Feeds

Handset makers, the criminal's friend

See no evil, speak no evil

Security and trust: The backbone of doing business over the internet

Last month the United Arab Emirates mobile operator Etisalat tried to sneak malware onto customers' BlackBerry handsets. But what pushed an operator to try such an underhand trick, and do so in such an inept manner?

The snooping software was pushed out as an upgrade, authorised by the operator but almost certainly at the behest of the local government. In reality the package was designed to intercept email communications of selected individuals, but didn't work very well and was rather poorly written.

While inept, the attempt serves to highlight the challenge facing law enforcement around the world: manufacturers aren't interested in helping police recover data from criminals, or bodies, data that can be that can be protected by something as complex as the encryption used on the BlackBerry or something as simple as a handset locked with a PIN.

Users can, of course, lock their SIMs too: but the SIM is owned by the network operator, and can be unlocked using a PIN Unlock Code - or PUK - supplied by that operator. In the UK a fairly comprehensive system exists to allow police to extract data from network operators, with some judicial oversight and budgetary considerations that prevent fishing expeditions.

Police at the scene of a crime, or on discovering a body, will grab any mobile phones nearby for analysis, and can expect to get historical call and location information from the operator.

Silent witness

The operator will also supply the PUK code, if necessary, allowing officers to extract the SIM address book, SMS messages received and the last location in which the phone was used. But that's nothing compared to the data stored on a modern handset, which is also available to police as long as they've not switched the phone off or allowed the suspect/corpse to switch on any kind of lock.

In these days when hackers are threatening to take control of everything from mobile phones to fridges, one might imagine that it would be relatively easy for the police to extract the information a handset in their possession. But you'd be sadly mistaken. Going back a few years, it was true that handsets capable of connecting to a PC yielded their contents pretty easily. Less intelligent handsets such as the Nokia 1100, 1600 and 2310 were much more difficult to open up.

Intensive work has now switched that around, with the better-equipped terminals now being much more secure as the mobile forensics industry has prised open the secrets of the dumb handsets.

And "prised open" is the right term - none of this work has been supported by the manufacturers who have no motivation to help the law enforcement community or their subcontractors. The recent case accusing West Yorkshire police of copyright theft would not have happened if Nokia and friends had shared the codes in the first place.

The data in question had been reverse engineered by Forensic Telecommunications Services (FTS), at its expense. FTS claims West Yorkshire coppers neglected to repeat this work - but why should the UK taxpayer be paying anyone to reverse engineer mobile-phone security when the data is sitting around in Finland?

Protecting users from Firesheep and other Sidejacking attacks with SSL

Next page: Don't care to share

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Turnbull: NBN won't turn your town into Silicon Valley
'People have been brainwashed to believe that their world will be changed forever if they get FTTP'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee
Father of the worldwide web is extremely peeved over pay-per-packet-type plans
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.