simple, and undetectable way to grab all of your cellphone data. CNet reports on the Cellular Seizure Investigation (CSI) Stick, developed for law enforcement but available to the public, which 'connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.' I use mobile knox, a secure storage application, for my important data, but I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone."
Anyone have any doubts left about the importance of software freedom for all your devices?
Friends don't help friends install M$ junk.
I always knew that cell phones are vulnerable, but to know there is a device which can basically clone your data out, with NO trace, that's downright scary! Even when LOCKED? We should start reading our contracts and our EULAs on our phone, somehow, somewhere, there's got to be something to rely on legally, if this can happen.
Phones without a data port are immune.
Phones whose firmware will not send a particular piece of data over the data port are immune as long as the firmware isn't updated. Updating the firmware leaves a trace.
This goes to show that in many cases, physical access is ultimate access.
I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Anyone know where I could pick one up? It could be useful for backing up my phone. I occasionally move my SIM card between phones (or multiple cards between my phone, depending on the need) and some phones drop certain things when they detect a SIM card swap.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
If you're using your employer's phone, you really shouldn't expect the things you do on it to remain private.
How can anyone feign surprise at having your entire electronic life be compromised. If you have a device smart enough to keep up with several email accounts and manage them all, of course you've also opened up a pig portal. If you want to have secrets, fill your world with post it notes under desks.
Seems to only support motorola/samsung (and I suspect usb only) http://csistick.com/models.html
I wonder if those are the most common phones, or the easiest to mess with via the port?
Then why is it so hard for me to sync my phone?!
This device will never be used to solve a real crime. Cell phone companies already keep the required records for billing. This will simply allow TSA and other would be snoops to dig into people's private business. I had to laugh when I saw this:
These will be the real users of this kind of device. Free software for cell phones can not arrive fast enough.
In the US, we used to have this requirement that the government protect our rights:
Without probable cause and a legitimate warrant based on it, there is no reasonable search or seizure, no usable evidence. There's only an armed gang assaulting and violating their victim.
A fancy new way to invade privacy is just an expensive and effective battering ram.
--
make install -not war
he has been modded down so much it didn't raise him from -1 im guessing.
CORPORATION, n. An ingenious device for obtaining individual profit without individual responsibility.
I think this should be highly illegal. What about the whole secure in your person, papers, and property bit? This is like copying all your papers and transactions for the past few months so that they can just look at them when ever! If the law enforcement needs this, it needs to be required by law that they need a warrant signed by a judge to use!
On corporate phones/PDAs, it's completely impractical to say that you aren't going to have a data/charging port. You've pretty much have to have one. Now, initially, I could see the default to be to work with any device. If you or your IT department wants the device secured, then they'd have to read the manual and set it up, any computer that you hooked the phone up to could work, but you'd need at a min a username/password before you are given access to the device. (There is a part of me that would like little finger print readers/retina scans in the phone and you'd have to have the person their to unlock the phone before it could be used with other devices. Let's remember if they've got you and your device physically, there really isn't much you can do to defend yourself at that point.
Anyone know where I could pick one up? It could be useful for backing up my phone.
My thoughts exactly. It would be nice if it could also *write* to the phone though. Backing up without being able to restore isn't all that useful.
May contain traces of nut.
Made from the freshest electrons.
Umm, why is it easier for them to steal my data than its for me to synch my phone to my computer? :(
slashdot rocks
just plug it into your pc, this is just an automated gadget that speeds up the process.
IranAir Flight 655 never forget!
Of all the things you can worry about, this seems to be one of the sillier ones - a phone is one thing pretty much never out of sight or touch in public. How is anyone going to plug in anything without your permission?
Look to your Bluetooth stack if you are concerned about data leakage.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Then of course it is only going to download at the speed of the phone, so it is in no way instantaneous. There is a warning on the product that says downloading an entire phone could take hours. It is clearly designed to steal text data. Again, at only 1 GB it will choke on any multimedia files in a smart phone.
The company also appears to have tool to take data from Garmin devices, so maybe that is upcoming too.
In the end I am not sure that this adds to the danger, beyond the script kiddie factor. There are clearly ways to unlock phones without knowing the code. It seems to me that you could spend $300 on a portable computer, get a dock cable, and just sync with whatever phone you like. This would certainly not take 'hours', and one could acquire more than 1 GB. This to me a much more credible threat profile. The key is smaller, but in most cases, for instance valet parking, the size is not necessarily a detriment.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
How many people are actually going to be running around stealing data by plugging a device into someone's phone. The only thing that I can see from this is someone actually writing a virus that can use the same program from this technology and add a simple mailto command, emailing all your data to them to use for statistics as well as more devious things.
Anything and Everything about the Net
Ok, so after RTFA, I'm a bit confused. What exactly does this device do that you couldn't already do with a laptop using bitpim and bluetooth or the correct usb cable for the phone??
Sure, it's more portable, but it's still not so small that you wouldn't notice someone using it.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
Why use something like that?
Don't you know the super-secret-one-world-government PIN code? 0, 0, 0, 0, YES.
It works in 99.9% percent of the cases.
Those 0.1% must be used by some kind of hackers.
You know... Like Keanu Reeves.
Mit der Dummheit kämpfen Götter selbst vergebens
It is a forensic product. Any product in that field that changes the evidence is worthless, therefore it is entirely appropriate that it does not write anything at all to the phones.
1. Clear your call list after a call. (most phones have this feature)
2. Make your calls through a forwarding service, only one phone number will show up on your dialed calls list.
just plug it into your pc, this is just an automated gadget that speeds up the process.
Not all phones support all functions by plugging into the PC. Some barely even support charging through USB. If this gadget is as great as the summary claims, then it would be worthwhile for those phones that don't cooperate as well through USB.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
...or can i sue them for copyright infringement or violating other peoples intellectual property rights when they steal my crazy frog ringtone?
Do not trust this signature.
I do have to object to the term 'undetectable', it's not wireless or something so as long as you keep your phone in your pocket nothing happens. That being said, i'd like to have such device for ehr... dunno, i want one !
adds a whole new meaning to the term "crackberry."
Where all the content is strongly encrypted with AES. Maybe you shouldn't have bought that iphone if you were concerned about security!
They have a model for the Blackberry in the works. Since this device is designed for forensic investigation by either law enforcement or corporate compliance investigators, I would not be surprised if it hooks into low level OS calls put in place for this purpose. The NSA has a back door into virtually all systems out there.
Jesus was a compassionate social conservative who called individuals to sin no more.
The device requires physical access .
Warning ! If somebody stuck a device in my cellphone , I wonder if the hospital can remove it from their Arse or stomach . because that is where it would be, and I'm not Joking
*cough*Anything from Verizon*cough*
he probably has the worst karma of any /. user
If patriotism is racist, is racism patriotic?
Yeah, you can find it at csistick.com. Price is $299 for the hardware + Device Seizure Lite software to access the acquired data.
I have a couple of these at work, since my job is as a forensics investigator, and they're nifty, but they're very limited in what you can do with them since they only support Motorola and Samsung. There are better tools out there:
PDA Seizure, Cell Seizure, Pilot-Link (Open Source), BitPIM (Open Source), ForensicSIM, etc.
Remember the Alamo, and God Bless Texas...
I didn't RTFA, but does this apply to BlackBerrys too? I thought the entire partition on the phone was supposed to be encrypted.
Your evaluation period for Productivity 1.0 has ended. Please purchase more coffee to continue using this product.
http://csistick.com/models.html -- Remember, before buying or recommending a phone, check this list to be sure your phone is not on it.
If the Blackberry is locked and password protected, there is no way to interface with the device via the USB port until the password is provided.
Furthermore, if the incorrect password is entered a predetermined number of times, all data on the device is wiped.
Lastly, if the Blackberry is connected to a Blackberry Enterprise Server (or a BES-lite consumer solution like Blackberry Unite), the device can be wiped clean of all data remotely by the server at any time.
I don't doubt that a version of this is in the works for a Blackberry, but I'm sure it will only be effective if the phone isn't locked.
I'm sorry, but if someone runs up and connects something to my data port on my phone, I am pretty sure I am going to notice it.
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
Yes it is. The contents of a mobile device should only ever be stored in persistent storage in an encrypted form, so that it's only accessible externally with the device's cooperation. The software on the device should only cooperate with properly authenticated external software. To avoid bricking the device, you might want to provide a mechanism for externally replacing the entire contents of the device's internal storage, but if you do this without first taking a backup (which you can't do without the device cooperating) then you can't install anything nasty on the device without the owner knowing the first time they try to access their data.
I am TheRaven on Soylent News
Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up. Mine certainly did four years ago, although I've never used it, since I tend to sync via bluetooth, but it was one of the cheapest ones available back then (free with the cheapest contract on offer).
I am TheRaven on Soylent News
From TFA:
"It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly."
Ask anyone in the mobile forensics field, and they will tell you what a joy it is to have so many choices of software/hardware that can get data from every mobile phone out there. [/sarcasm]
Take a look through the documentation of any of the mobile phone forensic software packages, and you will find that one company supports this phone, another company supports that phone, etc. You will also find a very slow process in updating to support additional phones. The differences between hardware, firmware, and file systems on the devices vary too greatly right now, even from the same manufacturer.
Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up
Maybe I'm crazy, but I would say there has been a trend of my un-moderated comments being hit with the "overrated" tag. And being as the "overrated" tag seldom (if ever?) comes up for meta-moderation, it is a pretty bullet-proof way for someone with an ax to grind to knock down the comments of someone they don't like.
You could be right. It may be that someone honestly felt that this product is irrelevant and nobody cares where it is sold or how much it costs. And I wish I could believe that is the case. However, this trend suggests otherwise.
And on top of that, how often do you actually see the "overrated" tags applied in general contexts around here? I've seen plenty of posts of questionable merit moderated up to +5. Yet somehow my posts are being knocked down as "overrated" - sometimes while they are still just at their starting score of +2.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
All, 1. This device supports a VERY small list of phones. 2. Of the phones that are supported, the device rarely works. due to firmware diversity inherent in all phones. 3. You have a better chance of getting the data out of your phone using bitpim (www.bitpim.org). 4. The company that sells the device (Paraben) is notorious for making (and selling) poor software and feeding off the FUD (Fear Uncertianty and Doubt) of local PD that don't know better. It's stories like this that the company uses to sell their product. 5. The company makes other products: like software to predict lottery numbers. Not sure that I would trust them with MY data.
...is good at what it does, but isn't the real problem getting your hands on the cell phone at all? When it's not charging at home, it's usually in my pocket and you'd have to be a pretty good pickpocket to steal and return it. I don't usually leave it anywhere due to thieves, so what would you do? Break into the locker at the gym? Ask me to borrow it to make a call? If I had something sensitive on it I wouldn't unlock it and give it to you. If you steal it or have a warrant it doesn't matter one bit what you'll hook it up to later. I'm sorry, but I really don't see any need for any of the features except in a B-class action movie.
Live today, because you never know what tomorrow brings
Despite the proliferation of mobile phones & wireless email, no one comes close to the blackberry platform for features & security. Not iphone, not windows mobile, not nokia. Some very smart people at RIM have looked at wireless email from end-to-end.
Um- wrong. Blackberry wanted to get government contracts, so they went through all the government security requirements.
You make it sound like this is some sort of rocket science. It's preposterous to suggest that only RIM has the talent to design a "secure" phone. It's not a matter of talent; it's a matter of whether or not the market demands it. We've seen it with the iPhone; after the initial crazy rush for v1.0, v2 has much more for enterprise users.
What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.
You incorrectly assume that RIM wants to compete in a "cool" market. Many companies purposefully restrict the market they target.
Please help metamoderate.
anything that you know could be used on a blackberry....app wise, i still cant get one that does...
I am sure seeing as a blackberry has a port that it can be read, but i am not sure how well....is there not encryption?
Proprietary encryption, like any other proprietary software, is untrustworthy. You don't really know what you have or who can read the encrypted data when it's encrypted with proprietary software.
Digital Citizen
I don't care if it's "traceable", ... I just want to find a way to get my contacts synced from my phone! I tried the software on the nokia site, but it just doesn't work.
Where can I buy one of these things??
and why, if they can build that, can't any cell phone company (that I've found) seem to build a simple phone that will let me import my contacts to my computer???
I bought a "smart" phone, but I can't imagine it being any dumber.
Paraben has renamed PDA Seizure to Device Seizure, and it supports Blackberry forensics acquisition. Also, check out this link at blackberryforums.com that explains the caveats of blackberry forensics and data acquisition.
Remember the Alamo, and God Bless Texas...
how would verizon change what the hardware/firmware support. apart from getting moded informative for being a shot at verizon i doubt a network could change how the phone behaves when plugged into your pc.
Also if a phone doesn't support a function when plugged into a pc how is it going to support it when plugged into a piece of hardware with only a subset of the abilities a pc has
IranAir Flight 655 never forget!
Verizon overwrites the manufacturer's firmware with it's own crippled firmware. They do this to prevent you from putting your own multimedia and apps on their phones and instead force you to go through their store.
is an OS distribution, not a phone.
And unfortunately, it is next to impossible to get cell phone parts manufacturers to make their interface specifications open such that an open-source developer can make their software work with it. I doubt we will ever see OpenMoko make any real progress in the near-term future, or open-source software of any kind.
+++ATH0
Not to mention more basic functionality like syncing with another device. Verizon removes almost all Bluetooth profiles; I think I can tether my LG VX8300 to a computer, and can use my Bluetooth headset/remote "control", but OBEX and everything else is disabled.
If you look at the list of supported devices, you will notice that not a single Nextel phone is on there. Motorola makes the Nextel phones just like they make the phones that comprise almost 80% of the phones compatible with the CSI stick.
Why is this? Were the Nextel phones designed differently? Were the non-Nextel phones designed this way on purpose (with a back door)?
I know when I try to back up my contact list on my Nextel I have to enter the PIN. (I don't recall if it is the SIM PIN or the phone PIN.) Do the other Motorola phones require this?
Kudos to the first person who starts a company that will do this for average joes! I have my husbands old cell phone and would PAY to get the deleted text messages transcribed. Or the deleted pictures. Cheating spouses- watch your phone!