Cell Phone Security and Secrets
BIG BROTHER BIG BUSINESS
Researchers Crack Cell Phone SECRETS
In 1973, Marty Cooper invented the mobile phone.
Signaling System Number 7 is used by Intelligence Agency's to spy on you.
SS7 Hack Explained and what you can do about it. Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure.
The SS7 breach Signalling System Number 7 (SS7) is not secure. It means anyone with a mobile phone can be hacked, can be bugged, can be harassed.” You could be bugged, tracked and hacked from anywhere in the world. It's long been the dirty little secret of international espionage. What it means is that your smartphone is an open book.” 60 minutes Hacking Your Phone
The flaws, which have been around for nearly 3 decades, are “really not much of a surprise” to Christoph Erdmann
“The implications of it are enormous and what we find is shocking is that the security services, the intelligence services, they know about this vulnerability.” 1
Information exchanged between different mobile networks expose users to fraud and privacy risks. With the support of the German hacker Luca Melette, Mr Coulthart demonstrated how to track its interlocutor by exploiting the security issue into the SS7.
In 2014, researchers demonstrated that SS7, which was created in the 1980s by telcos to allow cellular and some landline networks to interconnect and exchange data, is fundamentally flawed. Someone with internal access to a telco - such as a hacker or a corrupt employee - can get access to any other carrier's backend in the world, via SS7, to track a phone's location, read or redirect messages, and even listen to calls.
Researchers discovered security flaws in SS7 that allow listening
to private phone calls and intercepting text messages on a potentially massive scale - even when
cellular networks are using the most advanced encryption now available. The flaws, to be reported at a
hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes - such
as
keeping calls connected as users speed down highways, switching from cell tower to cell tower - that
hackers
can repurpose for surveillance because of the lax security on the network. It is thought that these flaws
were used for bugging German Chancellor Angela's Merkel's phone.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or
record hundreds of encrypted calls and texts at a time for later decryption (Google
translation of
German original). There is also potential to defraud users and cellular carriers by using SS7
functions, the researchers say. This is another result of security being considered only after the fact,
as
opposed to being part of the initial design.
FACT
lmost anyone can set themselves up as a telco, or buy access to the backend of one. The
proposed replacement for SS7 on 5G networks, is the Diameter protocol,
also has security holes, according to the Communications Security, Reliability and Interoperability
Council at America's comms watchdog, the FCC.
- hackers can access every conversation and text message mobile users send from everywhere in the world. Hackers can spy on every mobile phone user wherever it is.
- How SS7 Flaw Gives Hackers Easy Access to Your Private Phone Calls. What You Can Do About It (White Paper)
- Huge Security Flaw Left Billions of Smartphone Users Vulnerable
- SS7 Phone-Switch Flaw Enabled Surveillance
- HOW TO DEFEAT SS7 - over-the-top (OTT) services - they transmit over the
communication
networks of large carriers but not under their control, keeps your conversations, messages and e-mails
safe from any underlying network vulnerabilities.
“Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure,” principle technologist Christopher Soghoian told Gizmodo. “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.” [0] - How to cross the US border:
1. Make sure your devices are encrypted and have PINs/passwords.
2. Turn them off before Customs.
3. Pray.
2017 GOD DAMN
THOSE BASTARDS!
Signaling System 7 protocol - the magic glue used by cellphone networks to communicate with each other ALLOWED THIEVES to EXPLOIT SS7 and intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts.
“Caller ID” apps
China's WhatsCall, Sweden's Truecaller, and Israel's Sync.me have created searchable
databases of some 3 billion phone numbers and associated identities. anyone who has downloaded these apps
can discover who that number belongs to. There are smaller competitors too; Whoscall, Hiya, and
CIA
App among them. Users (or non-users) who wish to remove their personal data from the company's
database can contact whatscall@cmcm.com.
Detecting When a Smartphone Has Been Compromised
While this device may prevent the phone from disclosing its location in real-time it will not prevent the
device from recording the sound in its vicinity nor prevent it from using its motion sensors as an
inertial
navigation system. Later, once its wireless capability is reactivated, it can report both. It seems to me
that of you are concerned enough to see your threats at this level you need to acquire good security
trade-craft and take other precautions, such as only using a mobile with a removable battery and pull it
out
before you set out for a meeting or leave it on (so it looks like your are at your home or office) and use
a
"burner"phone that is never operated near your normal mobile's locations and is discarded after
each meeting.
WHEN THE FBI HAS A PHONE IT CAN'T CRACK, IT CALLS THESE ISRAELI HACKERS
2016 METADATA Even basic phone logs can reveal deeply personal information, researchers find according to US researchers who used basic phone logs to identify people and uncover confidential information about their lives. Armed with anonymous “metadata” on people's calls and texts, but not the contents of the communications, two scientists at Stanford University worked out individuals' names, where they lived and the names of their partners. But that was not all. The same data led them to uncover potentially sensitive information about some individuals. One man was found to own a rifle, while another had recently been diagnosed with an irregular heartbeat. Other data pointed to a new pregnancy, a person with multiple sclerosis, and an individual who was gearing up to grow cannabis. The results highlight the extraordinary power of telephone metadata - the number called, when, and for how long - particularly when it is paired with public information available from services such as Google, Yelp and Facebook.
SECURIING A TRAVEL IPHONE I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus convenience. Don't to use anything older than an iPhone 5S, it wouldn't have the TPM. Needless to say, use long unique passwords everywhere.
Used Vintage 1960's Cap'n Crunch Bo'son Whistle Blue Phone Phreaker 2.6khz free calls
On this day in 11/17/1963, Bell Telephone introduced / installed world's 1st push-button phones in Carnegie and Greensburg Pennsylvania. "Customers needed to be convinced to use the new phones . . . after decades of using the rotary dial method." The tone phone was also a new development. Developed in the US by Bell in the 1950s, it meant that two simultaneous tones were sent to the exchange to represent the key pressed - and the tones only needed to be applied for milliseconds. With the rotary dial system, a number of electrical pulses were sent to the exchange and it took a whole second to pulse dial '0'. Early keyphones also merely stored the numbers before sending them on more slowly, at least until the local exchange was converted to digital. Tone phones allowed for additional features such as Caller Return, Caller Display, Reminder Call, Call Waiting, Three-way Calling, Call Diversion, Call Barring, Call Minder and Call Sign.
Area code 710
Area code 710 is a special area code, reserved to the federal government of the United States in 1983. As
of December 2006, it had only one working number, 710-NCS-GETS (710-627-4387), (insights) which
requires
a special access code to use. See Government Emergency Telecommunications Service for more information on
this service. You can get these for all sorts of stuff - Running a critical network, supporting critical
application, leadership of organizations that impact health and safety, key personnel at hospitals,
etc.
https://www.dhs.gov/publication/getswps-documents
I have seen first hand a large VoIP carrier reach out to an ITSP because one of their end subscribers was
scanning the 710 number space either manually or not. And it was within a few minutes after the scan
started. This type of activity (and others too) will set off all kinds of alarms at phone providers. Little known
fact: sometimes the other exchanges in area code 710 will translate to places going to military
bases
and such, depending on the time of year. The best way to tell is by calling 710-867-5309. If you get a
recording saying "You are using <long distance provider>" followed by a not in service
recording, well, it worked. If you'd care to look around random exchanges and thousand blocks, you might
be
in for a fun day. Or a knock at your door. But yeah - it's all the luck of the draw. Some phone people
have
had varying levels of luck with other things involving that area code as well:
Wireless Priority Service
Current usage of 710 GETS is intended to be used in an emergency or crisis situation when the landline
network is congested and the probability of completing a normal call is reduced. It provides alternate
carrier routing, high probability of completion, trunk queuing and exemptions from network management
controls. There is currently only one known working phone number in this area code. A special access code
of
12 digits is required for using the service. Upon dialing this phone number, the caller hears a mechanical
beep which prompts the caller to enter the access code. If a correct code is entered, they are prompted to
dial the destination number (area code + number). If an access code is not entered at the beep, the call
is
then redirected to a live human operator who then asks for the access code.
http://hn.premii.com/#/article/14529079 https://news.ycombinator.com/item?id=14529079
GETS supports modems and secured telephones (STU-III), which in turn support secure modem connections: https://en.m.wikipedia.org/wiki/STU-III There are also VPN via VSAT connection too:
World's First Mobile Phone (1922).
Mobile phone technology and music on the move was not only being thought of but being trialled. Sweden's
Lars Magnus Ericsson invented the world's first car phone in 1910. Sure, it didn't work unless he hooked
it
into wires along the side of the road. But it was mobile. And as far back as 1922, a British newsreel was
showing off a mobile phone that didn't need wires. You can see it in the video above, and what a sight it
is. Shot in NY and demonstrated by two Jazz Age women, it uses an umbrella as an antenna. It ropes in a
fire
hydrant too. And somehow, it lets them call up some tunes from a distant operator, as if they dialing into
some sort of Roaring '20s Spotify service.
Mad Hats. Holborn, London. 1954
Inspector General Says FBI Not Doing Enough To Prevent Abuse Of The Cell Phone Investigative Kiosk Cell Phone Forensic Equipment By Law Enforcement Officers
Federal court in Pennsylvania holds that the Fifth Amendment protects smartphone passcodes
HOW TO BLOCK NUMBERS THAT HAVEN'T CALLED OR TEXTED YOU FIRST
Consumer Support Wireless Application
Service Provider's Assoc.
1. Report SMS scams and spam
2. Report unwanted billing
3. Lodge a complaint
4. Contact WASPA
NOTE: The corrupt U.S. Telcom System
relies on the Tower infrastructure so when towers are knocked out, mobile phone handsets become useless.
Executive Order 12333 governs most of the NSA's spying. The documents confirm our suspicions that the NSA relies heavily on EO 12333 and that the order, therefore, deserves far more scrutiny than it has received. This vindicates those who've been warning us about the scope of the NSA's surveillance activities under the executive order — including a former State Department official who has tried to draw attention to its wide-ranging uses. The scope of the government's surveillance authority. It's worth asking whether those policy debates had to take place in secret. Based on these documents, it's clear that they should have taken place in public. Here's how the NSA itself describes EO 12333 in an internal surveillance manual from 2007 (all highlighting is added): USPs" refers to "U.S. persons," which the government defines as American citizens or organizations, as well as legal residents.
STINGRAY
phone networks are insecure
FBI's
Digital Collection System Network
You can always zero into one signal among many signals, if you have enough data. You don't need to
hack
anything—just analyze the signals in the air.
The bureau's technological communications monitoring program a Wireless Intercept and Tracking Team, a
unit
set up specifically for targeting cell phones. Using StingRay, made by
Harris Corp whenever a cell phone communicates with a cell tower, it transmits an
International Mobile Subscriber Identity, or IMSI. AirCards like a cell phone, have an IMSI. The
government has a gadget that masqueraded as a cell tower, that tricks your AirCard into handing over its
IMSI, which was then matched up to the IMSI connected to anything else you do online. The
StingRay is a suitcase-size device that tricks phones into giving up their serial numbers (and,
often, their phone calls and texts) by pretending to be a cell phone tower. IMSI catchers used
(inadvertently) against prison guards apparently did bulk surveillance.
Long-Secret Stingray Manuals Detail How Police Can Spy on Phones Harris Corp.'s Stingray surveillance device has been one of the most closely-guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile-phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet.
Spy agencies target mobile phones, app stores to implant spyware Users of millions of smartphones put at risk by certain mobile browser gaps, Snowden file shows
SIRI is recording everything you say, your contacts, and sometimes your location.
A Triple-A Approach to Telephone Security
2015 Spies Can Track You Just by Watching Your Phone's Power Use
2015 SIM cards hacked by U.S. and U.K. spies | US and UK accused of hacking Sim card firm to steal codes
Gemalto security for 113 nationalities, 3,000+ banks, 450 mobile networks, 80 e-gov programs http://t.co/bkSbWaUf3o pic.twitter.com/z5nHKRlvB2
— Cryptome (@Cryptomeorg) February 20, 2015
When Gemalto sends copies of SIM crypto keys to cell carriers, they often use email and FTP. What could possibly go wrong?
2015 Verizon's Zombie Cookie Gets New Life Verizon is merging its cellphone tracking supercookie with AOL's ad tracking network to match users' online habits with their offline details. That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — “your gender, age range and interests.” AOL's network is on 40 percent of websites,
How to Use a Cellphone Without Being Spied On the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The secret operation targeted the Dutch company Gemalto. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.
10/5/14 Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency) after Apple announced encrypting more of the storage on their handsets, and claiming to not have a key.
JAILBREAK PHONE
2016 Companies Can't Legally Void the Warranty for Jailbreaking or Rooting Your Phone Under the Magnuson-Moss Warranty Act of 1975, manufacturers cannot legally void your hardware warranty simply because you altered the software of an electronic device. In order to void the warranty without violating federal law, the manufacturer must prove that the modifications you made directly led to a hardware malfunction. “They have to show that the jailbreak caused the failure. How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law
2014 How the NSA
Could Bug Your Powered-Off Phone, and How to Stop Them You can totally and completely turn off your
iPhone so no one—not even the NSA—can use it to spy on you. http://www.jailbreakme.com/
Video tutorial on putting your iPhone into DFU mode
If you enter DFU mode incorrectly—say, by screwing up the timing of the shutdown procedure—it's possible for malware to detect your intention and fake even that obscure state of semi-death. But if the button sequence is performed correctly, no malware will be able to override it. And even imagining malware clever enough to anticipate and impersonate DFU mode starts to stretch credibility, says McDonald. “At that point” he says, “you're talking about a countermeasure to a countermeasure to a countermeasure.” Countermeasures against countermeasures are exactly the stock-in-trade of the world's best hackers. But even paranoia has its limits. At some point, it may best to give up the game and leave the phone at home—or in the nearest fridge.
Stingray
FOR MEDIA OR PR INDIVIDUAL
Media release sample can be utilized in part or in whole as appropriate for each Law Enforcement
Agency
(LEA). Statement on Cell Site Simulators (Date) Unclassified (U)/ For Official Usage Only (FOUO
Stingray Phone Trackers
9/1/14 Android security mystery - 'fake' cellphone towers found in U.S. Origin of towers 'unknown'. Possibly Stingray Phone Trackers? According to Popular Science, they may have a malicious purpose. Are fake towers used for wiretaps? It's a Stingray phone tracker. The Stingray is an IMSI-catcher with both passive (digital analyzer) and active (cell site simulator) capabilities. When operating in active mode, the device mimics a wireless carrier cell tower in order to force all nearby mobile phones and other cellular data devices to connect to it.
3/27/14 POLICE KEEP QUIET ABOUT CELL-TRACKING TECHNOLOGY
Stingray was loaned to the department from a private manufacturer who in turn required a nondisclosure
agreement. "A nondisclosure agreement is typically a civil agreement between two or more parties over
a
commercial contract," Christopher Torres, a Tallahassee defense lawyer, told Watchdog.org.
"They're saying because it's a cell phone they don't have to get a warrant, but it's basically a
wiretap," Torres said. "You cannot say something is protected by a trade agreement and that
somehow trumps the U.S. Constitution." According to Ars Technica, Stingrays are exclusively
manufactured by the Harris Corp., a Melbourne-based telecommunications company. Earning $5 billion in
annual
revenue, Harris Corp. supplies electronic equipment to government, defense and commercial sectors.
A Stingray device tricks all cellphones in an area into electronically identifying themselves and
transmitting data to police rather than the nearest phone company's tower. Because documents about
Stingrays
are regularly censored, it's not immediately clear what information the devices could capture, such as the
contents of phone conversations and text messages, what they routinely do capture based on how they're
configured or how often they might be used. Stingrays are one of several new technologies used by law
enforcement to track people's locations, often without a search warrant. Stingrays are designed to locate
a
mobile phone even when it's not being used to make a call. The Federal Bureau of Investigation considers
the
devices to be so critical that it has a policy of deleting the data gathered in their use, mainly to keep
suspects in the dark about their capabilities, an FBI official told The Wall Street Journal in response to
inquiries. These techniques are driving a constitutional debate about whether the Fourth Amendment, which
prohibits unreasonable searches and seizures, but which was written before the digital age, is keeping
pace
with the times. Police won't disclose details about contracts with the device's manufacturer, Florida
based
defense contractor Harris Corp., insisting they are protecting both police tactics and commercial secrets.
Amber
Jack
9/22/14 FBI gags state and local police on capabilities of cellphone spy gear. "Fake cellphone tower" because it tricks individual phones into routing their calls and other data through the surveillance equipment. The Takoma police were buying gear produced by Harris Corp., a Florida-based company that makes the StingRay and other IMSI catchers used by law enforcement agencies across the country. The Federal Communications Commission authorizes the sale of such surveillance equipment to state and local police departments on the condition that they first sign an FBI “non-disclosure agreement.
GSMK CryptoPhone secure your life.
5.24.14 Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones Kaspersky has tracked more than 350 command-and-control servers created for this purpose in more than 40 countries. While Kaspersky found only one or two servers in most of these countries, the researchers found 64 in the United States—by far the most. Kazakhstan followed with 49, Ecuador with 35 and the United Kingdom with 32. It's not known for certain whether law enforcement agencies in the U.S. use Hacking Team's tool or if these servers are used by other governments. But as Kaspersky notes, it makes little sense for governments to maintain their command servers in foreign countries where they run the risk of losing control over the servers. users manuel
2014 EPPB SOFTWARE or Elcomsoft Phone Password Breaker will download their victims' data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud, EPPB lets anyone impersonate a victim's iPhone and download its full backup rather than the more limited data accessible on iCloud.com.
Locating the command servers
One of the most important things we've uncovered during our long and extensive research is a specific
feature than can be used to fingerprint the RCS command servers (C2s).
4/9/14 NSA's monitoring of Wi-Fi on US planes The Feds Cut a Deal With In-Flight Wi-Fi Providers, and Privacy Groups Are Worried. Larry Klayman filed the lawsuit, Judge Leon issued a preliminary ruling against the NSA but stayed it, and Klayman unsuccessfully tried to get the Supreme Court involved before the Court of Appeals has ruled. According to a letter Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users. “CALEA itself is a massive infringement on user's rights,” says Peter Eckersley of the Electronic Frontier Foundation. “Having ISP's [now] that say that CALEA isn't enough, we're going to be even more intrusive in what we collect on people is, honestly, scandalous.”
Thats why it is nice to have a removable battery and/or a package made from heavy duty aluminum foil. I've heard the Fort's own employee gift shop sells RF shielding bags. Such is required to even store the phone in their lobby. And unlike the techniques discussed in the WIRED article, no Apple update [or more important "really from NSA" update] can neuter the bag's functionality. [A fun study would look at the shielding provided by the bags and other defenses, such as metal cookie tins, ancient coffee cans that needed church keys, etc....] Do, however, turn the phone "off" and put it in the bag well before you reach your clandestine rendezvous, as I'm sure they track/log just where it went dark; and if 2 people's phones do so at the same time/place, there must be a conspiracy under way. Even better is to 'loan' it to a friend going the other way for the afternoon.
2014 Cell Phone Guide For US Protesters Protesters want to be able to communicate, to document the protests, and to share photos and video with the world. So they'll be carrying phones, and they'll face a complex set of considerations about the privacy of the data those phones hold. We hope this guide can help answer some questions about how to best protect that data, and what rights protesters have in the face of police demands.
2012 Quarter of Eastern cell towers BLOWN down BY SANDY - FCC
An Effective Network
How to
Deregulate and Destroy the Bell Telephone Monopopoly
to help the citizens of the US benefit from competition in the marketplace. Stephen Colbert explains the
whole AT&T thing.
NETWORK INTERCONNECTION INTEROPERABILITY FORUM (NIIF) Technical Interconnection Arrangements for 500-Like Non-Geographic Services ATIS/NIIF-0013 Formerly ICCF 96-0913-015 40 pgs.[doc]
How To Protect Your Privacy - How to
Destroy Your Data
Before you throw out your cell phone for your new one make sure you destroy your data,
then you can recycle it.
I pulled the phone apart then punched holes into the chips. Then placed all parts in the recycle bin.
Total
Security and Privacy at last!
Fourth Amendment to the United States Constitution
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause..."
The federal law protecting Internet and telephone users' privacy was written in 1986 which does not protect a citizens privacy from the abuse by Police, Government, and Business in 2010. We need clear privacy protections that reflect the always-on, location-enabled, Web 2.0 world of the 21st century.
2013 Researchers have
found just using location information available at the cell towers is enough to identify you. In other
words, you can't hide any more, especially if they want to find you. Turning off GPS does not stop cell
phone tracking. If the phone is powered up, then its location is known. period. And remember, just
because
you "turned it off" does not always mean that it is turned off. If the radios in the phone are
powered,
then it is likely "ping ponging" with the cell towers and they know where you are.
2013 Security researchers have warned that mobile phones could easily be made into surveillance devices that can track users, record audio and video of their surroundings, and eavesdrop on their communications. The program, created by researchers at network security firm Kindsight, essentially turns any Android phone into a compromised bot, allowing the attacker to eavesdrop on communications, track location, download personal information and take pictures without the victim's knowledge. Known as NotCompatible, the malware turns an Android phone into a compromised node on a botnet, allowing an attacker to gain insider access to a corporate network. In addition, the researchers will show how they developed the architecture of the eavesdropping software and ways that it can be easily added as a Trojan Horse to any mobile app. Distribution of NotCompatible depends on compromised websites that have a hidden iframe at the bottom of each page. If a user visits a compromised website from an Android device, their mobile web browser will automatically begin downloading the NotCompatible application, named 'Update.apk'. Like any drive-by downloads, a user needs to install the downloaded application before a device will be infected.
10/26/2012 Judge Protects Cellphone Data On 4th Amendment Grounds, Cites Government's
Technological Ignorance
Magistrate Judge Smith points out that part of the issue is that the principals involved (the assistant US
Attorney and a special agent) seemed to lack essential knowledge of the underlying technology, and that
this
lack of knowledge prevented them from recognizing the overreach of their request.
Various US government agencies have spent a lot of time and energy hoping to ensnare as much cell phone
data
as possible without having to deal with the "barriers" erected by the Fourth Amendment. The feds, along with Los Angeles law enforcement agencies, have bypassed the
protections
of the Fourth Amendment by deploying roving cell phone trackers that mimic mobile phone towers.
The
FISA Amendments Act has been used as a "blank check" for wholesale spying on Americans and has
been abused often enough that the Director of National Intelligence was forced to admit these Fourth
Amendment violations publicly.
The good news is that a few of these overreaches are receiving judicial pushback. Orin Kerr at the Volokh
Conspiracy has a very brief writeup of a recent shutdown of another cellphone-related fishing expedition
led
by an assistant US Attorney. An attempt was made to acquire records for ALL cell phones utilizing four
different towers in the area of a specific crime at the time of the event. As Kerr notes, this ruling
refers
to the Fifth Circuit court decision that found cell phone data to be protected under the Fourth Amendment,
thus requiring a warrant to access it.
http://www.techdirt.com/blog/wireless/articles/20121024/18225920815/judge-protects-cellphone-data-4th-amendment-grounds-cites-governments-technological-ignorance.shtml
Cellphone companies simply have to sit back and hit “record. Sarah E. Williams, an expert on graphic information at Columbia University's architecture school. “We don't even know we are giving up that data.”
2012 In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information 2011 from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations. “I never expected it to be this massive,” said Representative Edward J.Markey, a Massachusetts Democrat who requested the reports from nine carriers, including AT&T, Sprint, T-Mobile and Verizon, in response to an article in April in The New York Times on law enforcement's expanded use of cell tracking. Mr. Markey, who is the co-chairman of the Bipartisan Congressional Privacy Caucus, made the carriers' responses available to The Times.
2012 Mobile Carriers Gladly Give Your Data to the Cops, But Not to You
Since 2011 thanks to the U.S. Supreme Court decision Millions of wireless subscribers probably don't realize that consumers can't file a class action suits against cartel Telco's.
ACLU Protect cell phone location data from government abuse 6/2010
When is a phone not just a phone? When a federal court declares it's a computer. But the man objected when federal prosecutors moved to make his sentence longer for use of a computer. Prosecutors argued his cellphone qualifies as a computer under the definition in federal law. U.S. District Judge Richard Dorr agreed, sentencing Kramer to 14 years in prison, a term that the judge said was more than two years longer than he otherwise would have imposed. Kramer appealed, arguing he only used his phone to make calls and send text messages, so it shouldn't be considered a computer. But a three-judge panel of the St.Louis-based 8th Circuit upheld the sentence, finding the federal definition of computer is broad enough to encompass cellphones
2012 Tools that can be used to turn on your microphone and turn your phone into a tracking
device. FinFisher product called FinSpy Mobile -- illustrate how the largely unregulated trade in
offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across
borders
and peers into peoples' digital devices.
http://www.bloomberg.com/news/2012-08-29/spyware-matching-finfisher-can-take-over-iphone-and-blackberry.html
WHAT CAN
THE COPS DO
- #Gizmodo shows us how to #Jailbreak and Unlock iPhone 3.0 which became illegal to do 1/26/13 http://ow.ly/hbUYx
- Cops can search cellphones w/o warrant. The decision by a federal appeals court means that police can search cell phones for evidence without first needing a warrant. Police don't need a warrant to search a cell phone for its number, a federal appeals court has ruled. The decision (PDF), issued by the U.S. Court of Appeal for the 7th Circuit, stems from an Indiana case in which prosecutors used evidence that police found on cell phones at the arrest scene to convict a suspect on drug charges.
- Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show. http://www.nytimes.com/2012/04/01/us/police-tracking-of-cellphones-raises-privacy-fears.html?_r=1
your privacy
PRIVACY
It's Tracking Your Every Move and You May Not Even Know
Cellphone companies do not typically divulge how much information they collect.
TRACKED With whom, when, how long and where - No longer innocent until proven guilty. Who you called and who called you. The data reveal who is a friend and who is family. The information shines light on clandestine connections as well as illicit love affairs. Every ten minutes, your phone checks in with your provider to see if there were new e-mails, a function that many smart-phone owners have activated. Since your phone is rarely turned off, your movements were tracked 78 percent of the time. Your data is retained for 6 months. You won't have any secrets. As long as a mobile telephone is turned on, the activities of its owner are being broadcast. And even if a phone isn't on all the time, there can still be enough information available to create an accurate profile. Comcast, Verizon, Telekom and the BKA, they've got all our data squirreled away.
Surveillance
Moxie Marlinspike: The Coder Who Encrypted Your Texts
Signal, the first iOS app designed to enable easy, strongly encrypted voice calls for free and encrypted
text messaging
Apple download and Signal 2.0 lets you
send
end-to-end encrypted messages to users on different platforms for free, no matter which smartphone you
own,
and no login, no username, no PIN required. Signal 2.0 allows users to send end-to-end encrypted group,
text, picture, and video messages between Signal on iPhone and TextSecure on Android.
- Surveillance Company software that will Monitor Employees and Dissadents / Protestors.
- Cell phone hackers can track your physical location without your knowledge
- free apps eat up your phone battery just sending ads
This article is rather provocative when we take into account that most cell phone users are facing caps on their service. - Which cellphone carriers store your data the longest?
- Cell Phone Data Mapping 2011 - the cell phone can be one of the primary pieces of evidence. It usually contains content and metadata (information about content, such as a date/time stamp or geotag on an image or video).
- Selling your old phone
Big Brother Big Business - Invasion of Privacy New York businessman Adam Yuzuk's tells us how his personal cell phone records were repeatedly stolen. Private Eye veteran Ernie Rizzo explains how easy it is to obtain private cell phone records and much more. - iPhone data trail EVIDENCE NEVER DELETED
Criminals who use device may be left without alibi - Removing Iphone Encryption
- iPhone's remote-wiping
- iPhone hackers can use popular jailbreaking tools such as Red Sn0w and Purple Ra1n to install a custom kernel on the phone.
- Android saves screenshots of browser sessions.
- Ten dangerous claims about smart phone security and the NIST Network Security Guidelines
- T/Cingular's Voicemail system Exploit Cingular Voicemail Vulnerability has not been fixed since 2006: via Caller ID Spoofing, now available in the Ipone app store using Spoofcard.
Professor Blaze Goes To Washington 6/24/10
House Judiciary Committee Hearing on "ECPA Reform and the Revolution in Location-Based Technologies
and
Services". My testimony [pdf]
will focus on the technical: how modern cell phones and wireless services calculate location, and
how accurately they can track and record users' positions and movements. This is all in the
context of surveillance: when the government gets a pen register order against a cell phone, for example,
what information do (or should) they get about the target's location and movements compared with other
kinds of tracking technology? Other witnesses will include (among others) a special agent (from the
Tennessee Bureau of Investigation) who does electronic surveillance, and a federal magistrate judge who
has
to sort out the legal issues when the government requests tracking information about a suspect. The
hearing
promises to be an interesting glimpse into how location tracking actually works in criminal
investigations.
Witnesses Testimony - Matt Blaze - is there and 17-page
statement from Houston U.S. Magistrate Judge Stephen Smith. His main point: the process for legally
tracking users' phones for criminal investigations is much too secret. According to Smith, over 10,000
orders are filed for electronic surveillance every year at the federal level. Most of those are issued
"under seal," meaning they're not available for public review. Smith complains that almost
none of those secret tracking orders are ever made public, even long after the investigation ends.
Electronic Communications Privacy Act (ECPA) doesn't explain who can be surveilled. Judge Smith writes, the
public
has a right to know. "It may well be that a fully-informed public would not object to this tradeoff
in
personal privacy for the sake of more efficient law enforcement," he writes in his testimony.
"The
problem is, due to the ECPA's regime of secrecy, the public is not fully informed, and can only be
dimly
aware of the depth and breadth of surveillance carried out under current law."
Don't Trust That Cell Phone
Text Message
Text Msg Tool Simplifies iOS SMS-Spoofing 2012
A weakness he recently highlighted in the SMS feature of Apple's iOS that could allow an attacker to
spoof the sender of a text message.
http://www.darkreading.com/mobile-security/167901113/security/vulnerabilities/240005872/don-t-trust-that-text-message-tool-simplifies-ios-sms-spoofing.html
"discreet"
SIM card
SIM Subscriber Identity Module Card
intended to keep satellite phone transmissions from being pinpointed within 250 miles (400 kilometers), if
they can be detected at all. This type of SIM card is not available on the open market and is distributed
only to governments, according to an official at a satellite telephone company familiar with the
technology
and a former U.S. intelligence official who has used such a chip. The officials, said the chips are
provided
most frequently to the Defense Department and the CIA, but also can be obtained by the State Department.
Cell Phone
Blue Tooth
Just Snarf it Dude!
Use a pringles can to extend the range of your bluetooth and snarf away.
CALEA Communications Assistance for Law Enforcement Act.
CALEA, passed in 1994, gives the FBI the ability to easily tap landline and cell phone calls. As written,
CALEA had originally included some exemptions for Internet-based systems, but the FBI convinced the
Federal
Communications Commission that they should not apply to VoIP traffic. As a result, VoIP operators in the
US
will need to make their systems wiretap friendly. Despite appearances, nothing we do on the Internet is
truly anonymous.
- ESBI Phone Bill Scam advice from security expert Marcus Ranum.
- Cramming
HOW PHONE COMPANIES STEAL MONEY
phone bills virtually indecipherable. Help to make this stop Call
AT&T 800-288-2747, Comcast 800-266-2278
Qwest 800-491-0118, Verizon 800-837-4966
How To:
- How to send text to a any cell phone
- Stop Verizon from giving your information to vendors
- turn off Verizon voice mail
- Cell Phone Jamming Device - though illegal, new device
- Unlock the iPhone
CHINA
China overtook the U.S. to become the world's largest market for smartphones in the first quarter,
according to research firm Canalys, and it's a market dominated by Android. China's Ministry of Commerce
said almost 74% of the country's mobile devices use Google's Linux-based operating system. In a written
announcement China's Ministry of
Commerce
said it approved the acquisition on the “additional restrictive condition” that Google would continue to
make Android, its mobile-device operating system, gratis and accessible to all device makers without
discrimination. Keep Android free for another five years that's what Beijing required of Google before
antitrust authorities were willing to give the go-ahead for the Internet search giant's $12.5 billion
acquisition of Motorola
Mobility.
http://ow.ly/b5XpW
Protect Kids
PROTECT KIDS - cell phone radiation causes Cancer
Social-Networking drives the next-generation cellphone market. What kids can do with their cell phones now.
- children used Nexus One smartphones, and with the help of probes that zipped bluetooth signals to the phones, the children tested the air for carbon monoxide, particulate matter and noise pollution.
- JuiceCaster 2.0 for phone-created Web content (enabling more kid-produced media on the Web).
- Sprint Nextel Corp. introduced a new service called Family Locator that lets parents track their kids' whereabouts, using the GPS capabilities in each child's cellphone.
- Wall Street Journal on parental controls for mobile phones 2007
Screenagers: Cut screen addiction for a week
Banning TV and computer use at her house for a week was the fact that her two sons, 8 and 10, are pretty
outdoorsy and they aren't yet teenagers (aka social networkers). On Day 2, it's like having
toddlers
again (no time to one's self, etc.). Day 4 is the high point - when all the rewards are glimpsed. Day
6
sees a relapse, find tips that help.
MeetMoi cellphone service, Internet dating
one can receive a potential dates profile (that of a person whos selected by MeetMoi for his/her physical
proximity) via text message and set up an encounter minutes away. It allows you to update your nearby
prospects as you move around. Zogos another such service, and the giant Web-based Match.com is adding this
mobile capability to its service. Another example, Fast Flirting, allows users to sign into a virtual
lobby
where they can select a flirting partner based on factors such as age and location for $3 a month. Its new
but theres a market, the Journal says - 3.6 million US cellphone users having accessed a dating service
from
their mobile phone in March. There are safety mechanisms in place on many services (e.g., MeetMoi shares
profiles without revealing actual location users do that) but, if teens are using them, parents
might want to ask if they've tried such services and are taking advantage of safety
features.
WHY CAN'T YOU HEAR ME NOW?
Radio Opaque Walls and Windows
A well insulated house is insulated not only against energy loss but against cell phone coverage."High-E" coated window glass nearly impenetrable barrier to microwaves, Concrete Walls, , insulation consisting of styrofoam or bubble wrap coated with metal foil (which reflects radiant energy), are why your cell phone doesn't work. The FCC's "Over the Air Receiving Device" (or OTARD) rules state that if a tenant rents an entire building, he or she has the right to mount an antenna on it. A landlord, homeowner's association, etc. cannot say "no."
VOIP SECURITY
Vulnerability researchers Humberto Abdelnur, Radu State and Olivier Festor claimed the exploit could allow a remote attacker to turn a VoIP phone into an eavesdropping device, citing a Grandstream SIP phone as an example.
Session Initiation Protocol (SIP) devices can be vulnerable to
eavesdropping.
2007
If you use SIP enabled VoIP services, beware. SIP is used by Voice over IP (VoIP) software and hardware to
provide digital phone service directly over the Internet, thus bypassing the telcos' analog switched
networks and related long-distance charges. Skype is a VoIP service that uses SIP, for one example, and
many
ISPs and third parties offer VoIP.
Listen to SIP Phones Even When They are on the Hook
Late last year it surfaced that the FBI has used cellphones as "roving bugs", listening to
conversations even when the targeted cellphones were turned off. Now a post on the
"full-disclosure" list has revealed that SIP devices can be similarly vulnerable to covert
listening. The Australian IT security firm Snnet Beskerming has written a commentary about the
implications.
It writes: "The research that was published indicates that, for at least one vendor, it is possible
to
automatically call a SIP device from that vendor and have it silently accept the call, even if it is still
on the hook - instantly turning it into a classic bugged phone. Whereas historic telephony bugs needed
physical targeting of the line running to a property or place of business, the presence of VoIP in the
equation allows bugging from anywhere in the world with equal ability. Now anyone can do from their
armchair
what only spies and law enforcement used to be able to do from inside the telephone switch / pit /
distribution
board, though it's still illegal to do so."
WHY VOIP NEEDS CRYPTO Security impact of VoIP technology 2006
NOW YOU CAN GET THE CRYPTO YOU NEED
Voylent is a client for cellphones that encrypts voice conversations. The client has been tested only a few models, mainly Nokia S60 with Symbian OS. The full list of devices it runs on is included in the release notes & FAQ.
Can You Keep A Secret? Discussing Encryption in 1998
Federal Bureau of Investigation, are clashing with cyberlibertarians and powerful commercial interests over efforts to extend controls on so-called strong encryption to domestic uses.
RIM has agreed to provide authorities in Saudi Arabia with security codes that will enable them to read encrypted text messages on the BlackBerry Messenger service.
First Trojan Spy for Symbian Phones
March 29, 2006
Today we heard of a rather interesting new Symbian malware application named Flexispy.A. It's a
Symbian
trojan spy that records information about the victim's phone calls and SMS messages, then sends them
to
a remote server. What makes this interesting is that Flexispy. A is a trojan spy written by a company for
commercial reasons. The company claims that it's a useful tool for catching a cheating spouse. By
installing the application on the phone they can monitor to whom the victim is calling and what SMS
messages
he or she is sending. The company even claims that Flexispy is not a trojan. However, this application
installs itself without any kind of indication as to what it is. And when it is installed on the phone it
completely hides itself from the user. So the application could easily be used by malware installing it as
part of its payload, or a hacker could simply send it to a victim over Bluetooth and trust that there are
enough curious people to install it.
Not to mention the fact that spying on people's private communication is illegal in most countries
around the world. And the fact that all of the information is stored on the FlexiSpy servers, puts the
company in a rather interesting light.
So yes, FlexiSpy is indeed a trojan and we have added the detection to our F-Secure Mobile Anti-Virus so
that any user who has a phone that has been infected with this trojan will get a warning that someone is
spying on them.
Whistle-Blower Outs NSA Spy Room
AT&T provided National Security Agency eavesdroppers with full access to its customers' phone
calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room
in its San Francisco switching center.On March 14, Zimmermann released a beta version of the widely
anticipated Zfone. The software is currently available only for OS X (Tiger) and Linux, though a Windows
version is due in April.
Zfone is designed to work with VoIP clients that use the industry standard SIP protocol, and has been
tested
with clients such as X- lite, Free World Dialup and Gizmo Project.
Researchers Crack Code In Cell Phones
by John Markoff Issue: Encryption
Description: A group of Univ. of California computer researchers announced Monday that
they had successfully cracked the world's most widely used encryption code that is designed to
prevent the cloning of digital cellular phones. The researchers believe that the system, known
as
Group Speciale Mobile standard, or GSM, was deliberately weakened to permit government
surveillance. GSM is used in about 80 million cellular phones around the world and in about 2 million
phones
in the U.S. The researchers broke the code by "using a computer to determine a secret identity number
stored in the Subscriber Identity Module, or SIM, a credit cardlike device inside the
phone." But what was even more interesting than the security threat, was that "the
cracking code yielded a tantalizing hint that a digital key used by GSM may have been
intentionally weakened during the design process to permit government agencies to eavesdrop on
cellular telephone conversations." Both the researchers and officials from cellular phone
companies said yesterday that the threat of cloning was "extremely remote" in comparison to the
vulnerability of analog cellular phones. also see [source]
Record encryption puzzle cracked -- finally ZDNet
The broken encryption method is widely expected to secure next-generation wireless
devices.
But is the break such bad news?
By Robert Lemos, ZDNet News UPDATED April 14, 2000 7:06 AM PT
http://www.zdnet.com/zdnn/stories/News/0,4586,2542359,00.html
An encryption method widely expected to secure next-generation wireless phones
and
other devices succumbed to a brute-force collaborative effort to break it, a French research agency
announced Thursday.
An international team of researchers -- led by crypto researcher Robert Harley of the French National
Institute for Research in Computer Science and Control, or INRIA -- and other computer enthusiasts found
the
108-bit key to a scrambled message after four months of number crunching by 9,500 computers
worldwide.
<snip>
Easy Listening (for Big Brother) Jun 12 2000http://www.mercurycenter.com/premium/opinion/edit/CELLPHONES.htm
EASY LISTENING: Government must rewrite cell phone eavesdropping rules to provide
judicial oversight and incorporate privacy concerns.
SIX years ago, Congress approved a bill to help law enforcement keep pace with the digital world. The
purpose was straightforward: Make sure that the FBI and police hold onto the same kind of wiretapping
capabilities they had before cellular phones complicated electronic surveillance.
Skip ahead to this month.
Within weeks, the government will have new powers to eavesdrop on you that go beyond
maintaining the status quo. That's when the first set of defective rules crafted by the Federal
Communications Commission is scheduled to be implemented. Others take effect next year.
The rules need to be revised. If not, law enforcement agencies will be able to follow and monitor cellular
phone users in ways that Congress never envisioned. Here's one example: Investigators will be able to track the physical locations of cellular phone
users, pinpointing your whereabouts at the beginning and end of every call. In essence,
wireless phone systems will be transformed into giant tracking networks....
Pre Paid Mobile Phone
2006 Apparently China is planning on requiring mobile phone users to register with the operators and show their identity papers. The above article says it is "the latest move in the nation's fight against unsolicited advertisements, fake educational certificates and bank fraud via short messages." I'm sure here in the U.S. we can come up with a homeland security justification for needing to show papers before buying a prepaid mobile phone. Can prepaid calling cards be next? APPLE Iphone and Ipad made in China
Pre-paid mobile phones
Tell them you don't want to give an address they will fill in the address of the store. The
salesperson
wants to make a sale, after all, not enforce pointless rules. Pointless because there is an anonymous
aftermarket in prepaid phones and SIM cards. Buying a prepaid SIM card or even prepaid phone when you
visit
a country for more than a few days is a wise choice, considering both roaming charges and the cost of
people
to phone you at a foreign number. We are now starting to see kiosks to sell SIMs in the arrivals hall of
some airports. However, it is reported that quite commonly hostels operate a cheap and anonymous used
market
in prepaid phones and cards, where people buy the cheap phone (perhaps $10 or so, more if there's
airtime in it) and sell it back for a similar price. It makes sense for the cost conscious hostel guest.
As
long as these markets exist, "bad guys" will be able to get anonymous phones, and all this other
tracking is a waste of time and invasion of privacy. And even if they should ban these markets, I doubt
they
would eliminate them, any more than they eliminate other black and gray markets in products people want.
HOW GOVERNMENT SPYS ON YOU
Since the 1986 Electronic Communications Privacy Act:
Police / Government Warrantless tracking of cell phones
-- Police may obtain "communications that are not readily accessible to the public only with a
search
warrant."
-- Police may access "location information regarding a mobile communications device only with a
warrant."
-- Police may access to outgoing and incoming call records, which are known as pen registers and trap and
trace devices.
-- Police can ask AT&T or any other Telco for information about anyone connecting to one cell site at
a
certain time, ask for anyone searching for "weaponized anthrax" on a specified date.
Okay, so, we have all known cell phones are "dangerous"
Stepping out of the cellular protocols security and vendor-side systems, and forgetting for a second about
interception of transmissions through the air, Trojan horses/worms that may install themselves on the cell
phone and even bluetooth risks, there is the long talked of risk of "operating" a regular
un-tampered cell phone from a far and the risk of modified devices.
Sorry for stating the obvious, but cell phones are
transmitters.
For years now paranoid people and organizations claim that eavesdropping through
a
cell phone is a very valid risk. Much like somebody pressing "send" by mistake during
a
sensitive meeting is a very valid yet different risk.
Some of the stricter organizations ask you to do anything from (top to bottom) storing the cell
phone in a safe, through shutting it off or removing the battery, and all the way to *only*
"don't have that around here while we are in a meeting". Then again.. *most* haven't
even
heard of this risk.
Forgetting even this risk, many of us even ignore the obvious. I usually ask people who talk to me while
I'm on the phone "even if the NSA (for example) is not interested in what I have to say or not
capable of intercepting it and even that I don't care if they heard my conversations... Should the
person I talk to hear our conversation?"
Lately there seems to be some more awareness about the "dangers" of cell phones. Knowing which
risk is more of a threat than the other is another issue.
It seems to me that other than in the protocols, where there has been a serious learning curve (and GPRS
seems very promising), cellular companies keep doing the same mistakes, and we can see the security
problems
of the PC world reappearing in cell phones, much like those of the main frames
re-appeared
in PC's (to a level).
History repeated. Heck, I can't even disable Java or the web browser in most cellular computers (we
really should refer to them as computers now).
Here are some URL's on the subject:
Here is a product for sale, a cellular phone BUILT for eavesdropping:
http://wirelessimports.com/ProductDetail.asp?ProductID=347
Also, check out the IEEE Pervasive article that mentions this problem area, although discusses more the
issue of malware:
http://csdl.computer.org/comp/mags/pc/2004/04/b4011abs.htm
Or Google for "symbian +virus", for example.
Cell phones won't keep your secrets August 30,
2006
The married man's girlfriend sent a text message to his cell phone: His wife was getting suspicious.
Perhaps they should cool it for a few days. "So," she wrote, "I'll talk to u next
week." "You want a break from me? Then fine," he wrote back.
Later, the married man bought a new phone. He sold his old one on eBay, at Internet auction, for $290. The
guys who bought it now know his secret. The married man had followed the directions in his phone's
manual to erase all his information, including lurid exchanges with his lover. But it wasn't
enough.
Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All
sorts
of sensitive information pile up inside our cell phones, and deleting it may be more difficult than you
think.
A popular practice among sellers, resetting the phone, often means sensitive information appears to have
been erased. But it can be resurrected using specialized yet inexpensive software found on the Internet. A
company, Trust Digital of McLean, Virginia, bought 10 different phones on eBay this summer to test
phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of
working with corporate e-mail systems. Curious software experts at Trust Digital resurrected information
on
nearly all the used phones, including the racy exchanges between guarded lovers.
The other phones contained:
* One company's plans to win a multimillion-dollar federal transportation contract.
* E-mails about another firm's $50,000 payment for a software license.
* Bank accounts and passwords.
* Details of prescriptions and receipts for one worker's utility
payments.
The recovered information was equal to 27,000 pages -- a stack of printouts 8 feet high. "We found
just
a mountain of personal and corporate data," said Nick Magliato, Trust Digital's chief executive.
Many of the phones were owned personally by the sellers but crammed with sensitive corporate information,
underscoring the blurring of work and home. "They don't come with a warning label that says,
'Be careful.' The data on these phones is very important," Magliato said.
One phone surrendered the secrets of a chief executive at a small technology company in Silicon Valley. It
included details of a pending deal with Adobe Systems Inc., and e-mail proposals from a potential Japanese
partner: "If we want to be exclusive distributor in Japan, what kind of business terms you
want?"
asked the executive in Japan. Trust Digital surmised that the U.S. chief executive gave his old phone to a
former roommate, who used it briefly then sold it for $400 on eBay. Researchers found e-mails covering
different periods for bothmen, who used the same address until recently. Experts said giving away an old
phone is commonplace. Consumers upgrade their cell phones on average about every 18 months. "Most
people toss their phones after they're done; a lot of them give their old phones to family members or
friends," said Miro Kazakoff, a researcher at Compete Inc. of Boston who follows mobile phone sales
and
trends. He said selling a used phone -- which sometimes can fetch hundreds of dollars -- is increasingly
popular.
The 10 phones Trust Digital studied represented popular models from leading manufacturers. All the phones stored information on "flash" memory chips,
the
same technology found in digital cameras and some music players.
Flash memory is inexpensive and durable. But it is slow to erase information in ways that make it
impossible
to recover. So manufacturers compensate with methods that erase data less completely but don't make a
phone seem sluggish.
Phone manufacturers usually provide instructions for safely deleting a customer's information, but
it's not always convenient or easy to find. Research in Motion Ltd. has built into newer Blackberry
phones an easy-to-use wipe program. Palm Inc., which makes the popular Treo phones, puts directions
deep
within its Web site for what it calls a "zero out reset." It involves holding
down three buttons simultaneously while pressing a fourth tiny button on the back of the phone. But
it's
so awkward to do that even Palm says it may take two people. A Palm executive, Joe Fabris, said the
company made the process deliberately clumsy because it doesn't want customers accidentally erasing
their information.
Trust Digital resurrected erased e-mails and other information from a used Treo phone provided by The
Associated Press for a demonstration after it was reset and appeared empty. Once the phone was reset using
Palm's awkward "zero-out" technique, no information could be recovered. The AP already used
that technique to protect data on its reporters' phones.
"The tools are out there" for hackers and thieves to rummage through deleted data on
used
phones, Trust Digital's chief technology officer,Norm Laudermilch, said. "It
definitely
does not take a Ph.D." Fabris, Palm's director of wireless solutions, said the company may warn
customers in an upcoming newsletter about the risks of sellingtheir used phones after AP's inquiries.
"It might behoove us to raise this issue," Fabris said. Dean Olmstead of Fresno, California,
sold
his Treo phone on eBay after using it six months. He didn't know about Palm's instructions to
safely
delete all his personal information. Now, he's worried. "I probably should have done that,"
Olmstead said. "Folks need to know this. I'm hoping my phone goes to a nice person." Guy
Martin of Albuquerque, New Mexico, wasn't as concerned someone will snoop on his secrets. He also sold
his Treo phone on eBay and didn't delete his information completely. "I'm not that kind of
valuable person, so I'm not really worried," said Martin, who runs the www.imusteat.com Web
site.
"I guarantee that three-quarters of the people who buy these phones don't think about
this."
Trust Digital found no evidence thieves or corporate spies are routinely buying used phones to mine them
for
secrets, Magliato said. "I don't think the bad guys have figured this out yet." President
Bush's former cybersecurity adviser, Howard Schmidt, carried up to four phones and e-mail devices --
and
said he was always careful with them. To sanitize his older
Blackberry devices, Schmidt would deliberately type his password incorrectly 11
times,
which caused data on them to self-destruct. "People are just not aware how much
they're exposing themselves," Schmidt said. "This is more than something you pick up and
talk on. This is your identity. There are people really looking to exploit this." Executives at
Trust
Digital agreed to review with AP the information extracted from the used phones on the condition AP would
not identify the sellers or their employers. They also showed AP receipts from the Internet auctions in
which they bought the 10 phones over the summer for prices between $192 and $400 each. Trust Digital said
it
intends to return all the phones to their original owners, and said it kept the recovered personal
information on a single computer under lock and disconnected from its corporate network at its
headquarters
in northern Virginia. Peiter "Mudge" Zatko, a respected computer security
expert,
said phone owners should decide whether to auction their used equipment for a few hundred dollars -- and
risk revealing their secrets -- or effectively toss their old phones under a large truck to dispose of
them.
What about a case like the Lothario whose affair Trust Digital discovered? "I'd run over the phone," Zatko said. "Maybe
give it an acid bath."
Tracking anonymous peer-to-peer VoIP traffic over the Internet is possible (PDF). In fact, it can be done even if the parties have taken some steps to disguise the traffic.
From Cell phones to VoIP and law enforcement
IN A DISASTER
YOU CAN'T
TRUST CELL PHONES
Spectrum Warfare
The means by which a military seizes and controls the electromagnetic radiation that makes all wireless communication possible. It is well known that America's military dominates both the air and the sea. What's less celebrated is that the US has also dominated the spectrum, a feat that is just as critical to the success of operations. Communications, navigation, battlefield logistics, precision munitions—all of these depend on complete and unfettered access to the spectrum, territory that must be vigilantly defended from enemy combatants. Having command of electromagnetic waves allows US forces to operate drones from a hemisphere away, guide cruise missiles inland from the sea, and alert patrols to danger on the road ahead. Just as important, blocking enemies from using the spectrum is critical to hindering their ability to cause mayhem, from detonating roadside bombs to organizing ambushes. As tablet computers and semiautonomous robots proliferate on battlefields in the years to come, spectrum dominance will only become more critical. Without clear and reliable access to the electromagnetic realm, many of America's most effective weapons simply won't work. “Now anybody can go to a store and buy equipment for $10,000 that can mimic our capability,” says Robert Elder, a retired Air Force lieutenant general who today is a research professor at George Mason University. Communications jammers are abundant on global markets or can be assembled from scratch using power amplifiers and other off-the-shelf components. And GPS spoofers, with the potential to disrupt everything from navigation to drones, are simple to construct for anyone with a modicum of engineering expertise.
A SATELLITE PHONE
Satellite phone encryption cracked
German academics said they had cracked two encryption systems used to protect satellite phone signals and
that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent.
Hundreds of thousands of satellite phone users are thought to be affected. "We were able to
completely
reverse engineer the encryption algorithms employed," said Benedikt Driessen and Ralf Hund of
Ruhr University Bochum as they announced their report, "Don't
Trust Satellite Phones".
The main problem is no communication connectivity and
telecommunications will breakdown
Satellite phones work in emergencies, transmit calls through networks of
low-earth-orbiting satellites technically capable of transmitting calls anywhere on earth, BUT they have
the
drawback of not working inside buildings and being much heavier and more expensive than cell phones.
Trusting cell phones to work in many emergency situations can be dangerous or
fatal.
Two firms -- Iridium and Globalstar -- dominate the
satellite-phone market. Cell phones become useless from call traffic overloading, power cutoffs, microcell
batteries running down within a couple of days, power failures can turn regional cellular networks into
largely useless hardware in short order. Organizations should not depend on inexpensive cell phones rather
than the expensive dedicated radio equipment. Newer satellite phones commonly sell for
$1,000 to $1,500 dollars. Monthly calling plans aren't cheap either. Iridium subscribers typically pay between $1 and $1.50 a minute for air time.
Why cell phone outage reports are secret
Consumers have no idea how reliable their cell phone service will be when they buy a phone and sign a
long-term contract. The Federal Communications Commission could offer some guidance, but it
won't. The agency refuses to make public a detailed database of cell phone provider outages that it
has maintained since 2004. A federal Freedom of Information Act request for the data, filed in
August by MSNBC.com, has been rejected by the agency. The stated reasons: Release of the information could
help terrorists plan attacks against the United States, and it would harm the companies involved. [The
refusal to release the records "on the grounds it might harm the companies involved" is
especially
egregious and blatant. The feds are not supposed to be protecting the telcos against their customers'
legitimate grievances.]
Mark Woods secretary of the international cellular emergency alert
services association (CEASa)
LOCKED UNLOCK CELL PHONES
Step by Step guide to jailbreak and unlock IPone 3.0
How do you get out of your current contract?
Sites help free cellphone users from contracts 1/1/07
Internet cottage industry of companies that help liberate people from their contracts. The websites,
Celltradeusa.com , Resellular.com , and CellSwapper.com, provide online marketplaces where customers
trying
to get out of their contracts can connect with people willing to take over the remainder of their
contracts,
for a fraction of the typical $175 termination penalty. Customers post an online advertisement with the
details of their contract, and any benefits they're willing to throw in -- such as a free Blackberry,
a
Bluetooth headset, or money toward the contract. The services charge $19.99 at Celltradeusa.com and $14.99
at Resellular.com to people trying seeking to get out of their contracts. CellSwapper.com is still a beta
version. Once a person who wants to get out of a contract is matched with a person who wants to get in,
the
transfer must be made through the wireless provider. That type of transfer is already available to
customers
who call their providers and have a relative or friend willing to go through a credit check and legally
take
over the rest of the contract. But these Internet services allow people to look beyond their immediate
friends and connect with a nationwide network of people.
Cell Phone Speed Test - verify Edge Speed
LIFELINE
Lifeline program in 1985, during the Reagan administration. In 2005, under President
George W. Bush, the FCC expanded the program to cover low-cost cellular service. The program pays
for phone service, not the phones themselves. But many companies that receive funding through
the
program offer free and low-cost phones to their subscribers. The discounts average $9.25 per month for
qualifying households, and the program is funded through fees that the telephone companies pass on to
consumers on their monthly bills.
The point of the program is to ensure that everyone has access to basic communications services,
especially
during emergencies. For more than 25 years, the Lifeline program has played a vital role in ensuring that
the neediest among us stay connected to our communications networks," FCC Chairman Julius Genachowski
said in a statement earlier this year 2012. But even the FCC acknowledges
that
the costs of the program have ballooned in recent years. By 2011, Lifeline was costing phone subscribers
$1.75 billion per year. Genachowski said the program "created perverse incentives for some
carriers" and "invited fraud and abuse." Rep. Tim Griffin (R-Ark.) has
attacked Lifeline as a "government-run, taxpayer-funded program that's running
wild and costing more and more." He authored a bill that would ban Lifeline from supporting cellphone
service. In January, the FCC overhauled the program in an attempt to bring down its cost.
The commission toughened eligibility standards and created a database to ensure that multiple companies
were
not receiving subsidies to provide service to the same customer. The reforms are on track to bring down
the
cost of the program by $200 million this year and $2 billion over three years, according to the FCC.
Collection of secret codes for your mobile with Android OS (Can be Called as Android Tricks). These codes
enables you to access the hidden options which are not shown by default on your device, and can be used
for
testing the functions of various utilities used by your mobile.
DISCLAIMER: USE AT YOUR OWN RISK
Note: We Cannot guaranty that these codes will work on all Android
mobiles! These codes are used only by technicians, So be
careful
with them and use it at your own risk.
Hidden Android Codes
*#06# - Display's IMEI number.
*2767*3855# - This code will Format your device to factory state (will delete everything on
phone).
*#*#4636#*#* - Display's Phone information, usage statistics and battery.
*#*#273282*255*663282*#*#* - This code will Immediately backup of all media files.
*#*#197328640#*#* - This code will Enable test mode for service.
*#*#1111#*#* - Will display FTA software version.
*#*#1234#*#* - Will show PDA and firmware version.
*#*#232339#*#* - Wireless LAN tests.
*#*#0842#*#* - This code is used for Backlight/vibration test.
*#12580*369# - Display's Software and hardware info.
*#*#2664#*#* - This code is used for Testing the touchscreen.
*#9900# - System dump mode.
*#9090# - Diagnostic configuration.
*#*#34971539#*#* - Will display Detailed camera information.
*#872564# - USB logging control.
*#301279# - HSDPA/HSUPA Control Menu.
*#7465625# - This code will display phone's lock status.
*#0*# - Enter the service menu on newer phones like Galaxy S III.
*#*#7780#*#* - Reset the /data partition to factory state.
Basic Codes:
*#*#7780#*#* - This code is used for factory restore setting.This will remove Google account setting
and System and application data and settings.
*2767*3855# - This code is used for factory format, and will remove all files and settings including
the internal memory storage. It will also re install the firmware.
*#*#4636#*#* - This code show information about your phone and battery.
*#*#273283*255*663282*#*#* - Quick Backup This code opens a File copy screen where you can backup
your
media files e.g. Images, Sound, Video and Voice memo.
*#*#197328640#*#* - This code can be used to enter into Service mode. You can run various tests and
change settings in the service mode.
*#*#7594#*#* - This code enable your "End call / Power" button into direct power off
button
without asking for selecting any option(silent mode, aero plane and power-off).
*#*#8255#*#* - This code can be used to launch Google Talk Service Monitor.
*#*#34971539#*#* - This code is used to get camera information. Please avoid update camera firmware
option.
W-LAN, GPS and Bluetooth Test Codes:
*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - W-LAN test (Use “Menu” button to start various
tests).
*#*#232338#*#* - Shows WiFi MAC address.
*#*#1472365#*#* - GPS test.
*#*#1575#*#* - Another GPS test.
*#*#232331#*#* - Bluetooth test.
*#*#232337#*# - Shows Bluetooth device address.
Codes to launch various Factory Tests:
*#*#0842#*#* - Device test (Vibration test and BackLight test).
*#*#0588#*#* - Proximity sensor test.
*#*#0*#*#* - LCD test.
*#*#2664#*#* - Touch screen test.
*#*#2663#*#* - Touch screen version.
*#*#0283#*#* - Packet Loopback.
*#*#0673#*#* OR *#*#0289#*#* - Melody test.
*#*#3264#*#* - RAM version.
Code for firmware version information:
*#*#1111#*#* - FTA SW Version.
*#*#2222#*#* - FTA HW Version.
*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number.
*#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate.
*#*#1234#*#* - PDA and Phone.