Skip to content or view screen version

Phone security Q&A

Danny | 16.10.2009 12:29 | Other Press | Technology

The following advice from New Scientist is just a useful reminder that activist security means more than just removing your phones battery when discussing shit. It requires one caveat. When it says "Without direct access, they can still monitor your phone usage remotely, but not eavesdrop on your conversations" that this doesn't apply to the security services who can eavesdrop on turned off phones remotely.

Phone security Q & A

If I delete a message or photo on my phone will it disappear completely?

Data often remains on a phone's memory chip until it is overwritten. Phones also create extra copies that are spread around its memory. It is possible to overwrite files by copying new data onto the phone. Commercial software will "zero fill" a memory or SIM card to overwrite it.

Where do recycled handsets end up?

According to Andy Jones, a security specialist at British Telecommunications, the main markets for recycled phones are Nigeria and China, "both of which are regarded as areas posing a high threat to the security of information".

What if I smash up my SIM card?

Forensic analysts can often recreate SIM cards using the data that's stored on the handset. How much information they can retrieve depends on the phone model. It is also possible to stick a damaged SIM card back together and then extract its data.

Can my movements be tracked, even if I don't have GPS on my phone?

A technique called cell site analysis can be used to track someone to within 10 to 15 metres, using cellphone masts to triangulate their position. GPS can give more detailed information, such as your altitude or the speed you are travelling at.

Can my handset be used to spy on me?

If someone can get direct access to your handset, they can install software that lets them listen to conversations and monitor text messages without your knowledge. Without direct access, they can still monitor your phone usage remotely, but not eavesdrop on your conversations. [NB The security services can eavesdrop on phones that they have only remote access to, according to BBC and other mainstream reports of MI6 spying at the UN - Danny.] It is also possible to send text messages that look like they come from someone else - a technique called SMS spoofing. This makes it possible to upload messages to someone else's Twitter account, or send your boss rude messages using a colleague's number.

How do I improve my phone's security?

Switch on all security options such as handset PIN codes. Download software to wipe your phone before you throw it away or send it for recycling. Consider buying a handset with fingerprint recognition security. Alternatively, add software that can find your phone or even take control of it remotely should it be stolen, allowing you to encrypt all data stored on it, disable it entirely or even make it emit a loud alarm.

Is it legal for my employer or partner to send my cellphone for analysis?

If it is a company phone, or was a present from your partner, beware. Chances are that they can claim legal ownership and so can do what they want with it.


[see also  http://news.bbc.co.uk/1/hi/magazine/3522137.stm ]

Danny
- Homepage: http://www.newscientist.com/article/mg20427301.100-the-pocket-spy-will-your-smartphone-rat-you-out.html?page=2

Additions

taking battery out in meetings

17.10.2009 18:10

To all those people who go to a meeting and at the start of it they take out the battery.

So whoever may be monitoring phone movements. They see all these phones converging at the same point at the same time. Then suddenly they are all turned off. At the same time. What would you think?

If you need privacy for your meeting, leave your phone at home.

c.


Comments

Hide the following 3 comments

*not* taking your mobile phone to a meeting can be deemed as "suspicious"

18.10.2009 01:12

It could be worse - in Germany or France, *not* taking your mobile phone to a meeting has been used as grounds for suspicion by the police and prosecutors - see this article in The Register

The mobile phone as self-inflicted surveillance
by David Mery
 http://www.theregister.co.uk/2009/04/10/mobile_phone_tracking/

Remember that your mobile phone will handshake with the network every 10 minutes or so (more frequently if you are actually on the move) , even if you do not make or receive any voice calls , SMS text messages or connect to the internet.

Each time it does this, your handset's Location Based Data record is updated - necessary for the system to work, but this Communications Data is also now Retained for at least 12 months, even for pre-paid mobile phones.

See the advice and links at:

Hints and Tips for Whistleblowers -Technical Hints and Tips for protecting the anonymity of sources for Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc.

 http://ht4w.co.uk/

wtwu
mail e-mail: blog@spy.org.uk
- Homepage: http://ht4w.co.uk


Cell as in battery, as in phone, as in police

18.10.2009 15:41

I fully agree with the comment about leaving your phone at home rather than turning them off en masse at a meeting point. I've been saying that for over 5 years here, without evidence but knowing what any investigating technician would do with the instantaneous data-mining technology available.

There are now better proof that is true, including these links:
 http://en.wikipedia.org/wiki/Covert_listening_device#Remotely_activated_mobile_phone_microphones

 http://news.cnet.com/FBI-taps-cell-phone-mic-as-eavesdropping-tool/2100-1029_3-6140191.html

The Register article is the ultimate proof though, and I'm grateful as I missed that article. To say they are suspicious of you for not carrying your mobile phone is madness and any rational juror or judge should laugh that out of court, but it is true it could raise suspicions with an investigator, for instance if a marked or known car travelling to a known destination without a phone that is associated with that vehicle. It does raise intriguing questions and possible ways to use that to mislead investigators. For instance, putting a bunch of phones into a tamperproof box sealed with a tamperproof label and driving it to a 'red herring' destination.

Still, I think the New Scientist points are important because they are often ignored. With modern network analysis software ( which evolved from, but is not limited to networks of computers ) simply having one or two known numbers on your sim will put you on an investigators (social) network map.
I am only wise after the event. My first arrest was solely down to us using two mobile phones as clocks to coordinate fence-cutting teams that we could have prearranged using watches instead if we'd known the risks at the time. My next arrest someone had a mobile phone on them, and after that I wouldn't trust any activist carrying any electronic technology.

Danny


Phone call eavesdropping is trivial

16.01.2011 14:03

Technically, the ability to use any idle (or busy of course) handset as a listening device is available to a phone network at the push of a button. It is technically trivial for networks to locate any switched-on phone and listen in to any conversation held near the phone. Even if the phone is not on a call.

All any eavesdropper would need is a friendly contact at the network. Judge for yourselves how this might be used. I once witnessed a person located with a quick call to a 'contact' at the network.

I have also heard rumors that some devices now enable networks to listen in even when your phone is switched off. But, if I really thought someone might be listening to me I would take these rumors into account.

You can even soon expect the ability to eavesdrop on calls to be available to all the best private security outfits very soon:  http://www.bbc.co.uk/news/technology-12094227

a