Sucking Data off of Cell Phones

Don't give someone your phone unless you trust them:

There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.

Another news article.

Posted on September 3, 2008 at 6:03 AM • 40 Comments

Comments

D0RSeptember 3, 2008 6:43 AM

I'd never hand my phone anyway to someone I do not trust, but this seems nasty to me especially because the attacker can grab large amount of data, quickly, and leaving no trace.

Frank B.September 3, 2008 7:02 AM

"Don't give someone your phone unless you trust them"... yes, like the US customs agent who wants to have a quick look at your laptop and your cell phone...

Lewis DonofrioSeptember 3, 2008 7:06 AM

Folks,

Well this goes back to the whole "Once you have physical access - all bets are off" mindset.

--I guess I'm glad phone still do not have a universal plug (even though my iPhone I guess is the closest to the universal plug around.)
__________________________________
Lewis Donofrio 734-355-0592
Sr. Windows/Unix Systems Administrator

ZimmerfanSeptember 3, 2008 7:18 AM

Zimmerman (my near relative) is working on zfone, for security between point A and point B. But what is also needed is a phone with encryption for the entire storage device. Anyone know if this is currently available on any phones?

ThijsSeptember 3, 2008 7:34 AM

Paraben announced the CSI stick on May 13, 2008 (http://www.paraben.com/news/csi-stick.pdf).
At that time the device claimed to support 330 models of Motorola and Samsung phones. It is almost 4 months later now and the device supports a little over 300 devices and still only Motorola and Samsung phones (taken from the list on the website). Somehow I got my doubts if they will be adding more devices soon.

katsSeptember 3, 2008 7:37 AM

BLackBerrys come with a user-visible "content protection" option that can be used to encrypt everything that gets persisted to flash. Win.

DaveShawSeptember 3, 2008 7:51 AM

There is also an application for HTC mobile devices than can be placed on a MicroSD Card to dump the entire contents to the card as soon as it is inserted.

Dave

BumSeptember 3, 2008 7:56 AM

@ kats
"BLackBerrys come with a user-visible "content protection" option that can be used to encrypt everything that gets persisted to flash. Win."

I recall news some time ago, about RIM considering some deal with Indian authorities - they required encryption keys to allow blackberry to operate in India, or something like this.

Michael RitterSeptember 3, 2008 8:03 AM

Most cell phones have some kind of backdoor, often via a (more or less specific) cable. The problem: encryption does not necessarily protect against this. It's like disk encryption: once the operating system is up and running, the disk is accessible via software.

SparkySeptember 3, 2008 8:22 AM

I find the "for law enforcement" part particularly dubious; if they can legally access your phone (when it has been seized, for instance), they have plenty of time to hook it up to a computer like the rest of us do, and if they can't legally access the phone, they shouldn't be doing it anyway, and any evidence is not only inadmissible in court, including any evidence found using the information taken from the phone.

MarceloRSeptember 3, 2008 8:22 AM

The second article linked to points to the fact that decryption is done on specialized software ( not so aptly named "DS Lite") installed in your computer once the collected data is uploaded from the device. In other words, a phone is added to the list of supported phones when the complete solution can guarantee delivery of plaintext from the phone's built-in encryption system.

CrashSeptember 3, 2008 8:24 AM

This isn't the only thing you need to worry about if someone has temporary physical access to your phone. There are software backdoors that can be installed on many phones in a short amount of time that will allow them to access your data remotely later as well. Search youtube for bluetooth hack for examples.

Clive RobinsonSeptember 3, 2008 8:41 AM

@ DOR,

"...attacker can grab large amount of data, quickly, and leaving no trace."

As this Paraben device is supposedly for forensic examiners just the time to mention forensics fundemental principle sugested by Edmund Locart in 1910,

"That every contact leaves a trace"

So in "theory" it's use should be detectable.

The thing is that Locart actually ment that transfer was two way ie from criminal to crime scene and from scene to criminal...

Which gives rise to the notion that the device or something similar could put data onto your phone...

How long before the "bad guys" get hold of the device and reverse engineer it to get the details of how to access the 300 odd phones...

JosephSeptember 3, 2008 9:32 AM

"Most cell phones have some kind of backdoor, often via a (more or less specific) cable."

Having worked for a large cell phone hardware producer, there is a good reason for the back door. 99% of cell phone users are clueless idiots who want to be able to take their phone into a cell store and get it "fixed", or recover data if it breaks, etc. Telling them "I'm sorry, you turned on content protection so there's no way I can get your data" just won't fly for these idiots.

kiwanoSeptember 3, 2008 9:41 AM

This just reinforces my desire for a mobile phone that's only a phone. Not a camera, alarm clock, day planner, address book, video game console, mp3 player, &c, &c, &c.

I'd really like to see a phone that does nothing more than allow you to dial a number, speak to the person at that number, switch to speakerphone so that you can do other things while on hold, and display the name and number calling (but only if the name comes from reasonably reliable caller ID information, rather than a stored addressbook).

I mean in our supposedly security-obsessed society, where is the widespread concern over the notion that every unused "feature" is a potential vulnerability?

Grumpy PhysicistSeptember 3, 2008 9:42 AM

Man, this is ANNOYING!

Why? Because I've been trying to get cellphone sync software for my Samsung for over a year, and the s/w makers are just dragging their feet.

And there it is on the Paraben list...grrr

Paraben SucksSeptember 3, 2008 9:56 AM

Having used Paraben's software for examining blackberries before, I wouldn't touch this thing with a bargepole. Buggy as hell, dodgy support staff, limited device support, dubious evidential integrity. FAIL.

MikeASeptember 3, 2008 10:16 AM

But will it work with _Verizon_ branded Motorola phones? They won't even allow _me_ to transfer data to or from the phone via cable or bluetooth, only via their network, at high prices.
I can see it now: "Thank you for your cooperation with the authorities, sorry for the delay while we uploaded your entire phone at 1xRTT, and by the way, you might want to look into a second mortgage to pay your next month's phone-bill"

2powerSeptember 3, 2008 10:26 AM

Small interface of both hardware and OS, make for easy overflow and hacks. Power gives power if you know what you doing...
If phone is easy to add a little button switch to phone, then for travel uses, you MIGHT be fine. Then again, they might confiscate item, and it is an easy find.
It would be uncool to microcode attack phone to dial out once a whatever with info. Other more devious possibilities are possible. Travel = rooted, for some. Travel sucks with tech.
Blackberry, haven't played with, or read much, but for some might be better than typical.
OpenMoko might be interesting once it gets mature. Would love to hear any comments on here.

Jeffrey W. BakerSeptember 3, 2008 11:15 AM

@Bum
"I recall news some time ago, about RIM considering some deal with Indian authorities - they required encryption keys to allow blackberry to operate in India, or something like this."

Uh, no. Quite the opposite. India started asking RIM for decryption keys for BlackBerry, and RIM told India to go pound sand. RIM's system is end-to-end from the customer's data center to the customer's phone, so there's no possibility of RIM giving anybody a back door.

Davi OttenheimerSeptember 3, 2008 11:38 AM

good advice. but i would say that in general, not just because of some paraben marketing material.

heh, when i go to the paraben site here is what i see:

"// Provide alternate content for browsers that do not support scripting // or for those that have scripting disabled. Alternate HTML content should be placed here."

want to bet on whether their systems have default passwords?

bottom line is that most cell phone software developers assumes single user. concurrent logins often cause serious data integrity issues such as mixing and corrupting records on remote servers. just another problem with sucking data...

bobSeptember 3, 2008 12:24 PM

Where do I buy a cellphone with a feature that discharges a high-power capacitor (like a camera flash power supply) out of the external data port?

sooth sayerSeptember 3, 2008 12:33 PM

Let's start reading dumbo blogs now - is this really security -- should be filed under dumb-ass-reads.

NostromoSeptember 3, 2008 3:00 PM

@Sparky:
"and any evidence is not only inadmissible in court,"

Boy, you sure are living in the past! You'll be quoting the old Constitution next.

EliSeptember 3, 2008 3:19 PM

@ 2power

The OpenMoko FreeRunner is already rather interesting. I'm running Debian on mine... there are a lot of possibilities that opens up, both for attack and defense. The data port is USB, and supports both device and host mode, but it seems you should be able to lock that down. Note that there are 2 copies of the firmware that would also need to be locked down. There is also a JTAG port inside the case, and a couple of other contacts, but that requires taking the phone apart.

PhillipSeptember 3, 2008 3:36 PM

But this is old technology! On the last season of 24 a bad guy had a fob (admittedly bigger than a BIC lighter) which stole everything off that cute blond's cell phone! And that was over a year ago! *snickers*

ModeratorSeptember 3, 2008 5:21 PM

Sooth sayer, this isn't YouTube. If you don't like the entry, take the time to make an actual argument explaining the problems you see with it.

mooSeptember 3, 2008 5:54 PM

@sooth sayer:
Besides, it's Bruce's blog, he can post whatever he wants here. Nobody is forcing you to read every entry he posts.

Ben FinneySeptember 3, 2008 7:38 PM

> Don't give someone your phone unless you trust them

A better lesson: Don't use a phone (or other device) with a proprietary operating system. Use one that allows such vulnerabilities to be fixed by the user community instead of just the vendor. http://www.openmoko.com/

2September 3, 2008 9:49 PM

Seems to me a big market for OpenMoko AND hardware modifications.
Sure would be great if somebody would help fund OpenMoko/OpenBSD work, and the 3G whitespaces for minilaptops.
Debian might be ok, but I'd rather go with a BSD system.
I bet some Cell phones are leaky Rf... Ipaq had a remote backdoor in it. Even STU-III phones had weaknesses, stay away from RF as well. Always an exploit.
Maybe a small ocean is needed for a ground. Now if only I could have a squid in a small ocean, in my cell phone.
Hopefully, OpenMoko can get a good community going.

Sooth sayer, not everyone is top notch, some are just starting out. Blogs like this stimulate the mind, and open doors for new minds.
Having some knowledge/awareness of current practices might help security.
Heck, even the TSA might learn some critical stuff, that a cell phone might have the plans in it for world domination through psychic mind reading by squids! AHHHH.

John David GaltSeptember 4, 2008 12:04 AM

@Zimmerfan: I like your idea of an end-to-end encrypted cell phone, but it will get nowhere in the US so long as the carriers mostly don't allow any phones on their networks except those purchased from and locked by them.

You and others who support your idea may want to check out IPAction.org, which is collecting signatures to persuade the FCC to issue a "cellular Carterfone decision" and let people use whatever devices they choose on the cellular networks.

FreeSeptember 4, 2008 2:22 AM

If you want a free product, try moto4lin under linux, for phones with usb connectors. I wonder if opensync would also work.

FreeSeptember 4, 2008 2:24 AM

If you want a free product equivalent to this Cellular Seizure Investigation Stick, try moto4lin under linux, for phones with usb connectors. I wonder if opensync would also work.

SparkySeptember 4, 2008 6:12 AM

@Nostromo: Not everyone where lives in the USA. I'd think nearly every country in western world would have such a clause in law somewhere, and just because the US constitution is "just a goddamn piece of paper", doesn't mean other all other countries have shredded their lawbooks.

There is something inherently wrong with this product, and claiming it's meant for law enforcement is only a rather pathetic attempt to distract from it's illegal applications.

thiefhunterSeptember 4, 2008 10:13 AM

"Don't give someone your phone unless you trust them"

Checked into a business hotel late last night. I watched a group of men and women clowning around:

Man: I want to put your phone number in my cell phone sweetie, what's your number?

Woman: Here, I'll do it. (She takes the phone and sits on the man's lap. After a minute or two, she holds it up to her ear.)

Man: Hey, don't call my wife. DON'T CALL MY WIFE! (He grabs for the phone. It smashes to the marble floor. She gets off his lap.)

Peter MaxwellSeptember 18, 2008 2:00 PM

From a securtiy perspective, mobile phones were a really bad idea right from the start. It can determine your location - and identify you in a crowd; it carries information on who you are talking to or communicating with - and when; it delivers the contents of those communications; and it usually goes with you wherever you are, able to pick up the conversation in the room. Not to forget that the insidious little blighter is still functioning even when you turn it off - you have to remove the battery to kill it.

This is the price we pay for convenience?


AnonymousDecember 28, 2008 4:49 AM

"There is also an application for HTC mobile devices than can be placed on a MicroSD Card to dump the entire contents to the card as soon as it is inserted.
Dave
Posted by: DaveShaw"

What application is this? Does anyone know the name for this one?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..