Am 02.10.2011 um 19:32 schrieb Alex Samorukov: > On 10/02/2011 06:55 PM, Denis 'GNUtoo' Carikli wrote: >> On Sun, 2011-10-02 at 04:12 +0200, Rashid wrote: >>> "You may have heard about the Cellebrite cell phone extraction device >>> (UFED) in the news lately. It gives law enforcement officials the >>> ability to access all the information on your cell phone within a few >>> short minutes." >>> >>> http://translogic.aolautos.com/2011/04/29/police-device-used-to-steal-your-cell-phone-data-during-traffic/ >>> >>> Does it work at free runners too? (Well a debug board could probably do >>> it but hey). >> I guess no one got one to test... >> >> PS: I wonder what's the relation between rooting a phone and that >> device(does the device need to root the phone to gather certain >> informations?). >> > As one of the ex. libsyncml developer i can add some details. There is no > "magic" here. When you are connected by cable to the typical phone, you can: > > 1) Use syncml to fetch all contacts/notes/calendar events. There is no > authentication if you are using USB or Serial device. > 2) OBEX protocol over USB or Serial usually also allows you to fetch a lot of > information from phone. Including phone book contents, SMS and phone history. > 3) AT modem on the most cheap phones (again - no password over serial link) > also adds a lot of "extended" features, e.g. you can work with SMS, tel. > history, make phone calls, send sms`s (it is very useful for monitoring > software or gateways) etc. I was using this on > Siemens/Nokia/Motorolla/Sony-Ericson and other devices. I am not familiar > with protocol on modern iphones/androids, but i am expecting that they are > not protected on usb connection as well.
Usually, smartphones do not expose a direct AT command interface since they are separated into a radio module and a main CPU. Therefore they use the AT command interface completely internally. And, you can't easily connect them to a notebook and configure them as a serial interface and AT compatible modem, since nobody expects this as the state-of-the-art way of tethering. You do it through Ethernet over USB or WLAN. > So in practice its very easy to build such devices (with Linux on board, > hehe) and you don`t need to work in CIA for this, its could be done as > homebrew hardware. There is no known way to disable this functionality in > most of the phones. Locked/unlocked phone will work the same on such > interfaces. Any PDA with USB-Host-Mode could do it. You could even connect your old non-smartphone to an Openmoko through the USB-Host facility :) > Now back to OpenMoko. It depends on distro you are using (i am qtmoko user) > but typically there is nothing but ssh running on USB (USB over Ethernet). If > you setting up root password - then you are safe. There is no way to extract > any data without restarting the phone (or by using debug board, what is also > not possible w/o removing cover). If you are very paranoiac about this - you > can store all data in encrypted way (using standard Linux tools for this) and > disable all storage on the SIM card. > > The only problem i see in this method is that Police can get all this > information without touching your device, by requesting this information from > your network/roaming provider. There was an article in IEEE Spectrum last year that describes the status, background and future of this technology: http://spectrum.ieee.org/computing/software/cellphone-crime-solvers (full text) http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5491013 (citation) It focusses mainly on the benefits for some detective so solve a crime case. _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
