Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Device to Grab Data From Cell Phones

Soulskill posted more than 6 years ago | from the yoink dept.

Cellphones 161

what about writes "Apparently there is a quick, simple, and undetectable way to grab all of your cellphone data. CNet reports on the Cellular Seizure Investigation (CSI) Stick, developed for law enforcement but available to the public, which 'connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.' I use mobile knox, a secure storage application, for my important data, but I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone."

Sorry! There are no comments related to the filter you selected.

quickie... (1)

Adolf Hitroll (562418) | more than 6 years ago | (#24811133)

well, I guess this might piss the genYers, but otherwise, who cares?

Citizens, Government and Corporate Users. (1)

westbake (1275576) | more than 6 years ago | (#24811347)

Anyone who does business with a device needs to use free software on that device or surrender themselves to intrusion like this.

Re:Citizens, Government and Corporate Users. (0)

ksd1337 (1029386) | more than 6 years ago | (#24812203)

Looks like Richard Stallman was right about telling us not to own a cellphone.

*duh* (0, Offtopic)

multipartmixed (163409) | more than 6 years ago | (#24811147)

Abby and McGee have had a copy of that for what... five seasons?

Plot Device Failure. (3, Insightful)

GNUChop (1310629) | more than 6 years ago | (#24811323)

This device will never be used to solve a real crime. Cell phone companies already keep the required records for billing. This will simply allow TSA and other would be snoops to dig into people's private business. I had to laugh when I saw this:

The good news: the device should find wide acceptance by parents who want to monitor what their kids are doing with their phones, who they are talking to and text messaging, and where they are surfing. It could also be valuable in secure areas where employees need to be randomly monitored to insure that sensitive information is not compromised through the use of a cell phone as a memory device.

These will be the real users of this kind of device. Free software for cell phones can not arrive fast enough.

Re:Plot Device Failure. (4, Funny)

Anachragnome (1008495) | more than 6 years ago | (#24812997)

That is precisely the sort of crap they spooned out when Verichip tried to persuade parents it was a good idea to have their kids RFID chipped ("If your kid is lost or kidnapped, they can be located!").

And that, my friends, was just the first salvo in the attempt to get people-chipping popularly accepted.

As I once said, the day they start chipping people is the day I start offering my services to remove them and feed them to the migrating geese that pass through our area, in little balls of bread dough.

Non free is always this way. (3, Insightful)

twitter (104583) | more than 6 years ago | (#24811175)

Anyone have any doubts left about the importance of software freedom for all your devices?

Re:Non free is always this way. (3, Insightful)

Anonymous Coward | more than 6 years ago | (#24811271)

I think its great. Theres now a way to copy DRM-laiden MP3s and ringtones from your phone.

-1 insightful??? (0)

Anonymous Coward | more than 6 years ago | (#24811307)

The parent is currently modded
(Score:-1, Insightful)

How does this happen?

Re:-1 insightful??? (1)

dark whole (1220600) | more than 6 years ago | (#24811357)

he has been modded down so much it didn't raise him from -1 im guessing.

Re:-1 insightful??? (0)

Anonymous Coward | more than 6 years ago | (#24811415)

Click on "Score: -1": -1 starting score, +1 Insightful -1, Overrated. That happens to twitter and his sockpuppets only.

Re:-1 insightful??? (1)

ThatFunkyMunki (908716) | more than 6 years ago | (#24812069)

he probably has the worst karma of any /. user

Troll, mod down (0)

Anonymous Coward | more than 6 years ago | (#24812009)

This is not a software problem.

Re:Troll, mod down (4, Insightful)

TheRaven64 (641858) | more than 6 years ago | (#24812611)

Yes it is. The contents of a mobile device should only ever be stored in persistent storage in an encrypted form, so that it's only accessible externally with the device's cooperation. The software on the device should only cooperate with properly authenticated external software. To avoid bricking the device, you might want to provide a mechanism for externally replacing the entire contents of the device's internal storage, but if you do this without first taking a backup (which you can't do without the device cooperating) then you can't install anything nasty on the device without the owner knowing the first time they try to access their data.

Re:Non free is always this way. (4, Insightful)

davolfman (1245316) | more than 6 years ago | (#24812071)

It's a failure of security through obscurity. The cell phone companies have concentrated so much on selling the syncing systems for absurd amounts that they never bothered to actually secure the interface.

oye! (1)

houbou (1097327) | more than 6 years ago | (#24811183)

I always knew that cell phones are vulnerable, but to know there is a device which can basically clone your data out, with NO trace, that's downright scary! Even when LOCKED? We should start reading our contracts and our EULAs on our phone, somehow, somewhere, there's got to be something to rely on legally, if this can happen.

Re:oye! (4, Insightful)

plover (150551) | more than 6 years ago | (#24811549)

I always knew that cell phones are vulnerable, but to know there is a device which can basically clone your data out, with NO trace, that's downright scary! Even when LOCKED? We should start reading our contracts and our EULAs on our phone, somehow, somewhere, there's got to be something to rely on legally, if this can happen.

Such a device is called a "computer", and many people already own one. By means of a secondary device, called a "USB cable", one can attach a computer to a cell phone and read the contents from it.

If you read the "instruction manual" that comes with your cell phone, you can see plainly that a cable can be connected between the phone and the computer and the contents read from it. No phone manual I have ever read says anything about authentication of the USB cable connection. Therefore you have already been informed of as much as you need to know, legally.

Re:oye! (2, Interesting)

houbou (1097327) | more than 6 years ago | (#24811665)

Gee, I must have dumb written all over my forehead for you to write that, because, I know that IF I take MY OWN PHONE and I hook it up to my PC I can clone it. The article is about phones that can be cloned while locked. The lock feature isn't working as advertised, I believe that's the issue here. It can be easily overriden. There is software out there to do so, maybe that's what that original article was all about. My worries is that what's the point of locking your phone and someone can rip the data out of it regardless? Right? RIGHT?

Re:oye! (0)

John Hasler (414242) | more than 6 years ago | (#24812171)

Isn't it just a little bit naive to put your secrets in your phone and then permit untrusted people unmonitored physical access to it?

Re:oye! (3, Insightful)

houbou (1097327) | more than 6 years ago | (#24812461)

Uh.. gee, let's put imagination 101 to the test.. say for example, your phone is:

  1. locked, and
  2. lost or stolen..

In real life, who the hell would locked their phone and maybe lose it uh? right? can't possible happen, that's way to fictional, going on sci-fi here..

You would THINK your phone numbers and whatever else is stored, at least is somewhat safe, but wait.. not anymore.. if a company sells you a phone and says it's safe when it is locked, only for anyone with the right software to override the locked feature, I think there is something wrong with this picture. That's the problem as I see it, if I'm naive, so be it, but I think there is a point to this, so, call me naive here, but I think you forgot that part of the equation in your comment :)

This only works on SOME phones (5, Insightful)

davidwr (791652) | more than 6 years ago | (#24811203)

Phones without a data port are immune.

Phones whose firmware will not send a particular piece of data over the data port are immune as long as the firmware isn't updated. Updating the firmware leaves a trace.

This goes to show that in many cases, physical access is ultimate access.

I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.

Re:This only works on SOME phones (1)

linzeal (197905) | more than 6 years ago | (#24811319)

Physical access still is not going to break some encryption, what worries me is that phone companies are not allowing you to have that level of encryption for your contact list, SMS and other "proprietary" parts of the phone's logic.

Re:This only works on SOME phones (0)

Anonymous Coward | more than 6 years ago | (#24811387)

And this is one reason why open phones like openmoko are important.

Re:This only works on SOME phones (2, Interesting)

thetartanavenger (1052920) | more than 6 years ago | (#24811909)

Whilst this is getting better pretty damn rapidly with newer smartphones, I wouldn't have thought most phones would be able to handle that much encryption. Tis rather processor intensive, killing the battery. Although I guess they could add in extra hardware for the purpose, again killing the battery.

For a lot of people phones should be basic things that make calls, send texts, and not die on them, enryption doesn't even enter their head. With the phone makers, it not about not allowing you to have strong encryption, it's encryption being too resource intensive. Of course not all phone makers have this issue and the likes of the jesus phone should be providing such critical function.

I do agree with you though, so bring on the openmoko, or possibly android...

Re:This only works on SOME phones (5, Informative)

Anonymous Coward | more than 6 years ago | (#24811803)

I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.

You know what those "secure" phones are called? Blackberries. Go buy one today!

On a blackberry, you can have all content on the phone strongly encrypted with AES. If your company has a blackberry enterprise server, you can even make this mandatory and prevent the user from disabling content encryption.

If content encryption is on, then the blackberry won't send data via the data port or bluetooth until the password is entered. Enter the wrong password 10 times and the blackberry securely wipes itself.

Despite the proliferation of mobile phones & wireless email, no one comes close to the blackberry platform for features & security. Not iphone, not windows mobile, not nokia. Some very smart people at RIM have looked at wireless email from end-to-end. The blackberry platform has also been audited from end-to-end by many governments and tech experts. What RIM really needs is a good marketing campaign to establish themselves as a "cool" brand.

Breaking into a Blackberry (1, Funny)

Anonymous Coward | more than 6 years ago | (#24811915)

adds a whole new meaning to the term "crackberry."

Re:This only works on SOME phones (1)

pdxp (1213906) | more than 6 years ago | (#24812241)

Sounds like they've got the software licked. Now if they would only make some decent hardware, people might start to believe the whole "cool" thing.

Re:This only works on SOME phones (1)

Tony Hoyle (11698) | more than 6 years ago | (#24812045)

The connector on it looks like a Nokia handsfree connector, so it'll only work on those phones that have that sort of connector... and even then only those that have a data port there (very few in fact.. most have the data port under the battery these days).

A single device that would get data off *any* phone is impossible - there are too many differences in them. You need a device per phone model, and even then you'd need the data format which is often proprietary (connecting to an iphone is totally unlike connecting to a 3310 for example).

Re:This only works on SOME phones (2, Insightful)

dotancohen (1015143) | more than 6 years ago | (#24812741)

I see a market for "secure" phones where the data part of the data/charging port is disabled unless you plug in a key or type in a code. Many companies will gladly pay for such a device.

So long as the data port is not playing double duty as the charging port, take a screwdriver to it. That's what people in sensitive government jobs to the cameras in their cellphones. In Israel, it doesn't even void the warranty under most circumstances.

How much? Where? (2, Interesting)

damn_registrars (1103043) | more than 6 years ago | (#24811211)

Anyone know where I could pick one up? It could be useful for backing up my phone. I occasionally move my SIM card between phones (or multiple cards between my phone, depending on the need) and some phones drop certain things when they detect a SIM card swap.

Re:How much? Where? (1)

Fred_A (10934) | more than 6 years ago | (#24811369)

Anyone know where I could pick one up? It could be useful for backing up my phone.

My thoughts exactly. It would be nice if it could also *write* to the phone though. Backing up without being able to restore isn't all that useful.

Re:How much? Where? (2, Informative)

EdIII (1114411) | more than 6 years ago | (#24811633)

My thoughts exactly. It would be nice if it could also *write* to the phone though. Backing up without being able to restore isn't all that useful.

It is a forensic product. Any product in that field that changes the evidence is worthless, therefore it is entirely appropriate that it does not write anything at all to the phones.

Re:How much? Where? (1)

RiotingPacifist (1228016) | more than 6 years ago | (#24811447)

just plug it into your pc, this is just an automated gadget that speeds up the process.

Re:How much? Where? (1)

damn_registrars (1103043) | more than 6 years ago | (#24811719)

just plug it into your pc, this is just an automated gadget that speeds up the process.

Not all phones support all functions by plugging into the PC. Some barely even support charging through USB. If this gadget is as great as the summary claims, then it would be worthwhile for those phones that don't cooperate as well through USB.

Re:How much? Where? (2, Informative)

barzok (26681) | more than 6 years ago | (#24812055)

Not all phones support all functions by plugging into the PC

*cough*Anything from Verizon*cough*

Re:How much? Where? (5, Informative)

GodBlessTexas (737029) | more than 6 years ago | (#24812123)

Yeah, you can find it at csistick.com [csistick.com] . Price is $299 for the hardware + Device Seizure Lite software to access the acquired data.

I have a couple of these at work, since my job is as a forensics investigator, and they're nifty, but they're very limited in what you can do with them since they only support Motorola and Samsung. There are better tools out there:
PDA Seizure, Cell Seizure, Pilot-Link (Open Source), BitPIM (Open Source), ForensicSIM, etc.

Enough with the overrated tag already (-1)

damn_registrars (1103043) | more than 6 years ago | (#24812417)

Who have I pissed off enough [slashdot.org] to warrant their following me around and moderating my posts down "overrated"? I even had a unmoderated comment [slashdot.org] hit with "overrated".

The overrated tag is not an appropriate way to show you disagree with a person or posting. Stop being a coward, and post your beef with me here.

Re:Enough with the overrated tag already (2)

TheRaven64 (641858) | more than 6 years ago | (#24812647)

Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up. Mine certainly did four years ago, although I've never used it, since I tend to sync via bluetooth, but it was one of the cheapest ones available back then (free with the cheapest contract on offer).

Re:Enough with the overrated tag already (1, Offtopic)

damn_registrars (1103043) | more than 6 years ago | (#24812723)

Your comment is probably marked overrated because pretty much every phone sold in the last five years comes with a cable for backing it up

Maybe I'm crazy, but I would say there has been a trend of my un-moderated comments being hit with the "overrated" tag. And being as the "overrated" tag seldom (if ever?) comes up for meta-moderation, it is a pretty bullet-proof way for someone with an ax to grind to knock down the comments of someone they don't like.

You could be right. It may be that someone honestly felt that this product is irrelevant and nobody cares where it is sold or how much it costs. And I wish I could believe that is the case. However, this trend suggests otherwise.

And on top of that, how often do you actually see the "overrated" tags applied in general contexts around here? I've seen plenty of posts of questionable merit moderated up to +5. Yet somehow my posts are being knocked down as "overrated" - sometimes while they are still just at their starting score of +2.

Wait... "troublesome for corporate employees"? (2, Insightful)

DrEldarion (114072) | more than 6 years ago | (#24811223)

If you're using your employer's phone, you really shouldn't expect the things you do on it to remain private.

Re:Wait... "troublesome for corporate employees"? (2, Insightful)

andy1307 (656570) | more than 6 years ago | (#24811257)

I think they're talking about other companies(in the case of corporate cellphones) and unauthorized people(in the case of govt. cell phones) getting access to the data.

Re:Wait... "troublesome for corporate employees"? (1)

shawn(at)fsu (447153) | more than 6 years ago | (#24811439)

I think you could say.... Well thats what you get for using a phone as a data storage unit. We all know that once some one has physical access it's just a matter of time. So all this just showed us is that its a small matter of time. You want you data secured? Keep it on a secure server somewhere. Access it in a way that doesn't leave copies on your phone.

Re:Wait... "troublesome for corporate employees"? (2, Insightful)

Hyppy (74366) | more than 6 years ago | (#24811525)

You want you data secured? Keep it on a secure server somewhere. Access it in a way that doesn't leave copies on your phone.

So, how does one exactly go about dialing a number without leaving a trace on the phone?

keep your calls from showing up in the call list (1)

floor84 (1353389) | more than 6 years ago | (#24811637)

1. Clear your call list after a call. (most phones have this feature)

2. Make your calls through a forwarding service, only one phone number will show up on your dialed calls list.

Re:Wait... "troublesome for corporate employees"? (3, Insightful)

mikiN (75494) | more than 6 years ago | (#24811659)

Sign up with a dialing/switchboard service that uses voice recognition, maybe?

suggestModerate(parent, -1, "D'oh");
this.append(smiley);

Re:Wait... "troublesome for corporate employees"? (2, Funny)

dotancohen (1015143) | more than 6 years ago | (#24812753)

So, how does one exactly go about dialing a number without leaving a trace on the phone?

Maybe put on a glove?

Re:Wait... "troublesome for corporate employees"? (4, Insightful)

EdIII (1114411) | more than 6 years ago | (#24811713)

You completely missed the point. This is not about the employee being able to keep their actions private from the world, or even their own employer. It is about the company being able to keep their actions private from the world, which obviously includes the actions of all of their employees.

It is a completely reasonable expectation, and indeed quite desirous by corporations, that an employee be able to maintain some level of privacy (and security) from the rest of the world. So when the article mentions that it is "troublesome for corporate employees" it is really talking about the implications for security for the entire company.

Security Cameras, Data Sucks, I'm Not Surprised (3, Insightful)

curmudgeon99 (1040054) | more than 6 years ago | (#24811253)

How can anyone feign surprise at having your entire electronic life be compromised. If you have a device smart enough to keep up with several email accounts and manage them all, of course you've also opened up a pig portal. If you want to have secrets, fill your world with post it notes under desks.

Re:Security Cameras, Data Sucks, I'm Not Surprised (1)

Aetuneo (1130295) | more than 6 years ago | (#24811599)

Post-it notes under desks aren't very secure: as soon as someone has access to the desk, all your security is gone. Filling your world with a few hundred low-capacity encrypted SD cards or flash drives (all identical, of course), and each using a different password, would be secure: sure, you'd have to remember a lot of stuff, but even if someone gets their hands on all of them, they 1) wouldn't be able to crack the encryption, and 2) even if they were able to, they would have to crack it possibly hundreds of times. Of course, this would be difficult to implement, but, if done correctly, very, very secure.

Re:Security Cameras, Data Sucks, I'm Not Surprised (0)

Anonymous Coward | more than 6 years ago | (#24811609)

If you want to have secrets, fill your world with post it notes under desks.

Yeah, you could gain yet another secret to be kept from your wife and/or other boss that way after interested parties obtain images of all your post-its and a sample of your DNA.

Disclaimer: I am NOT a salesman for 3M or any office supply.

Note to 3M: If you should happen to notice a significant uptick in sales, please make a donation to a F/OSS project. Better yet, make some donations anyway and some might actually start using post-its.

Re:Security Cameras, Data Sucks, I'm Not Surprised (0)

Anonymous Coward | more than 6 years ago | (#24812037)

On an unrelated note, this is the first time I've heard the phrase "pig portal". The mental image had me giggling for 5 minutes straight.

All phones? (2, Informative)

gevreet (1295795) | more than 6 years ago | (#24811283)

Seems to only support motorola/samsung (and I suspect usb only) http://csistick.com/models.html [csistick.com]

Re:All phones? (1)

Tony Hoyle (11698) | more than 6 years ago | (#24812075)

So it doesn't support even most phones let alone all phones. Not even the common ones, even. Seems a bit of a waste.

Re:All phones? (1)

pkinetics (549289) | more than 6 years ago | (#24812603)

Since I own a Samsung, it has settings to be recognized as a USB device. Plugged in with the right cable, my computer recognizes it.

My guess is if the phone can be set up as a USB device, it can be breached.

So I wonder when they will have one for the iPhone?

Only Samsung and Motorola, so far (1)

wonkavader (605434) | more than 6 years ago | (#24811297)

I wonder if those are the most common phones, or the easiest to mess with via the port?

Re:Only Samsung and Motorola, so far (2, Insightful)

Tony Hoyle (11698) | more than 6 years ago | (#24812143)

Well it's missing the largest cellphone company in the world - Nokia - and within that the most popular phone in the world - the 3310.

So no, they are not the most common ones. (You'd need Sony Erricson and LG in there as well for the popular ones, even if you limited it to phones in the last year or two).

Possibly easiest to hack.

If they can make this (3, Insightful)

Anonymous Coward | more than 6 years ago | (#24811311)

Then why is it so hard for me to sync my phone?!

Probable Cause and Warrants (3, Informative)

Doc Ruby (173196) | more than 6 years ago | (#24811325)

In the US, we used to have this requirement that the government protect our rights:

Amendment IV [wikipedia.org]
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Without probable cause and a legitimate warrant based on it, there is no reasonable search or seizure, no usable evidence. There's only an armed gang assaulting and violating their victim.

A fancy new way to invade privacy is just an expensive and effective battering ram.

Re:Probable Cause and Warrants (3, Informative)

noco80 (1193081) | more than 6 years ago | (#24811887)

Actually, you should read up on your Supreme Court jurisprudence. The Court, led by Justice Thomas, has begun to read the text literally. If you notice, there is no requirement that a search be made after a warrant is granted. Instead, it protects people from unreasonable searches. WHEN a warrant is issued, that warrant must be based upon probable cause. Generally, it has been presumed that a search of an area where a person has a legitimate expectation of privacy is only reasonable when done pursuant to a warrant. This view, though, is not the only one. The Court has begun to evaluate a search as whether it is unreasonable - not merely if it was done pursuant to a warrant.

Re:Probable Cause and Warrants (2, Insightful)

Doc Ruby (173196) | more than 6 years ago | (#24811999)

Like I said: we used to have requirements to protect our rights.

Clarence Thomas, as everyone not blinded by Republican loyalty knows, isn't a "Constitutional" justice. He's a rightwing pawn.

Which is why he and his Republican Supreme Courts have tended to throw out the requirements that the government protect our rights. Including the long-understood requirement that a warrant be produced from probably cause to be reasonable.

But hey, if you want a "literal Constitution", let's finally dismiss that standing army and finally get the well-regulated militia instead, that the Constitution requires.

Without due process, like reasonable cause producing warrants as the only legitimate search/seizure, the government can arbitrarily invade us. I bet King George III and his agents would have claimed all their searches and seizures were "reasonable". But that kind of "court" isn't the kind that we replaced with our Constitutional representative democracy.

If you want a Court that operates like a cracker gang exploiting any possible vulnerability in the "operating system" to destroy our rights rather than protect them, well, Clarence Thomas is your kind of "justice".

Re:Probable Cause and Warrants (4, Insightful)

Xonstantine (947614) | more than 6 years ago | (#24812939)

Clarence Thomas, as everyone not blinded by Republican loyalty knows, isn't a "Constitutional" justice. He's a rightwing pawn.

Statements like this is why you're a commie stooge, Doc. Clarence Thomas has been on the side of individual rights far more often than Ginsburg, Souter, Stevens, or Breyer.

Kelo vs Connecticut...who sided with government power and who sided with individual property rights?

Heller vs DC...who sided with government police power and who sided with an individual's right to self defense?

Raich vs US...who sided with personal growth and consumption of marijuana and who sided with the government's prosecution of such under the Commerce Clause?

As for the expectation of privacy when crossing the border, there has NEVER been an implied or explicit right. The US government has always maintained the power to search your belongings on entry. Your allegation that Thomas is somehow throwing out the Constitution with this decision illustrates your basic ignorance on the Constitution, Constitutional law, and Clarence Thomas...in other words, par for the course for you.

Re:Probable Cause and Warrants (0)

Anonymous Coward | more than 6 years ago | (#24812607)

In the US, we used to have this requirement that the government protect our rights:

Just try crossing the border back into your own country and see what happens with your cellular telephone or PDA. Search and seizure of its contents without warrant and without probable cause. None is needed and this practice is leaking over to internal, domestic possession of such devices.

Re:Probable Cause and Warrants (2, Interesting)

Doc Ruby (173196) | more than 6 years ago | (#24812711)

The border has always been an exception to enforcement of government protections of our rights, even when unjustified by any actual risk response. This decade has seen those exceptions turn extremely abusive, even on totally legitimate US citizens and visitors.

We have to fix our border to protect us from both foreign threats and domestic abuses. And we especially must reverse the trend of finding any exception to protecting our rights as an excuse to violate them elsewhere.

Hmm... (1)

kabocox (199019) | more than 6 years ago | (#24811367)

I think this should be highly illegal. What about the whole secure in your person, papers, and property bit? This is like copying all your papers and transactions for the past few months so that they can just look at them when ever! If the law enforcement needs this, it needs to be required by law that they need a warrant signed by a judge to use!

On corporate phones/PDAs, it's completely impractical to say that you aren't going to have a data/charging port. You've pretty much have to have one. Now, initially, I could see the default to be to work with any device. If you or your IT department wants the device secured, then they'd have to read the manual and set it up, any computer that you hooked the phone up to could work, but you'd need at a min a username/password before you are given access to the device. (There is a part of me that would like little finger print readers/retina scans in the phone and you'd have to have the person their to unlock the phone before it could be used with other devices. Let's remember if they've got you and your device physically, there really isn't much you can do to defend yourself at that point.

Re:Hmm... (2, Insightful)

EdIII (1114411) | more than 6 years ago | (#24811827)

Do you mean the product should be illegal, or the act of using the product as it is intended?

This is being marketed as a forensic product. The primary user of this device is going to be a forensic technician in the field. That usually implies crime scenes, etc. There are no problems legally in that context as the technician clearly has rights to be there, or is working in a lab on evidence.

So the product itself is legal as any use in a forensic capacity does not violate the 4th amendment. There are quite a number of products that could be used to violate someone's privacy, including a simple video recorder.

Now law enforcement, including intelligence agencies, using this against suspects out in the field should absolutely be working with judicial oversight. I agree there.

Since this is available to the public, most likely people will be using it in a clandestine fashion that would have legal implications. There is your biggest problem with respect to privacy, and it does not come from law enforcement.

no device needed to help planet/population rescue (0)

Anonymous Coward | more than 6 years ago | (#24811389)

fear is unprecedented evile's primary weapon. that, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' greed/fear/ego based hired goons' agenda. Most of yOUR dwindling resources are being squandered on the 'war', & continuation of the billionerrors stock markup FraUD/pyramid scheme. nobody ever mentions the real long term costs of those debacles in both life & the notion of prosperity, not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece

Synch vs snarf (2, Interesting)

ilovesymbian (1341639) | more than 6 years ago | (#24811391)

Umm, why is it easier for them to steal my data than its for me to synch my phone to my computer? :(

Re:Synch vs snarf (2, Funny)

russotto (537200) | more than 6 years ago | (#24811453)

Umm, why is it easier for them to steal my data than its for me to synch my phone to my computer?

Because compliance with the government's requirements are enforced by large men with guns and the power to throw people in jail forever (ask Qwest's former CEO), and compliance with your requirements... isn't.

why are you letting strangers have your phone (2, Interesting)

SuperKendall (25149) | more than 6 years ago | (#24811471)

Of all the things you can worry about, this seems to be one of the sillier ones - a phone is one thing pretty much never out of sight or touch in public. How is anyone going to plug in anything without your permission?

Look to your Bluetooth stack if you are concerned about data leakage.

Re:why are you letting strangers have your phone (1)

ArsenneLupin (766289) | more than 6 years ago | (#24811777)

Of all the things you can worry about, this seems to be one of the sillier ones - a phone is one thing pretty much never out of sight or touch in public. How is anyone going to plug in anything without your permission?

Any occasion where you undress... Imagine having a sex-date, and while you have fun in the bedroom, an accomplice of your date is having it with your phone that you carelessly left on the coffee table.

Re:why are you letting strangers have your phone (1)

ColdWetDog (752185) | more than 6 years ago | (#24812597)

Any occasion where you undress... Imagine having a sex-date, and while you have fun in the bedroom, an accomplice of your date is having it with your phone that you carelessly left on the coffee table.

Nice fantasy life you have there, Mr. Bond.

The rest of us won't be worrying about this....

Re:why are you letting strangers have your phone (1)

ArsenneLupin (766289) | more than 6 years ago | (#24812901)

Yes, indeed. In most cases, the perp would be more interested in rummaging through your wallet than through your phone... unless (s)he was trolling for phone numbers of hotties in your addressbook, hehe...

Re:why are you letting strangers have your phone (0)

Anonymous Coward | more than 6 years ago | (#24812637)

If you have ever crossed the U.S. border and had to go in to the building the border patrol will ask you to park your car here and LEAVE YOUR CELL PHONE ON THE DASH.

Mostly nuisance for most of us (1)

fermion (181285) | more than 6 years ago | (#24811487)

This is likely not be a casual things. It looks like the tool costs $200, and then at least $100 to read the stick. And while text data is going be easily acquired, the thing only has a gig of RAM. Enough to acquire all the data of a regular phone, but it is likely to choke on a smart phone with 4-32 GB or memory.

Then of course it is only going to download at the speed of the phone, so it is in no way instantaneous. There is a warning on the product that says downloading an entire phone could take hours. It is clearly designed to steal text data. Again, at only 1 GB it will choke on any multimedia files in a smart phone.

The company also appears to have tool to take data from Garmin devices, so maybe that is upcoming too.

In the end I am not sure that this adds to the danger, beyond the script kiddie factor. There are clearly ways to unlock phones without knowing the code. It seems to me that you could spend $300 on a portable computer, get a dock cable, and just sync with whatever phone you like. This would certainly not take 'hours', and one could acquire more than 1 GB. This to me a much more credible threat profile. The key is smaller, but in most cases, for instance valet parking, the size is not necessarily a detriment.

Re:Mostly nuisance for most of us (1)

Francis85 (875901) | more than 6 years ago | (#24812083)

Yes, there are excruciatingly easy ways to unlock certain phones without the password..

When I got my first cell phone, a Razr V3C, I put a password lock on it, only to find out on the first try what if you power it up and then close the lid while it boots, it will simply not ask for your password, and you'll be in.

Fantastic!

Why should we worry? (1)

nickswitzer (1352967) | more than 6 years ago | (#24811531)

How many people are actually going to be running around stealing data by plugging a device into someone's phone. The only thing that I can see from this is someone actually writing a virus that can use the same program from this technology and add a simple mailto command, emailing all your data to them to use for statistics as well as more devious things.

FUD?? (1)

Endo13 (1000782) | more than 6 years ago | (#24811581)

Ok, so after RTFA, I'm a bit confused. What exactly does this device do that you couldn't already do with a laptop using bitpim and bluetooth or the correct usb cable for the phone??

Sure, it's more portable, but it's still not so small that you wouldn't notice someone using it.

Re:FUD?? (1)

Tony Hoyle (11698) | more than 6 years ago | (#24812177)

Nothing at all that I can see. And it's only for a limited number of phones at that.

I'm sure it has a use in its field but to sell it as a general use device is just silly.

Useless.. (1)

denzacar (181829) | more than 6 years ago | (#24811587)

Why use something like that?
Don't you know the super-secret-one-world-government PIN code? 0, 0, 0, 0, YES.

It works in 99.9% percent of the cases.
Those 0.1% must be used by some kind of hackers.
You know... Like Keanu Reeves.

Forturnately, I use a blackberry! (0)

Anonymous Coward | more than 6 years ago | (#24811629)

Where all the content is strongly encrypted with AES. Maybe you shouldn't have bought that iphone if you were concerned about security!

On the other hand, I would love to have one of these - back when I had a regular cell phone, it was often ridiculously hard to copy the contacts from one phone to another phone when upgrading (these were non-GSM phones). Even cell phone stores would often have trouble.

Re:unfortunately, I use a blackberry! (2, Interesting)

aristotle-dude (626586) | more than 6 years ago | (#24811977)

Where all the content is strongly encrypted with AES. Maybe you shouldn't have bought that iphone if you were concerned about security!

They have a model for the Blackberry in the works. Since this device is designed for forensic investigation by either law enforcement or corporate compliance investigators, I would not be surprised if it hooks into low level OS calls put in place for this purpose. The NSA has a back door into virtually all systems out there.

Re:unfortunately, I use a blackberry! (1)

SpectreBlofeld (886224) | more than 6 years ago | (#24812207)

If the Blackberry is locked and password protected, there is no way to interface with the device via the USB port until the password is provided.

  Furthermore, if the incorrect password is entered a predetermined number of times, all data on the device is wiped.

  Lastly, if the Blackberry is connected to a Blackberry Enterprise Server (or a BES-lite consumer solution like Blackberry Unite), the device can be wiped clean of all data remotely by the server at any time.

  I don't doubt that a version of this is in the works for a Blackberry, but I'm sure it will only be effective if the phone isn't locked.

Re:unfortunately, I use a blackberry! (0)

Anonymous Coward | more than 6 years ago | (#24812951)

BlackBerry also has user data encryption via its content protection feature. If this feature is turned on what they pull from the device's memory will be gobbledegook.

Re:unfortunately, I use a blackberry! (0)

Anonymous Coward | more than 6 years ago | (#24812211)

They have a model for the Blackberry in the works.

I really doubt it. The blackberry platform has been audited from end-to-end [blackberry.com] by the Communications Security Establishment (Canada), Communications Electronic Security Group (UK), Center for Secure Information Technology (Austria), Defense Signals Directorate (Australia), Government Communications Security Bureau (New Zealand), National Institute of Standards and Technology (USA), Turkish Standards Institute (Turkey), NATO, the Fraunhofer Institute for Secure Information Technology (Germany) and others.

Since this device is designed for forensic investigation by either law enforcement or corporate compliance investigators,

There is no need for corporate compliance investigators to use this. If your company has a Blackberry Enterprise Server (and you should), the BES manages, tracks & controls absolutely everything on the blackberry already. The BES can be configured to keep track of every call, text message and even where the phone is (if the phone has GPS).

Law enforcement has an easy solution: get a warrant from a judge!

I would not be surprised if it hooks into low level OS calls put in place for this purpose. The NSA has a back door into virtually all systems out there.

I doubt all the institutions listed above didn't notice the back door. Even if they all are in on the conspiracy, blackberries are used by senior government officials in the USA, Canada, Australia, etc. Even Barack Obama uses one. Would they use them if their government knew there was a secret gaping flaw?

Is this really a great invention? (0)

Anonymous Coward | more than 6 years ago | (#24811715)

This is just about reading the file system of the phone with RAW reads (as with hard disk) and not changing the content.

Hardly anything ground breaking to average user.

Same thing just smaller... (0)

Anonymous Coward | more than 6 years ago | (#24811733)

The CSI Stick does not do anything you couldn't do with a laptop and some software before. Heck you can pull much of the same information (from a limited number of phones as well) for free with Bitpim. Anyway, anyone who has used a Paraben product before would have dealt with so many bugs as not to be so scared.

Slashvertisement (0)

Anonymous Coward | more than 6 years ago | (#24811759)

Sounds like a Slashvertisement to me, a thinly-veiled attempt to advertise a crappy, nigh-on useless product to people who might just buy it. Try flogging it on QVC to their drooling watchers.

if so, i am fux0red (1)

paniq (833972) | more than 6 years ago | (#24811809)

...or can i sue them for copyright infringement or violating other peoples intellectual property rights when they steal my crazy frog ringtone?

Undetectable... (1)

BaatZ (850474) | more than 6 years ago | (#24811831)

I do have to object to the term 'undetectable', it's not wireless or something so as long as you keep your phone in your pocket nothing happens. That being said, i'd like to have such device for ehr... dunno, i want one !

Physical access? get physical (1, Funny)

Anonymous Coward | more than 6 years ago | (#24811987)

The device requires physical access .
Warning ! If somebody stuck a device in my cellphone , I wonder if the hospital can remove it from their Arse or stomach . because that is where it would be, and I'm not Joking

BlackBerrys (1)

Kooty-Sentinel (1291050) | more than 6 years ago | (#24812161)

I didn't RTFA, but does this apply to BlackBerrys too? I thought the entire partition on the phone was supposed to be encrypted.

So basically (0)

Anonymous Coward | more than 6 years ago | (#24812189)

someone created a portable hand-held bitpim dongle?

A convenient list of phones not to buy (2, Informative)

erroneus (253617) | more than 6 years ago | (#24812201)

http://csistick.com/models.html [csistick.com] -- Remember, before buying or recommending a phone, check this list to be sure your phone is not on it.

Re:A convenient list of phones not to buy (1)

slamtastic (1354311) | more than 6 years ago | (#24812853)

Sheesh! This device does NOT work on the V3 and V3r ( I have tested it with the latest firmware EVEN THOUGH They are listed on the site as supported. Grrr....

Been done before, kind of. (0)

Anonymous Coward | more than 6 years ago | (#24812219)

Here's a little hack that you can all run from home, right now!

It's the BlueBugger [remote-exploit.org] tool. Most phones with bluetooth support, if you're near them, you can send text messages through their phone, read their text messages, read/write phonebook entries, set call forwards (Which you can then turn around, to listen in on calls), connect to the internet, and forcing the phone to use other providers.

You might say "Oh, but you have to be close to them..", but hey you'd be surprised with how many phones go in and out of a Starbucks on a busy day. Just set a shell script to check for vulnerable phones once a minute and sit and relax.

Posting anonymously just incase. :3

data grabber (0)

Anonymous Coward | more than 6 years ago | (#24812269)

How is this different than a PC, bitPM and a bunch of cables pulling down data?

Undetectable? (1)

DigitalReverend (901909) | more than 6 years ago | (#24812293)

I'm sorry, but if someone runs up and connects something to my data port on my phone, I am pretty sure I am going to notice it.

A Device to Grab Data From [SOME] Cell Phones (1)

WMIF (1175429) | more than 6 years ago | (#24812675)

From TFA:
"It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly."

Ask anyone in the mobile forensics field, and they will tell you what a joy it is to have so many choices of software/hardware that can get data from every mobile phone out there. [/sarcasm]

Take a look through the documentation of any of the mobile phone forensic software packages, and you will find that one company supports this phone, another company supports that phone, etc. You will also find a very slow process in updating to support additional phones. The differences between hardware, firmware, and file systems on the devices vary too greatly right now, even from the same manufacturer.

You have NOTHING to worry about.... (1, Interesting)

Anonymous Coward | more than 6 years ago | (#24812787)

All, 1. This device supports a VERY small list of phones. 2. Of the phones that are supported, the device rarely works. due to firmware diversity inherent in all phones. 3. You have a better chance of getting the data out of your phone using bitpim (www.bitpim.org). 4. The company that sells the device (Paraben) is notorious for making (and selling) poor software and feeding off the FUD (Fear Uncertianty and Doubt) of local PD that don't know better. It's stories like this that the company uses to sell their product. 5. The company makes other products: like software to predict lottery numbers. Not sure that I would trust them with MY data.

I'm sure this device... (1)

Kjella (173770) | more than 6 years ago | (#24812829)

...is good at what it does, but isn't the real problem getting your hands on the cell phone at all? When it's not charging at home, it's usually in my pocket and you'd have to be a pretty good pickpocket to steal and return it. I don't usually leave it anywhere due to thieves, so what would you do? Break into the locker at the gym? Ask me to borrow it to make a call? If I had something sensitive on it I wouldn't unlock it and give it to you. If you steal it or have a warrant it doesn't matter one bit what you'll hook it up to later. I'm sorry, but I really don't see any need for any of the features except in a B-class action movie.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?