Re: phone extraction device
On Sun, 2011-10-02 at 04:12 +0200, Rashid wrote: You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes. http://translogic.aolautos.com/2011/04/29/police-device-used-to-steal-your-cell-phone-data-during-traffic/ Does it work at free runners too? (Well a debug board could probably do it but hey). I guess no one got one to test... PS: I wonder what's the relation between rooting a phone and that device(does the device need to root the phone to gather certain informations?). Denis. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: phone extraction device
On 10/02/2011 06:55 PM, Denis 'GNUtoo' Carikli wrote: On Sun, 2011-10-02 at 04:12 +0200, Rashid wrote: You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes. http://translogic.aolautos.com/2011/04/29/police-device-used-to-steal-your-cell-phone-data-during-traffic/ Does it work at free runners too? (Well a debug board could probably do it but hey). I guess no one got one to test... PS: I wonder what's the relation between rooting a phone and that device(does the device need to root the phone to gather certain informations?). As one of the ex. libsyncml developer i can add some details. There is no magic here. When you are connected by cable to the typical phone, you can: 1) Use syncml to fetch all contacts/notes/calendar events. There is no authentication if you are using USB or Serial device. 2) OBEX protocol over USB or Serial usually also allows you to fetch a lot of information from phone. Including phone book contents, SMS and phone history. 3) AT modem on the most cheap phones (again - no password over serial link) also adds a lot of extended features, e.g. you can work with SMS, tel. history, make phone calls, send sms`s (it is very useful for monitoring software or gateways) etc. I was using this on Siemens/Nokia/Motorolla/Sony-Ericson and other devices. I am not familiar with protocol on modern iphones/androids, but i am expecting that they are not protected on usb connection as well. So in practice its very easy to build such devices (with Linux on board, hehe) and you don`t need to work in CIA for this, its could be done as homebrew hardware. There is no known way to disable this functionality in most of the phones. Locked/unlocked phone will work the same on such interfaces. Now back to OpenMoko. It depends on distro you are using (i am qtmoko user) but typically there is nothing but ssh running on USB (USB over Ethernet). If you setting up root password - then you are safe. There is no way to extract any data without restarting the phone (or by using debug board, what is also not possible w/o removing cover). If you are very paranoiac about this - you can store all data in encrypted way (using standard Linux tools for this) and disable all storage on the SIM card. The only problem i see in this method is that Police can get all this information without touching your device, by requesting this information from your network/roaming provider. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: phone extraction device
On Sun, Oct 2, 2011 at 19:32, Alex Samorukov m...@os2.kiev.ua wrote: Now back to OpenMoko. It depends on distro you are using (i am qtmoko user) but typically there is nothing but ssh running on USB (USB over Ethernet). If you setting up root password - then you are safe. There is no way to extract any data without restarting the phone (or by using debug board, what is also not possible w/o removing cover). If you are very paranoiac about this - you can store all data in encrypted way (using standard Linux tools for this) and disable all storage on the SIM card. To be strict: On Freerunner there is also Calypso debug interface on headphones jack. So actually there are two things :) -- Sebastian Krzyszkowiak dos ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: phone extraction device
Am 02.10.2011 um 19:32 schrieb Alex Samorukov: On 10/02/2011 06:55 PM, Denis 'GNUtoo' Carikli wrote: On Sun, 2011-10-02 at 04:12 +0200, Rashid wrote: You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes. http://translogic.aolautos.com/2011/04/29/police-device-used-to-steal-your-cell-phone-data-during-traffic/ Does it work at free runners too? (Well a debug board could probably do it but hey). I guess no one got one to test... PS: I wonder what's the relation between rooting a phone and that device(does the device need to root the phone to gather certain informations?). As one of the ex. libsyncml developer i can add some details. There is no magic here. When you are connected by cable to the typical phone, you can: 1) Use syncml to fetch all contacts/notes/calendar events. There is no authentication if you are using USB or Serial device. 2) OBEX protocol over USB or Serial usually also allows you to fetch a lot of information from phone. Including phone book contents, SMS and phone history. 3) AT modem on the most cheap phones (again - no password over serial link) also adds a lot of extended features, e.g. you can work with SMS, tel. history, make phone calls, send sms`s (it is very useful for monitoring software or gateways) etc. I was using this on Siemens/Nokia/Motorolla/Sony-Ericson and other devices. I am not familiar with protocol on modern iphones/androids, but i am expecting that they are not protected on usb connection as well. Usually, smartphones do not expose a direct AT command interface since they are separated into a radio module and a main CPU. Therefore they use the AT command interface completely internally. And, you can't easily connect them to a notebook and configure them as a serial interface and AT compatible modem, since nobody expects this as the state-of-the-art way of tethering. You do it through Ethernet over USB or WLAN. So in practice its very easy to build such devices (with Linux on board, hehe) and you don`t need to work in CIA for this, its could be done as homebrew hardware. There is no known way to disable this functionality in most of the phones. Locked/unlocked phone will work the same on such interfaces. Any PDA with USB-Host-Mode could do it. You could even connect your old non-smartphone to an Openmoko through the USB-Host facility :) Now back to OpenMoko. It depends on distro you are using (i am qtmoko user) but typically there is nothing but ssh running on USB (USB over Ethernet). If you setting up root password - then you are safe. There is no way to extract any data without restarting the phone (or by using debug board, what is also not possible w/o removing cover). If you are very paranoiac about this - you can store all data in encrypted way (using standard Linux tools for this) and disable all storage on the SIM card. The only problem i see in this method is that Police can get all this information without touching your device, by requesting this information from your network/roaming provider. There was an article in IEEE Spectrum last year that describes the status, background and future of this technology: http://spectrum.ieee.org/computing/software/cellphone-crime-solvers (full text) http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5491013 (citation) It focusses mainly on the benefits for some detective so solve a crime case. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: phone extraction device
On 10/02/2011 07:36 PM, Sebastian Krzyszkowiak wrote: On Sun, Oct 2, 2011 at 19:32, Alex Samorukovm...@os2.kiev.ua wrote: Now back to OpenMoko. It depends on distro you are using (i am qtmoko user) but typically there is nothing but ssh running on USB (USB over Ethernet). If you setting up root password - then you are safe. There is no way to extract any data without restarting the phone (or by using debug board, what is also not possible w/o removing cover). If you are very paranoiac about this - you can store all data in encrypted way (using standard Linux tools for this) and disable all storage on the SIM card. To be strict: On Freerunner there is also Calypso debug interface on headphones jack. So actually there are two things :) Thank you for clarification - i forgot this. It is easy to fix by physically breaking this circuit (Calypso - headphones jack) :) But once again - from my point of view it does not make too much sense. Because provider will always transfer all your calls information to the government representatives. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
phone extraction device
You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes. http://translogic.aolautos.com/2011/04/29/police-device-used-to-steal-your-cell-phone-data-during-traffic/ Does it work at free runners too? (Well a debug board could probably do it but hey). ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community