User: Password:
|
|
Subscribe / Log in / New account

CSI Stick grabs data from cell phones (CNet)

Here's a CNet article about the "CSI Stick," a new data-grabbing gadget evidently favored by law enforcement agencies. "This device connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption." Another good reason to want a phone with free (and replaceable) operating software - this sort of vulnerability can be fixed. (Via Schneier).
(Log in to post comments)

CSI Stick grabs data from cell phones (CNet)

Posted Sep 3, 2008 16:18 UTC (Wed) by gouyou (guest, #30290) [Link]

More reason to get an open source phone ...

CSI Stick grabs data from cell phones (CNet)

Posted Sep 3, 2008 16:31 UTC (Wed) by JoeBuck (guest, #2330) [Link]

That wouldn't necessarily help. If your open source phone follows standard protocols, for things like syncing files via Bluetooth and the like, then gadgets like this would work just fine.

CSI Stick grabs data from cell phones (CNet)

Posted Sep 11, 2008 4:08 UTC (Thu) by dmag (guest, #17775) [Link]

No, the "CSI tool" relies on standard software running on the phone. It *only* supports Motorola and Samsung phones. It says right on their website "If a device has been flashed with a firmware update [..] CSI Stick may not be able to acquire any data". It'll bet they never support the Blackberry, because they probably require a password.

Therefore, having an open source phone would help because
1) at the least, we'd be able to turn off the software
2) we'd be able to replace it with better software (require passwords, transmit encrypted data, store data encrypted, etc.)

(P.S. To whoever mentioned JTAG: It's not the wonderful standard you think it is. Your JTAG reader must have knowledge of every CPU, plus any flash device protocols. Oh, and every device will have a non-standard JTAG pinout, so you'll have a suitcase full of connectors. You can buy something like a universal JTAG programmer [1], but it will set you back $2,000 and you'll have to make your own cables and write your own initialization scripts for every board. To debug the scripts, you need an expensive scope. It could be done, but it would be a *ton* of work.)

[1] http://www.abatron.ch/products/bdi-family/bdi1000-bdi2000...

CSI Stick grabs data from cell phones (CNet)

Posted Sep 3, 2008 16:25 UTC (Wed) by Gollum (guest, #25237) [Link]

I'm guessing that this device effectively "syncs" the phone to a local storage.

Of course, it may also be doing something akin to a JTAG image of the flash and/or RAM in the device, which would be a somewhat different story.

Once you have the dumps, reconstructing them into something comprehensible is relatively simple.

CSI Stick grabs data from cell phones (CNet)

Posted Sep 3, 2008 16:40 UTC (Wed) by lmb (subscriber, #39048) [Link]

So, you lose physical control over unencrypted data, and then someone can copy it. That is news how?

CSI Stick grabs data from cell phones (CNet)

Posted Sep 3, 2008 19:45 UTC (Wed) by jreiser (subscriber, #11027) [Link]

That is news how? It is news because of the recent rapid ubiquity (only several years) of inexpensive portable radio telephones and associated devices, and the general ignorance of most users regarding the nature of the risks and user's significant exposure to them. The widespread commercial availability of purpose-made "cracking tools" is also newsworthy.

Schneier's articles scare me sometimes...

Posted Sep 3, 2008 20:39 UTC (Wed) by pr1268 (subscriber, #24648) [Link]

Schneier's articles scare me sometimes. Well, maybe I'm disturbed more than frightened by his stuff. That being said, I still enjoy reading his stuff. He's a good writer who discusses contemporary topics in personal privacy and computer security.

I've studied some computer forensics (one of my favorite university professors has taken up full-blown research in this area), and the research firm that gave presentations in our class was/is chomping at the bit for just such a device as Schneier's article describes. I seem to agree with some of the other comments that this gadget's existence is independent of whether the phone's software is Open Source, but I could be enlightened some more.

champing at the bit

Posted Sep 6, 2008 18:39 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

It's "champing" at the bit. Chomping is biting down hard, whereas champing is gnashing, which is what a horse does to the bit when he's anxious to go and the rider won't let him.


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds