Feeds

Handset makers, the criminal's friend

See no evil, speak no evil

5 things you didn’t know about cloud backup

Last month the United Arab Emirates mobile operator Etisalat tried to sneak malware onto customers' BlackBerry handsets. But what pushed an operator to try such an underhand trick, and do so in such an inept manner?

The snooping software was pushed out as an upgrade, authorised by the operator but almost certainly at the behest of the local government. In reality the package was designed to intercept email communications of selected individuals, but didn't work very well and was rather poorly written.

While inept, the attempt serves to highlight the challenge facing law enforcement around the world: manufacturers aren't interested in helping police recover data from criminals, or bodies, data that can be that can be protected by something as complex as the encryption used on the BlackBerry or something as simple as a handset locked with a PIN.

Users can, of course, lock their SIMs too: but the SIM is owned by the network operator, and can be unlocked using a PIN Unlock Code - or PUK - supplied by that operator. In the UK a fairly comprehensive system exists to allow police to extract data from network operators, with some judicial oversight and budgetary considerations that prevent fishing expeditions.

Police at the scene of a crime, or on discovering a body, will grab any mobile phones nearby for analysis, and can expect to get historical call and location information from the operator.

Silent witness

The operator will also supply the PUK code, if necessary, allowing officers to extract the SIM address book, SMS messages received and the last location in which the phone was used. But that's nothing compared to the data stored on a modern handset, which is also available to police as long as they've not switched the phone off or allowed the suspect/corpse to switch on any kind of lock.

In these days when hackers are threatening to take control of everything from mobile phones to fridges, one might imagine that it would be relatively easy for the police to extract the information a handset in their possession. But you'd be sadly mistaken. Going back a few years, it was true that handsets capable of connecting to a PC yielded their contents pretty easily. Less intelligent handsets such as the Nokia 1100, 1600 and 2310 were much more difficult to open up.

Intensive work has now switched that around, with the better-equipped terminals now being much more secure as the mobile forensics industry has prised open the secrets of the dumb handsets.

And "prised open" is the right term - none of this work has been supported by the manufacturers who have no motivation to help the law enforcement community or their subcontractors. The recent case accusing West Yorkshire police of copyright theft would not have happened if Nokia and friends had shared the codes in the first place.

The data in question had been reverse engineered by Forensic Telecommunications Services (FTS), at its expense. FTS claims West Yorkshire coppers neglected to repeat this work - but why should the UK taxpayer be paying anyone to reverse engineer mobile-phone security when the data is sitting around in Finland?

The essential guide to IT transformation

Next page: Don't care to share

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
Google has spaffed more cash on lobbying this year than Big Cable
Don't worry, it'll be cheaper when they use drones
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?