Feeds

Handset makers, the criminal's friend

See no evil, speak no evil

The essential guide to IT transformation

Last month the United Arab Emirates mobile operator Etisalat tried to sneak malware onto customers' BlackBerry handsets. But what pushed an operator to try such an underhand trick, and do so in such an inept manner?

The snooping software was pushed out as an upgrade, authorised by the operator but almost certainly at the behest of the local government. In reality the package was designed to intercept email communications of selected individuals, but didn't work very well and was rather poorly written.

While inept, the attempt serves to highlight the challenge facing law enforcement around the world: manufacturers aren't interested in helping police recover data from criminals, or bodies, data that can be that can be protected by something as complex as the encryption used on the BlackBerry or something as simple as a handset locked with a PIN.

Users can, of course, lock their SIMs too: but the SIM is owned by the network operator, and can be unlocked using a PIN Unlock Code - or PUK - supplied by that operator. In the UK a fairly comprehensive system exists to allow police to extract data from network operators, with some judicial oversight and budgetary considerations that prevent fishing expeditions.

Police at the scene of a crime, or on discovering a body, will grab any mobile phones nearby for analysis, and can expect to get historical call and location information from the operator.

Silent witness

The operator will also supply the PUK code, if necessary, allowing officers to extract the SIM address book, SMS messages received and the last location in which the phone was used. But that's nothing compared to the data stored on a modern handset, which is also available to police as long as they've not switched the phone off or allowed the suspect/corpse to switch on any kind of lock.

In these days when hackers are threatening to take control of everything from mobile phones to fridges, one might imagine that it would be relatively easy for the police to extract the information a handset in their possession. But you'd be sadly mistaken. Going back a few years, it was true that handsets capable of connecting to a PC yielded their contents pretty easily. Less intelligent handsets such as the Nokia 1100, 1600 and 2310 were much more difficult to open up.

Intensive work has now switched that around, with the better-equipped terminals now being much more secure as the mobile forensics industry has prised open the secrets of the dumb handsets.

And "prised open" is the right term - none of this work has been supported by the manufacturers who have no motivation to help the law enforcement community or their subcontractors. The recent case accusing West Yorkshire police of copyright theft would not have happened if Nokia and friends had shared the codes in the first place.

The data in question had been reverse engineered by Forensic Telecommunications Services (FTS), at its expense. FTS claims West Yorkshire coppers neglected to repeat this work - but why should the UK taxpayer be paying anyone to reverse engineer mobile-phone security when the data is sitting around in Finland?

The essential guide to IT transformation

Next page: Don't care to share

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
EE plonks 4G in UK Prime Minister's backyard
OK, his constituency. Brace yourself for EXTRA #selfies
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.