Slashdot Mirror
Criminals Remote-Wiping Cell Phones
An anonymous reader writes "Crafty criminals are increasingly using the remote wipe feature on the Apple iPhone and other business handsets, such as RIM's BlackBerry, to destroy incriminating evidence, the head of the UK's Serious Fraud Office Keith Foggon has warned. Foggon told silicon.com that the move away from PCs towards using mobile phones was causing a headache for crime fighters who were struggling to keep up with the fast pace of new handsets and platforms churned out by the mobile industry."
...who took one look at this and thought "good."
Criminals destroy evidence that could be used against them. News At 11.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Magnetism is an analog property used to store digital information. A bit can be wiped so that a standard detector would read it as a zero, but the bit may be legible by a more sensitive detector.
For instance, say that anything above "0.5" (half of the full possible theoretical strength of the magnetic field there) is a 1, and anything below is a 0. Maybe, the drive would actually write "0.9", which would be correctly interpreted as 1. If that number was blanked, maybe it becomes "0.3"....low enough to be a 0, but maybe another detector could tell the difference and know what the original value was.
It is pitch black. You are likely to be eaten by a grue.
Remember, this is flash, not magnetic bits stored on a spinning metal platter were header drift and other things would theoretically allow you to retrieve data that has long been removed.
Recovering from (intentionally overwritten flash) may be considerably harder than a traditional drive. Most flash recovery apps for cameras, etc. are really just reading the stray bits, as the formatting, etc. does not actually wipe each sector (because flash is rated in number of write operations the individual bits can support before going bad, so you want to minimize that).
Overwriting a flash storage partition on an iphone or other device also makes this harder because you can't easily pop those things open and mount the custom flash chip into some universal adapter and read its filesystem like you can do with any old hard drive (they even make forensic, read only, hard drive enclosures).
So I zero out the data on my iphone, and well, there aren't any jailbroken or app store apps that you can run on the damn thing to do a low level recovery anyway, and I don't know of any target disk raw access mode to the device when attached to a computer that is available outside of apple's developer labs.
I'm glad these articles focus on the negative facts that police have trouble with, and not the USEFUL part of remote data wipe so that millions of customers data can be deleted when a device is lost, instead of having that information in the hands of people that could do some damage. I'll take a wipe of evidence for that security any day.
PS: For remote wiping, you need to be on a BlackBerry Enterprise Server (BES), which usually means your BB is company-issued. If you need it nuked, call up your admin and ask him to trigger the remote wipe. Keep in mind that the BES can (and usually does) track anything and everything that happens on a BES-connected BB, so a wipe will do nothing to hide things from your company.
"I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
Not to mention right near the top of the ARTICLE ITSELF:
"Because we isolate the devices immediately, and never reconnect them to their network, the remote wiping capability does not present us with much of a problem," he noted.
Um, so the problem is? Talk about sensationalism.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Modern hard drives pack bits *very* densely. The bits overlap by a large amount. The technology to determine whether a bit is 1 or 0 by calling everything above 0.5 a "1" is already necessary to read the bit *normally*. Writing random data to the drive is enough to make any active sectors unrecoverable.
However, modern drives have a huge count of spare sectors, and sectors get retired constantly, and there's no way to wipe those with normal reads and writes. So there's a random sampling of everything you've ever written stored in the retired sectors of a hard drive, and no in-band way to wipe those sectors.
The is why the government standard for hard drves that have ever contained classified information is to shred the hard drive so that the pieces fit through a 1mm sieve. Of course, in reality, the government is just as likely to sell the drives unwiped on Ebay, but that's bureaucracy for you.
Socialism: a lie told by totalitarians and believed by fools.
When I took my computer forensics class they showed that you could use a hex editor on a zero wiped floppy disk and recover most of the data that was on it previously.
We had a guest speaker that told us some of what he does, he's a forensic analyst that pulls information from drives in criminal cases. He said that it takes somewhere around 72 hours to read a decent sized drive and costs around $10k to get it done.(It's been a few years so the details are fuzzy but that sounds about right)
But he wasn't too specific on what tools they use etc. Something around 10 full wipes is easy enough to recover the original data but if you write over it and delete actual data it becomes more corrupted and harder to get back than just all 1 then all 0.
you can't easily pop those things open and mount the custom flash chip into some universal adapter
Very very few devices use custom flash chips. The iPhone uses off the shelf standard flash memory chips. And in addition to readers that require the removal of the chip, there are units that have cables with clips that just attach right to the chip in the (powered off) device and can pull the data straight off.
And yes you can pop them open pretty easy. Some ipods are harder to open than an iPhone.
I work for the Department of Redundancy Department.