A Device to Grab Data From Cell Phones

what about writes "Apparently there is a quick, simple, and undetectable way to grab all of your cellphone data. CNet reports on the Cellular Seizure Investigation (CSI) Stick, developed for law enforcement but available to the public, which 'connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.' I use mobile knox, a secure storage application, for my important data, but I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone."

This only works on SOME phones

[davidwr]

Phones without a data port are immune.

Phones whose firmware will not send a particular piece of data over the data port are immune as long as the firmware isn't updated. Updating the firmware leaves a trace.

This goes to show that in many cases, physical access is ultimate access.

I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.

Re:This only works on SOME phones

I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.

You know what those "secure" phones are called? Blackberries. Go buy one today!

On a blackberry, you can have all content on the phone strongly encrypted with AES. If your company has a blackberry enterprise server, you can even make this mandatory and prevent the user from disabling content encryption.

If content encryption is on, then the blackberry won't send data via the data port or bluetooth until the password is entered. Enter the wrong password 10 times and the blackberry securely wipes itself.

Despite the proliferation of mobile phones & wireless email, no one comes close to the blackberry platform for features & security. Not iphone, not windows mobile, not nokia. Some very smart people at RIM have looked at wireless email from end-to-end. The blackberry platform has also been audited from end-to-end by many governments and tech experts. What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.

Re:oye!

[plover]

I always knew that cell phones are vulnerable, but to know there is a device which can basically clone your data out, with NO trace, that's downright scary! Even when LOCKED? We should start reading our contracts and our EULAs on our phone, somehow, somewhere, there's got to be something to rely on legally, if this can happen.

Such a device is called a "computer", and many people already own one. By means of a secondary device, called a "USB cable", one can attach a computer to a cell phone and read the contents from it.

If you read the "instruction manual" that comes with your cell phone, you can see plainly that a cable can be connected between the phone and the computer and the contents read from it. No phone manual I have ever read says anything about authentication of the USB cable connection. Therefore you have already been informed of as much as you need to know, legally.

Re:Wait... "troublesome for corporate employees"?

[EdIII]

You completely missed the point. This is not about the employee being able to keep their actions private from the world, or even their own employer. It is about the company being able to keep their actions private from the world, which obviously includes the actions of all of their employees.

It is a completely reasonable expectation, and indeed quite desirous by corporations, that an employee be able to maintain some level of privacy (and security) from the rest of the world. So when the article mentions that it is "troublesome for corporate employees" it is really talking about the implications for security for the entire company.

Re:Non free is always this way.

[davolfman]

It's a failure of security through obscurity. The cell phone companies have concentrated so much on selling the syncing systems for absurd amounts that they never bothered to actually secure the interface.

Re:How much? Where?

[GodBlessTexas]

Yeah, you can find it at csistick.com. Price is $299 for the hardware + Device Seizure Lite software to access the acquired data.

I have a couple of these at work, since my job is as a forensics investigator, and they're nifty, but they're very limited in what you can do with them since they only support Motorola and Samsung. There are better tools out there:
PDA Seizure, Cell Seizure, Pilot-Link (Open Source), BitPIM (Open Source), ForensicSIM, etc.

Re:Troll, mod down

[TheRaven64]

Yes it is. The contents of a mobile device should only ever be stored in persistent storage in an encrypted form, so that it's only accessible externally with the device's cooperation. The software on the device should only cooperate with properly authenticated external software. To avoid bricking the device, you might want to provide a mechanism for externally replacing the entire contents of the device's internal storage, but if you do this without first taking a backup (which you can't do without the device cooperating) then you can't install anything nasty on the device without the owner knowing the first time they try to access their data.

Re:Probable Cause and Warrants

[Xonstantine]

Clarence Thomas, as everyone not blinded by Republican loyalty knows, isn't a "Constitutional" justice. He's a rightwing pawn.

Statements like this is why you're a commie stooge, Doc. Clarence Thomas has been on the side of individual rights far more often than Ginsburg, Souter, Stevens, or Breyer.

Kelo vs Connecticut...who sided with government power and who sided with individual property rights?

Heller vs DC...who sided with government police power and who sided with an individual's right to self defense?

Raich vs US...who sided with personal growth and consumption of marijuana and who sided with the government's prosecution of such under the Commerce Clause?

As for the expectation of privacy when crossing the border, there has NEVER been an implied or explicit right. The US government has always maintained the power to search your belongings on entry. Your allegation that Thomas is somehow throwing out the Constitution with this decision illustrates your basic ignorance on the Constitution, Constitutional law, and Clarence Thomas...in other words, par for the course for you.

Re:Plot Device Failure.

[Anachragnome]

That is precisely the sort of crap they spooned out when Verichip tried to persuade parents it was a good idea to have their kids RFID chipped ("If your kid is lost or kidnapped, they can be located!").

And that, my friends, was just the first salvo in the attempt to get people-chipping popularly accepted.

As I once said, the day they start chipping people is the day I start offering my services to remove them and feed them to the migrating geese that pass through our area, in little balls of bread dough.