Wednesday, April 20, 2011

Cops scan cellphone, video, GPS during traffic stops



The Cellebrite UFED Physical Pro is a high-end, all-in-one solution for logical and physical extraction. The UFED Physical Pro expands your current device capabilities to extract deleted mobile device data, user passwords, file system dumps, and physical extraction from GPS devices.

With expanded coverage that now includes more than 3000 phones and a growing list of GPS devices, UFED Physical Pro provides the most complete mobile forensics solution available on the market.

Utilizing UFED's simple and field-proven user interface, a complete high-speed hex dump of the phone memory is delivered without the need of cumbersome PC drivers. Critical data such as user lock codes, and deleted information such as text messages, call history, pictures, and video are sorted and retrieved by Cellebrite's Physical Pro engine.




Cops Use Mobile Scanner To Steal Cellphone Data From Innocent Americans

April 20, 2011

If there was a scintilla of doubt as to whether Americans are living in a predatory police state, then this story completely eviscerates it. Michigan state police have been using a handheld mobile forensics device to steal information from cell phones belonging to motorists stopped for minor traffic violations.

The high-tech device works with 3000 different phone models and can bypass passwords to process “Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags,” according to CelleBrite, the company behind the device. “The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps.”

“A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes,” reports TheNewspaper.com.

Michigan state police have been using the device to conduct 4th amendment-violating searches of motorists’ phones who have not even been suspected of any crime.

To add insult to injury, when the ACLU attempted to file a freedom of information act request to discover how police were using the devices, they were slapped with a demand for $544,680 from the Michigan state police.

The fact that Americans are now considered guilty until proven innocent and treated like terrorists by cops who have been trained that their role is no longer to “serve and protect” but to harass and abuse is fast becoming a glib concept.

The question really boils down to whether anyone actually cares. Most Americans couldn’t live without their smart phone and now give it more attention than their own children. We are being enslaved through our own overdependence on gadgets and technology.

As the ACLU points out, use of the devices is completely illegal as it clearly violates the 4th amendment.

“With certain exceptions that do not apply here, a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity,” ACLU staff attorney Mark P. Fancher wrote. “A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched.”

With the ACLU currently embroiled in a lawsuit against the Department of Homeland Security in an effort to stop its warrantless searches of laptops belonging to anyone who enters the United States, another legal fight in the case of the mobile cellphone scanner device is also on the cards.








iPhone keeps record of everywhere you go

Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.

For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.



"Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been," said Pete Warden, one of the researchers.

Only the iPhone records the user's location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any," said Warden. "We haven't come across any instances of other phone manufacturers doing this."

Simon Davies, director of the pressure group Privacy International, said: "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."



Warden and Allan point out that the file is moved onto new devices when an old one is replaced: "Apple might have new features in mind that require a history of your location, but that's our specualtion. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental." But they said it does not seem to be transmitted to Apple itself.

Although mobile networks already record phones' locations, it is only available to the police and other recognised organisations following a court order under the Regulation of Investigatory Power Act. Standard phones do not record location data.

MPs in 2009 criticised the search engine giant Google for its "Latitude" system, which allowed people to enable their mobile to give out details of their location to trusted contacts. At the time MPs said that Latitude "could substantially endanger user privacy", but Google pointed out that users had to specifically choose to make their data available.

The iPhone system, by contrast, appears to record the data whether or not the user agrees. Apple declined to comment on why the file is created or whether it can be disabled.

Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining. The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer.

If someone were to steal an iPhone and "jailbreak" it, giving them direct access to the files it contains, they could extract the location database directly. Alternatively, anyone with direct access to a user's computer could run the application and see a visualisation of their movements. Encrypting data on the computer is one way to protect against it, though that still leaves the file on the phone.

Graham Cluley, senior technology consultant at the security company Sophos, said: "If the data isn't required for anything, then it shouldn't store the location. And it doesn't need to keep an archive on your machine of where you've been." He suggested that Apple might be hoping that it would yield data for future mobile advertising targeted by location, although he added: "I tend to subscribe to cockup rather than conspiracy on things like this – I don't think Apple is really trying to monitor where users are."

The location file came to light when Warden and Allan were looking for a source of mobile data. "We'd been discussing doing a visualisation of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements," Warden said.

They have blogged about their discovery at O'Reilly's Radar site, noting that "why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored."

The pair of data scientists have collaborated on a number of data visualisations, including a map of radiation levels in Japan for The Guardian. They are developing a Data Science Toolkit for dealing with location data.

Davies said that the discovery of the file indicated that Apple had failed to take users' privacy seriously.

Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about "location-based services".

It says that "Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services."

see also:

How to See the Secret Tracking Data in Your iPhone - I tested the tracking feature using the OS X-based iPhoneTracker, Windows users can access their data using iPhoneTrackerWin.

iPhones and Android phones building vast databases for Google and Apple - Italy, France and Germany to investigate smartphone tracking software amid privacy concerns

No comments:

Post a Comment