Slashdot Mirror

← Back to Stories (view on slashdot.org)

Criminals Remote-Wiping Cell Phones

Posted by samzenpus on from the this-phone-will-self-destruct dept.

An anonymous reader writes "Crafty criminals are increasingly using the remote wipe feature on the Apple iPhone and other business handsets, such as RIM's BlackBerry, to destroy incriminating evidence, the head of the UK's Serious Fraud Office Keith Foggon has warned. Foggon told silicon.com that the move away from PCs towards using mobile phones was causing a headache for crime fighters who were struggling to keep up with the fast pace of new handsets and platforms churned out by the mobile industry."

17 of 191 comments (clear)

  1. Woah by Anonymous Coward · · Score: 1, Interesting

    I can wipe my blackberry to make data irretrievable? I can do it remotely too? HOW?

    1. Re:Woah by Rorschach1 · · Score: 3, Interesting

      And there's probably a certain amount of hysteresis too, so maybe that 0.3 gets overwritten with a 1 to become 0.93, and then with another 0 to become 0.393, and you can recover previous values to a degree limited by the amount of hysteresis, sensitivity of the detector, and noise floor. Or at least that's the theory I've always heard on why you're supposed to overwrite hard drives multiple times... I've never actually heard of it being done, but the assumption has always been that 'they' have the ability to do it. Anyone care to provide more substantial information on the feasibility of this sort of recovery?

    2. Re:Woah by Xanius · · Score: 5, Interesting

      When I took my computer forensics class they showed that you could use a hex editor on a zero wiped floppy disk and recover most of the data that was on it previously.
      We had a guest speaker that told us some of what he does, he's a forensic analyst that pulls information from drives in criminal cases. He said that it takes somewhere around 72 hours to read a decent sized drive and costs around $10k to get it done.(It's been a few years so the details are fuzzy but that sounds about right)
      But he wasn't too specific on what tools they use etc. Something around 10 full wipes is easy enough to recover the original data but if you write over it and delete actual data it becomes more corrupted and harder to get back than just all 1 then all 0.

    3. Re:Woah by v1 · · Score: 3, Interesting

      any tool that accesses the drive's smart data can get this. the drive has to be directly connected to the computer, you cannot read smart via usb or firewire bridge. All drives track a small set of smart data including reallocated blocks. Most drives have additional smart parameters whose meaning varies.

      --
      I work for the Department of Redundancy Department.
    4. Re:Woah by v1 · · Score: 5, Interesting

      you can't easily pop those things open and mount the custom flash chip into some universal adapter

      Very very few devices use custom flash chips. The iPhone uses off the shelf standard flash memory chips. And in addition to readers that require the removal of the chip, there are units that have cables with clips that just attach right to the chip in the (powered off) device and can pull the data straight off.

      And yes you can pop them open pretty easy. Some ipods are harder to open than an iPhone.

      --
      I work for the Department of Redundancy Department.
    5. Re:Woah by jcuervo · · Score: 3, Interesting

      Two things.

      First, ever had a magnet accidentally come into contact with your TV? Ever tried to fix it with another magnet, and deemed it "close enough"? There you go. You are a floating head. Your TV is a disk platter.

      Second, hand in your geek card.

      --
      Assume I was drunk when I posted this.
  2. I can't be the only one on /.... by bistromath007 · · Score: 5, Interesting

    ...who took one look at this and thought "good."

    1. Re:I can't be the only one on /.... by Constantine+XVI · · Score: 3, Interesting

      Actually, if you slot a microSD card in a BlackBerry, you can set it up to encrypt the card along with the rest of the device, and it's scrubbed along with everything else if too many wrong passwords are entered in*

      *The password and encryption is done device-side, so it even works in Linux.

      --
      "I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
  3. photos by bbdd · · Score: 4, Interesting

    Don't forget to view the photos. I thought the photos were more interesting than the article.

    http://software.silicon.com/security/0,39024655,39270417,00.htm

  4. Laptops and cell phones for the paranoid by davidwr · · Score: 2, Interesting

    If you are really paranoid, you'll want your laptop or cell phone to:

    • encrypt everything but the bootstrap code
    • store part of the encryption key off-device, such as on a memory stick
    • store part of the encryption key on-device and destroy it after a certain number of failed access attempts or after a specified time period since the last authorized access
    • the on-device key could not be copied without tampering with the device
    • tamper-resistant, preferably destroying the on-device part of the key if the device is tampered with or the battery removed

    With this, only experts will be able to copy your device much less decrypt it, and they will have a limited time window to do the copy.

    Such a phone or laptop would be good for crossing national borders or any other place where it is subject to search or seizure. If the border guards take it and try to copy it, they may give you back a brick, but at least they won't have anything useful.

    Of course, this means you should have your irreplaceable data someplace else for safe-keeping. Think of your phone or laptop as a "convenience copy."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  5. Re:First POST by Lumpy · · Score: 4, Interesting

    if the cops had any brains they would shut off the phones (remove battery) the second they get it and then give it to forensics that should have the IQ to operate it in a faraday cage so that it cant be tampered with remotely. Do they take laptops and PC's they capture and hook them to the net and turn them on? Why do they connect phones to the network when they look at them?

    Come on, I though they taught the police how to handle evidence. Are you telling me that CSI tv show is a LIE!!!!

    --
    Do not look at laser with remaining good eye.
  6. We remote wipe our data in hands of criminals by Ilgaz · · Score: 3, Interesting

    Sorry it sounds like a "In Soviet Russia" thing but it is true.

    Symbian/WinMobile smart phones have tools to lock the handset remotely or in case of new Kaspersky antivirus/security or other 3rd solutions, you can remotely instruct phone to delete all personal data irrecoverably and lock itself. I am almost sure Blackberry, being an enterprise focused device must have similar option.

    Once the Apple decided not to allow background running processes, they lost that possible solution. Not just they don't allow anyone to implement it, they don't implement it themselves too.

    It is a completely fool safe thing. User sends a previously set SMS to device, device locks itself. Or in Kaspersky case, it doesn't just lock itself, it wipes its data and optionally transforms itself to a white hat (for you) rootkit/trojan and sends the number of first SIM card plugged to device to previously set number.

  7. I love my Treo by Zorque · · Score: 2, Interesting

    I have a program on there that'll reformat the hard drive and zero everything else out, as well as disabling the SIM card, if I text it a certain phrase. Of course, it isn't all that helpful if whoever gets ahold of my phone just turns the radio off or removes the antenna so it can't receive that message, but I guess I have to count on criminals not knowing much about PalmOS since it's apparently a dying platform or something.

  8. I wish I could've said it was erasable... by Anonymous Coward · · Score: 1, Interesting

    I worked at a high school that was administering standardized tests--standard procedure is that cameras and phones stay in backpacks to keep students from leaking the exams. Makes sense.

    Turns out a few students are so phone addicted they put their phone in their pocket, ask to use the bathroom, and whip the phone out the second they enter the hall. The phones were quickly confiscated by a hall monitor.

    Being the school's sysadmin, there was insistence that I check every one of these confiscated phones for evidence of trying to leak exam information--page pictures, text messages, etc. Of course, I found nothing.

    I explained that, IF the students were in fact doing this, they could easily delete any evidence they were leaking information--picture archive and sent-messages folder. I was looked at as if I had grown a third nipple--I might as well have been speaking Farsi.

    BTW, there's a feature I want in a camera phone. Upon pressing one key, the camera phone commits to taking a picture and immediately e-mailing it to a predetermined e-mail address. That way, should a person/police officer take the phone or swat it out of your hand, it's too late, unless they can physically break the phone or remove the battery within the 3 seconds the picture takes to send...

  9. Re:First POST by smoker2 · · Score: 2, Interesting

    A Faraday cage needs the cage and the object to be electrically separated. Otherwise, you just gave your device a big antenna.

  10. Re:First POST by MightyYar · · Score: 2, Interesting

    I suppose if you are an organized crime syndicate, yes, they are interfering with your business plan. Perhaps you should inform all of your employees, er... henchmen, to please refrain from leaving their iPhone at any crime scenes they have created.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  11. Re:First POST by KGIII · · Score: 2, Interesting

    Wrapped carefully and it did not ring. :)

    --
    "So long and thanks for all the fish."