Educational CyberPlayGround ®

Cell Phone Security and Secrets

BIG BROTHER BIG BUSINESS
Researchers Crack Cell Phone SECRETS

In 1973, Marty Cooper invented the mobile phone.

Signaling System Number 7 is used by Intelligence Agency's to spy on you.

SS7 Hack Explained and what you can do about it. Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure.

The SS7 breach Signalling System Number 7 (SS7) is not secure. It means anyone with a mobile phone can be hacked, can be bugged, can be harassed.” You could be bugged, tracked and hacked from anywhere in the world. It's long been the dirty little secret of international espionage. What it means is that your smartphone is an open book.” 60 minutes Hacking Your Phone

The flaws, which have been around for nearly 3 decades, are “really not much of a surprise” to Christoph Erdmann

“The implications of it are enormous and what we find is shocking is that the security services, the intelligence services, they know about this vulnerability.” 1

Hacking your phone

Information exchanged between different mobile networks expose users to fraud and privacy risks. With the support of the German hacker Luca Melette, Mr Coulthart demonstrated how to track its interlocutor by exploiting the security issue into the SS7.

In 2014, researchers demonstrated that SS7, which was created in the 1980s by telcos to allow cellular and some landline networks to interconnect and exchange data, is fundamentally flawed. Someone with internal access to a telco - such as a hacker or a corrupt employee - can get access to any other carrier's backend in the world, via SS7, to track a phone's location, read or redirect messages, and even listen to calls.

Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale - even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes - such as keeping calls connected as users speed down highways, switching from cell tower to cell tower - that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.

FACT
lmost anyone can set themselves up as a telco, or buy access to the backend of one. The proposed replacement for SS7 on 5G networks, is the Diameter protocol, also has security holes, according to the Communications Security, Reliability and Interoperability Council at America's comms watchdog, the FCC.

  • hackers can access every conversation and text message mobile users send from everywhere in the world. Hackers can spy on every mobile phone user wherever it is.
  • How SS7 Flaw Gives Hackers Easy Access to Your Private Phone Calls. What You Can Do About It (White Paper)
  • Huge Security Flaw Left Billions of Smartphone Users Vulnerable
  • SS7 Phone-Switch Flaw Enabled Surveillance
  • HOW TO DEFEAT SS7 - over-the-top (OTT) services - they transmit over the communication networks of large carriers but not under their control, keeps your conversations, messages and e-mails safe from any underlying network vulnerabilities.
    “Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure,” principle technologist Christopher Soghoian told Gizmodo. “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.” [0]
  • How to cross the US border:
    1. Make sure your devices are encrypted and have PINs/passwords.
    2. Turn them off before Customs.
    3. Pray.

2017 GOD DAMN
THOSE BASTARDS!

Signaling System 7 protocol - the magic glue used by cellphone networks to communicate with each other ALLOWED THIEVES to EXPLOIT SS7 and intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts.

“Caller ID” apps
China's WhatsCall, Sweden's Truecaller, and Israel's Sync.me have created searchable databases of some 3 billion phone numbers and associated identities. anyone who has downloaded these apps can discover who that number belongs to. There are smaller competitors too; Whoscall, Hiya, and CIA App among them. Users (or non-users) who wish to remove their personal data from the company's database can contact whatscall@cmcm.com.

Detecting When a Smartphone Has Been Compromised
While this device may prevent the phone from disclosing its location in real-time it will not prevent the device from recording the sound in its vicinity nor prevent it from using its motion sensors as an inertial navigation system. Later, once its wireless capability is reactivated, it can report both. It seems to me that of you are concerned enough to see your threats at this level you need to acquire good security trade-craft and take other precautions, such as only using a mobile with a removable battery and pull it out before you set out for a meeting or leave it on (so it looks like your are at your home or office) and use a "burner"phone that is never operated near your normal mobile's locations and is discarded after each meeting.

WHEN THE FBI HAS A PHONE IT CAN'T CRACK, IT CALLS THESE ISRAELI HACKERS

2016 METADATA Even basic phone logs can reveal deeply personal information, researchers find according to US researchers who used basic phone logs to identify people and uncover confidential information about their lives. Armed with anonymous “metadata” on people's calls and texts, but not the contents of the communications, two scientists at Stanford University worked out individuals' names, where they lived and the names of their partners. But that was not all. The same data led them to uncover potentially sensitive information about some individuals. One man was found to own a rifle, while another had recently been diagnosed with an irregular heartbeat. Other data pointed to a new pregnancy, a person with multiple sclerosis, and an individual who was gearing up to grow cannabis. The results highlight the extraordinary power of telephone metadata - the number called, when, and for how long - particularly when it is paired with public information available from services such as Google, Yelp and Facebook.

SECURIING A TRAVEL IPHONE I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus convenience. Don't to use anything older than an iPhone 5S, it wouldn't have the TPM. Needless to say, use long unique passwords everywhere.

Captain Crunch

Used Vintage 1960's Cap'n Crunch Bo'son Whistle Blue Phone Phreaker 2.6khz free calls

On this day in 11/17/1963, Bell Telephone introduced / installed world's 1st push-button phones in Carnegie and Greensburg Pennsylvania. "Customers needed to be convinced to use the new phones . . . after decades of using the rotary dial method." The tone phone was also a new development. Developed in the US by Bell in the 1950s, it meant that two simultaneous tones were sent to the exchange to represent the key pressed - and the tones only needed to be applied for milliseconds. With the rotary dial system, a number of electrical pulses were sent to the exchange and it took a whole second to pulse dial '0'. Early keyphones also merely stored the numbers before sending them on more slowly, at least until the local exchange was converted to digital. Tone phones allowed for additional features such as Caller Return, Caller Display, Reminder Call, Call Waiting, Three-way Calling, Call Diversion, Call Barring, Call Minder and Call Sign.

Area code 710

Area code 710 is a special area code, reserved to the federal government of the United States in 1983. As of December 2006, it had only one working number, 710-NCS-GETS (710-627-4387), (insights) which requires a special access code to use. See Government Emergency Telecommunications Service for more information on this service. You can get these for all sorts of stuff - Running a critical network, supporting critical application, leadership of organizations that impact health and safety, key personnel at hospitals, etc.
https://www.dhs.gov/publication/getswps-documents


I have seen first hand a large VoIP carrier reach out to an ITSP because one of their end subscribers was scanning the 710 number space either manually or not. And it was within a few minutes after the scan started. This type of activity (and others too) will set off all kinds of alarms at phone providers. Little known fact: sometimes the other exchanges in area code 710 will translate to places going to military bases and such, depending on the time of year. The best way to tell is by calling 710-867-5309. If you get a recording saying "You are using <long distance provider>" followed by a not in service recording, well, it worked. If you'd care to look around random exchanges and thousand blocks, you might be in for a fun day. Or a knock at your door. But yeah - it's all the luck of the draw. Some phone people have had varying levels of luck with other things involving that area code as well:

Wireless Priority Service
Current usage of 710 GETS is intended to be used in an emergency or crisis situation when the landline network is congested and the probability of completing a normal call is reduced. It provides alternate carrier routing, high probability of completion, trunk queuing and exemptions from network management controls. There is currently only one known working phone number in this area code. A special access code of 12 digits is required for using the service. Upon dialing this phone number, the caller hears a mechanical beep which prompts the caller to enter the access code. If a correct code is entered, they are prompted to dial the destination number (area code + number). If an access code is not entered at the beep, the call is then redirected to a live human operator who then asks for the access code.
http://hn.premii.com/#/article/14529079 https://news.ycombinator.com/item?id=14529079

GETS supports modems and secured telephones (STU-III), which in turn support secure modem connections: https://en.m.wikipedia.org/wiki/STU-III There are also VPN via VSAT connection too:

World's First Mobile Phone (1922).
Mobile phone technology and music on the move was not only being thought of but being trialled. Sweden's Lars Magnus Ericsson invented the world's first car phone in 1910. Sure, it didn't work unless he hooked it into wires along the side of the road. But it was mobile. And as far back as 1922, a British newsreel was showing off a mobile phone that didn't need wires. You can see it in the video above, and what a sight it is. Shot in NY and demonstrated by two Jazz Age women, it uses an umbrella as an antenna. It ropes in a fire hydrant too. And somehow, it lets them call up some tunes from a distant operator, as if they dialing into some sort of Roaring '20s Spotify service.

 

Mad Hats. Holborn, London. 1954

 

Inspector General Says FBI Not Doing Enough To Prevent Abuse Of The Cell Phone Investigative Kiosk Cell Phone Forensic Equipment By Law Enforcement Officers

Federal court in Pennsylvania holds that the Fifth Amendment protects smartphone passcodes

HOW TO BLOCK NUMBERS THAT HAVEN'T CALLED OR TEXTED YOU FIRST

Consumer Support Wireless Application Service Provider's Assoc.
1. Report SMS scams and spam
2. Report unwanted billing
3. Lodge a complaint
4. Contact WASPA

NOTE: The corrupt U.S. Telcom System
relies on the Tower infrastructure so when towers are knocked out, mobile phone handsets become useless.

Executive Order 12333 governs most of the NSA's spying. The documents confirm our suspicions that the NSA relies heavily on EO 12333 and that the order, therefore, deserves far more scrutiny than it has received. This vindicates those who've been warning us about the scope of the NSA's surveillance activities under the executive order — including a former State Department official who has tried to draw attention to its wide-ranging uses. The scope of the government's surveillance authority. It's worth asking whether those policy debates had to take place in secret. Based on these documents, it's clear that they should have taken place in public. Here's how the NSA itself describes EO 12333 in an internal surveillance manual from 2007 (all highlighting is added): USPs" refers to "U.S. persons," which the government defines as American citizens or organizations, as well as legal residents.

STINGRAY
phone networks are insecure

FBI's Digital Collection System Network
You can always zero into one signal among many signals, if you have enough data. You don't need to hack anything—just analyze the signals in the air.
The bureau's technological communications monitoring program a Wireless Intercept and Tracking Team, a unit set up specifically for targeting cell phones. Using StingRay, made by Harris Corp whenever a cell phone communicates with a cell tower, it transmits an International Mobile Subscriber Identity, or IMSI. AirCards like a cell phone, have an IMSI. The government has a gadget that masqueraded as a cell tower, that tricks your AirCard into handing over its IMSI, which was then matched up to the IMSI connected to anything else you do online. The StingRay is a suitcase-size device that tricks phones into giving up their serial numbers (and, often, their phone calls and texts) by pretending to be a cell phone tower. IMSI catchers used (inadvertently) against prison guards apparently did bulk surveillance.

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones Harris Corp.'s Stingray surveillance device has been one of the most closely-guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile-phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet.

Spy agencies target mobile phones, app stores to implant spyware Users of millions of smartphones put at risk by certain mobile browser gaps, Snowden file shows

SIRI is recording everything you say, your contacts, and sometimes your location.

 

A Triple-A Approach to Telephone Security

2015 Spies Can Track You Just by Watching Your Phone's Power Use

2015 SIM cards hacked by U.S. and U.K. spies | US and UK accused of hacking Sim card firm to steal codes

Gemalto security for 113 nationalities, 3,000+ banks, 450 mobile networks, 80 e-gov programs http://t.co/bkSbWaUf3o pic.twitter.com/z5nHKRlvB2

When Gemalto sends copies of SIM crypto keys to cell carriers, they often use email and FTP. What could possibly go wrong?

2015 Verizon's Zombie Cookie Gets New Life Verizon is merging its cellphone tracking supercookie with AOL's ad tracking network to match users' online habits with their offline details. That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — “your gender, age range and interests.” AOL's network is on 40 percent of websites,

How to Use a Cellphone Without Being Spied On the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The secret operation targeted the Dutch company Gemalto. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

 

10/5/14 Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency) after Apple announced encrypting more of the storage on their handsets, and claiming to not have a key.

JAILBREAK PHONE

2016 Companies Can't Legally Void the Warranty for Jailbreaking or Rooting Your Phone Under the Magnuson-Moss Warranty Act of 1975, manufacturers cannot legally void your hardware warranty simply because you altered the software of an electronic device. In order to void the warranty without violating federal law, the manufacturer must prove that the modifications you made directly led to a hardware malfunction. “They have to show that the jailbreak caused the failure. How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law

2014 How the NSA Could Bug Your Powered-Off Phone, and How to Stop Them You can totally and completely turn off your iPhone so no one—not even the NSA—can use it to spy on you. http://www.jailbreakme.com/
Video tutorial on putting your iPhone into DFU mode

 

If you enter DFU mode incorrectly—say, by screwing up the timing of the shutdown procedure—it's possible for malware to detect your intention and fake even that obscure state of semi-death. But if the button sequence is performed correctly, no malware will be able to override it. And even imagining malware clever enough to anticipate and impersonate DFU mode starts to stretch credibility, says McDonald. “At that point” he says, “you're talking about a countermeasure to a countermeasure to a countermeasure.” Countermeasures against countermeasures are exactly the stock-in-trade of the world's best hackers. But even paranoia has its limits. At some point, it may best to give up the game and leave the phone at home—or in the nearest fridge.

Stingray

 

 

FOR MEDIA OR PR INDIVIDUAL
Media release sample can be utilized in part or in whole as appropriate for each Law Enforcement Agency (LEA). Statement on Cell Site Simulators (Date) Unclassified (U)/ For Official Usage Only (FOUO

Stingray Phone Trackers

9/1/14 Android security mystery - 'fake' cellphone towers found in U.S. Origin of towers 'unknown'. Possibly Stingray Phone Trackers? According to Popular Science, they may have a malicious purpose. Are fake towers used for wiretaps? It's a Stingray phone tracker. The Stingray is an IMSI-catcher with both passive (digital analyzer) and active (cell site simulator) capabilities. When operating in active mode, the device mimics a wireless carrier cell tower in order to force all nearby mobile phones and other cellular data devices to connect to it.

3/27/14 POLICE KEEP QUIET ABOUT CELL-TRACKING TECHNOLOGY

Stingray was loaned to the department from a private manufacturer who in turn required a nondisclosure agreement. "A nondisclosure agreement is typically a civil agreement between two or more parties over a commercial contract," Christopher Torres, a Tallahassee defense lawyer, told Watchdog.org. "They're saying because it's a cell phone they don't have to get a warrant, but it's basically a wiretap," Torres said. "You cannot say something is protected by a trade agreement and that somehow trumps the U.S. Constitution." According to Ars Technica, Stingrays are exclusively manufactured by the Harris Corp., a Melbourne-based telecommunications company. Earning $5 billion in annual revenue, Harris Corp. supplies electronic equipment to government, defense and commercial sectors.
A Stingray device tricks all cellphones in an area into electronically identifying themselves and transmitting data to police rather than the nearest phone company's tower. Because documents about Stingrays are regularly censored, it's not immediately clear what information the devices could capture, such as the contents of phone conversations and text messages, what they routinely do capture based on how they're configured or how often they might be used. Stingrays are one of several new technologies used by law enforcement to track people's locations, often without a search warrant. Stingrays are designed to locate a mobile phone even when it's not being used to make a call. The Federal Bureau of Investigation considers the devices to be so critical that it has a policy of deleting the data gathered in their use, mainly to keep suspects in the dark about their capabilities, an FBI official told The Wall Street Journal in response to inquiries. These techniques are driving a constitutional debate about whether the Fourth Amendment, which prohibits unreasonable searches and seizures, but which was written before the digital age, is keeping pace with the times. Police won't disclose details about contracts with the device's manufacturer, Florida based defense contractor Harris Corp., insisting they are protecting both police tactics and commercial secrets. Amber Jack

9/22/14 FBI gags state and local police on capabilities of cellphone spy gear. "Fake cellphone tower" because it tricks individual phones into routing their calls and other data through the surveillance equipment. The Takoma police were buying gear produced by Harris Corp., a Florida-based company that makes the StingRay and other IMSI catchers used by law enforcement agencies across the country. The Federal Communications Commission authorizes the sale of such surveillance equipment to state and local police departments on the condition that they first sign an FBI “non-disclosure agreement.

GSMK CryptoPhone secure your life.

5.24.14 Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones Kaspersky has tracked more than 350 command-and-control servers created for this purpose in more than 40 countries. While Kaspersky found only one or two servers in most of these countries, the researchers found 64 in the United States—by far the most. Kazakhstan followed with 49, Ecuador with 35 and the United Kingdom with 32. It's not known for certain whether law enforcement agencies in the U.S. use Hacking Team's tool or if these servers are used by other governments. But as Kaspersky notes, it makes little sense for governments to maintain their command servers in foreign countries where they run the risk of losing control over the servers. users manuel

2014 EPPB SOFTWARE or Elcomsoft Phone Password Breaker will download their victims' data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud, EPPB lets anyone impersonate a victim's iPhone and download its full backup rather than the more limited data accessible on iCloud.com.

Locating the command servers
One of the most important things we've uncovered during our long and extensive research is a specific feature than can be used to fingerprint the RCS command servers (C2s).

4/9/14 NSA's monitoring of Wi-Fi on US planes The Feds Cut a Deal With In-Flight Wi-Fi Providers, and Privacy Groups Are Worried. Larry Klayman filed the lawsuit, Judge Leon issued a preliminary ruling against the NSA but stayed it, and Klayman unsuccessfully tried to get the Supreme Court involved before the Court of Appeals has ruled. According to a letter Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users. “CALEA itself is a massive infringement on user's rights,” says Peter Eckersley of the Electronic Frontier Foundation. “Having ISP's [now] that say that CALEA isn't enough, we're going to be even more intrusive in what we collect on people is, honestly, scandalous.”

Thats why it is nice to have a removable battery and/or a package made from heavy duty aluminum foil. I've heard the Fort's own employee gift shop sells RF shielding bags. Such is required to even store the phone in their lobby. And unlike the techniques discussed in the WIRED article, no Apple update [or more important "really from NSA" update] can neuter the bag's functionality. [A fun study would look at the shielding provided by the bags and other defenses, such as metal cookie tins, ancient coffee cans that needed church keys, etc....] Do, however, turn the phone "off" and put it in the bag well before you reach your clandestine rendezvous, as I'm sure they track/log just where it went dark; and if 2 people's phones do so at the same time/place, there must be a conspiracy under way. Even better is to 'loan' it to a friend going the other way for the afternoon.

 

2014 Cell Phone Guide For US Protesters Protesters want to be able to communicate, to document the protests, and to share photos and video with the world. So they'll be carrying phones, and they'll face a complex set of considerations about the privacy of the data those phones hold. We hope this guide can help answer some questions about how to best protect that data, and what rights protesters have in the face of police demands.

2012 Quarter of Eastern cell towers BLOWN down BY SANDY - FCC

An Effective Network

 

How to Deregulate and Destroy the Bell Telephone Monopopoly
to help the citizens of the US benefit from competition in the marketplace. Stephen Colbert explains the whole AT&T thing.

NETWORK INTERCONNECTION INTEROPERABILITY FORUM (NIIF) Technical Interconnection Arrangements for 500-Like Non-Geographic Services ATIS/NIIF-0013 Formerly ICCF 96-0913-015 40 pgs.[doc]

How To Protect Your Privacy - How to
Destroy Your Data

Before you throw out your cell phone for your new one make sure you destroy your data, then you can recycle it.
I pulled the phone apart then punched holes into the chips. Then placed all parts in the recycle bin. Total Security and Privacy at last!

cell

 

Fourth Amendment to the United States Constitution

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause..."

The federal law protecting Internet and telephone users' privacy was written in 1986 which does not protect a citizens privacy from the abuse by Police, Government, and Business in 2010. We need clear privacy protections that reflect the always-on, location-enabled, Web 2.0 world of the 21st century.

2013 Researchers have found just using location information available at the cell towers is enough to identify you. In other words, you can't hide any more, especially if they want to find you. Turning off GPS does not stop cell phone tracking. If the phone is powered up, then its location is known. period. And remember, just because you "turned it off" does not always mean that it is turned off. If the radios in the phone are powered,
then it is likely "ping ponging" with the cell towers and they know where you are.

2013 Security researchers have warned that mobile phones could easily be made into surveillance devices that can track users, record audio and video of their surroundings, and eavesdrop on their communications. The program, created by researchers at network security firm Kindsight, essentially turns any Android phone into a compromised bot, allowing the attacker to eavesdrop on communications, track location, download personal information and take pictures without the victim's knowledge. Known as NotCompatible, the malware turns an Android phone into a compromised node on a botnet, allowing an attacker to gain insider access to a corporate network. In addition, the researchers will show how they developed the architecture of the eavesdropping software and ways that it can be easily added as a Trojan Horse to any mobile app. Distribution of NotCompatible depends on compromised websites that have a hidden iframe at the bottom of each page. If a user visits a compromised website from an Android device, their mobile web browser will automatically begin downloading the NotCompatible application, named 'Update.apk'. Like any drive-by downloads, a user needs to install the downloaded application before a device will be infected.

10/26/2012 Judge Protects Cellphone Data On 4th Amendment Grounds, Cites Government's Technological Ignorance
Magistrate Judge Smith points out that part of the issue is that the principals involved (the assistant US Attorney and a special agent) seemed to lack essential knowledge of the underlying technology, and that this lack of knowledge prevented them from recognizing the overreach of their request.
Various US government agencies have spent a lot of time and energy hoping to ensnare as much cell phone data as possible without having to deal with the "barriers" erected by the Fourth Amendment. The feds, along with Los Angeles law enforcement agencies, have bypassed the protections of the Fourth Amendment by deploying roving cell phone trackers that mimic mobile phone towers. The FISA Amendments Act has been used as a "blank check" for wholesale spying on Americans and has been abused often enough that the Director of National Intelligence was forced to admit these Fourth Amendment violations publicly.
The good news is that a few of these overreaches are receiving judicial pushback. Orin Kerr at the Volokh Conspiracy has a very brief writeup of a recent shutdown of another cellphone-related fishing expedition led by an assistant US Attorney. An attempt was made to acquire records for ALL cell phones utilizing four different towers in the area of a specific crime at the time of the event. As Kerr notes, this ruling refers to the Fifth Circuit court decision that found cell phone data to be protected under the Fourth Amendment, thus requiring a warrant to access it.
http://www.techdirt.com/blog/wireless/articles/20121024/18225920815/judge-protects-cellphone-data-4th-amendment-grounds-cites-governments-technological-ignorance.shtml


Cellphone companies simply have to sit back and hit “record. Sarah E. Williams, an expert on graphic information at Columbia University's architecture school. “We don't even know we are giving up that data.”

2012 In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information 2011 from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations. “I never expected it to be this massive,” said Representative Edward J.Markey, a Massachusetts Democrat who requested the reports from nine carriers, including AT&T, Sprint, T-Mobile and Verizon, in response to an article in April in The New York Times on law enforcement's expanded use of cell tracking. Mr. Markey, who is the co-chairman of the Bipartisan Congressional Privacy Caucus, made the carriers' responses available to The Times.

2012 Mobile Carriers Gladly Give Your Data to the Cops, But Not to You

Since 2011 thanks to the U.S. Supreme Court decision Millions of wireless subscribers probably don't realize that consumers can't file a class action suits against cartel Telco's.

ACLU Protect cell phone location data from government abuse 6/2010

When is a phone not just a phone? When a federal court declares it's a computer. But the man objected when federal prosecutors moved to make his sentence longer for use of a computer. Prosecutors argued his cellphone qualifies as a computer under the definition in federal law. U.S. District Judge Richard Dorr agreed, sentencing Kramer to 14 years in prison, a term that the judge said was more than two years longer than he otherwise would have imposed. Kramer appealed, arguing he only used his phone to make calls and send text messages, so it shouldn't be considered a computer. But a three-judge panel of the St.Louis-based 8th Circuit upheld the sentence, finding the federal definition of computer is broad enough to encompass cellphones

2012 Tools that can be used to turn on your microphone and turn your phone into a tracking device. FinFisher product called FinSpy Mobile -- illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples' digital devices.
http://www.bloomberg.com/news/2012-08-29/spyware-matching-finfisher-can-take-over-iphone-and-blackberry.html

WHAT CAN
THE COPS DO

  • #Gizmodo shows us how to #Jailbreak and Unlock iPhone 3.0 which became illegal to do 1/26/13 http://ow.ly/hbUYx
  • Cops can search cellphones w/o warrant. The decision by a federal appeals court means that police can search cell phones for evidence without first needing a warrant. Police don't need a warrant to search a cell phone for its number, a federal appeals court has ruled. The decision (PDF), issued by the U.S. Court of Appeal for the 7th Circuit, stems from an Indiana case in which prosecutors used evidence that police found on cell phones at the arrest scene to convict a suspect on drug charges.
  • Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show. http://www.nytimes.com/2012/04/01/us/police-tracking-of-cellphones-raises-privacy-fears.html?_r=1

your privacy


PRIVACY It's Tracking Your Every Move and You May Not Even Know
Cellphone companies do not typically divulge how much information they collect.

TRACKED With whom, when, how long and where - No longer innocent until proven guilty. Who you called and who called you. The data reveal who is a friend and who is family. The information shines light on clandestine connections as well as illicit love affairs. Every ten minutes, your phone checks in with your provider to see if there were new e-mails, a function that many smart-phone owners have activated. Since your phone is rarely turned off, your movements were tracked 78 percent of the time. Your data is retained for 6 months. You won't have any secrets. As long as a mobile telephone is turned on, the activities of its owner are being broadcast. And even if a phone isn't on all the time, there can still be enough information available to create an accurate profile. Comcast, Verizon, Telekom and the BKA, they've got all our data squirreled away.

Surveillance

 

Moxie Marlinspike: The Coder Who Encrypted Your Texts

Signal, the first iOS app designed to enable easy, strongly encrypted voice calls for free and encrypted text messaging
Apple download and Signal 2.0 lets you send end-to-end encrypted messages to users on different platforms for free, no matter which smartphone you own, and no login, no username, no PIN required. Signal 2.0 allows users to send end-to-end encrypted group, text, picture, and video messages between Signal on iPhone and TextSecure on Android.

Professor Blaze Goes To Washington 6/24/10
House Judiciary Committee Hearing on "ECPA Reform and the Revolution in Location-Based Technologies and Services". My testimony [pdf] will focus on the technical: how modern cell phones and wireless services calculate location, and how accurately they can track and record users' positions and movements. This is all in the context of surveillance: when the government gets a pen register order against a cell phone, for example, what information do (or should) they get about the target's location and movements compared with other kinds of tracking technology? Other witnesses will include (among others) a special agent (from the Tennessee Bureau of Investigation) who does electronic surveillance, and a federal magistrate judge who has to sort out the legal issues when the government requests tracking information about a suspect. The hearing promises to be an interesting glimpse into how location tracking actually works in criminal investigations. Witnesses Testimony - Matt Blaze - is there and 17-page statement from Houston U.S. Magistrate Judge Stephen Smith. His main point: the process for legally tracking users' phones for criminal investigations is much too secret. According to Smith, over 10,000 orders are filed for electronic surveillance every year at the federal level. Most of those are issued "under seal," meaning they're not available for public review. Smith complains that almost none of those secret tracking orders are ever made public, even long after the investigation ends.
Electronic Communications Privacy Act (ECPA) doesn't explain who can be surveilled. Judge Smith writes, the public has a right to know. "It may well be that a fully-informed public would not object to this tradeoff in personal privacy for the sake of more efficient law enforcement," he writes in his testimony. "The problem is, due to the ECPA's regime of secrecy, the public is not fully informed, and can only be dimly aware of the depth and breadth of surveillance carried out under current law."

Don't Trust That Cell Phone
Text Message

 

Text Msg Tool Simplifies iOS SMS-Spoofing 2012
A weakness he recently highlighted in the SMS feature of Apple's iOS that could allow an attacker to spoof the sender of a text message.
http://www.darkreading.com/mobile-security/167901113/security/vulnerabilities/240005872/don-t-trust-that-text-message-tool-simplifies-ios-sms-spoofing.html

"discreet"
SIM card

SIM Subscriber Identity Module Card
intended to keep satellite phone transmissions from being pinpointed within 250 miles (400 kilometers), if they can be detected at all. This type of SIM card is not available on the open market and is distributed only to governments, according to an official at a satellite telephone company familiar with the technology and a former U.S. intelligence official who has used such a chip. The officials, said the chips are provided most frequently to the Defense Department and the CIA, but also can be obtained by the State Department.

Unblock your Sim Card

Cell Phone
Blue Tooth

Just Snarf it Dude!

Use a pringles can to extend the range of your bluetooth and snarf away.

CALEA Communications Assistance for Law Enforcement Act.
CALEA, passed in 1994, gives the FBI the ability to easily tap landline and cell phone calls. As written, CALEA had originally included some exemptions for Internet-based systems, but the FBI convinced the Federal Communications Commission that they should not apply to VoIP traffic. As a result, VoIP operators in the US will need to make their systems wiretap friendly. Despite appearances, nothing we do on the Internet is truly anonymous.

  • ESBI Phone Bill Scam advice from security expert Marcus Ranum.
  • Cramming
    HOW PHONE COMPANIES STEAL MONEY

    phone bills virtually indecipherable. Help to make this stop Call
    AT&T 800-288-2747, Comcast 800-266-2278
    Qwest 800-491-0118, Verizon 800-837-4966

How To:

CHINA

China overtook the U.S. to become the world's largest market for smartphones in the first quarter, according to research firm Canalys, and it's a market dominated by Android. China's Ministry of Commerce said almost 74% of the country's mobile devices use Google's Linux-based operating system. In a written announcement China's Ministry of Commerce said it approved the acquisition on the “additional restrictive condition” that Google would continue to make Android, its mobile-device operating system, gratis and accessible to all device makers without discrimination. Keep Android free for another five years that's what Beijing required of Google before antitrust authorities were willing to give the go-ahead for the Internet search giant's $12.5 billion acquisition of Motorola Mobility.
http://ow.ly/b5XpW

Protect Kids

PROTECT KIDS - cell phone radiation causes Cancer

Social-Networking drives the next-generation cellphone market. What kids can do with their cell phones now.

  • children used Nexus One smartphones, and with the help of probes that zipped bluetooth signals to the phones, the children tested the air for carbon monoxide, particulate matter and noise pollution.
  • JuiceCaster 2.0 for phone-created Web content (enabling more kid-produced media on the Web).
  • Sprint Nextel Corp. introduced a new service called Family Locator that lets parents track their kids' whereabouts, using the GPS capabilities in each child's cellphone.
  • Wall Street Journal on parental controls for mobile phones 2007

Screenagers: Cut screen addiction for a week
Banning TV and computer use at her house for a week was the fact that her two sons, 8 and 10, are pretty outdoorsy and they aren't yet teenagers (aka social networkers). On Day 2, it's like having toddlers again (no time to one's self, etc.). Day 4 is the high point - when all the rewards are glimpsed. Day 6 sees a relapse, find tips that help.

MeetMoi cellphone service, Internet dating
http://online.wsj.com/article/SB118108651441725709.html
one can receive a potential dates profile (that of a person whos selected by MeetMoi for his/her physical proximity) via text message and set up an encounter minutes away. It allows you to update your nearby prospects as you move around. Zogos another such service, and the giant Web-based Match.com is adding this mobile capability to its service. Another example, Fast Flirting, allows users to sign into a virtual lobby where they can select a flirting partner based on factors such as age and location for $3 a month. Its new but theres a market, the Journal says - 3.6 million US cellphone users having accessed a dating service from their mobile phone in March. There are safety mechanisms in place on many services (e.g., MeetMoi shares profiles without revealing actual location users do that) but, if teens are using them, parents might want to ask if they've tried such services and are taking advantage of safety features.

WHY CAN'T YOU HEAR ME NOW?

Radio Opaque Walls and Windows

A well insulated house is insulated not only against energy loss but against cell phone coverage."High-E" coated window glass nearly impenetrable barrier to microwaves, Concrete Walls, , insulation consisting of styrofoam or bubble wrap coated with metal foil (which reflects radiant energy), are why your cell phone doesn't work. The FCC's "Over the Air Receiving Device" (or OTARD) rules state that if a tenant rents an entire building, he or she has the right to mount an antenna on it. A landlord, homeowner's association, etc. cannot say "no."

VOIP SECURITY

Vulnerability researchers Humberto Abdelnur, Radu State and Olivier Festor claimed the exploit could allow a remote attacker to turn a VoIP phone into an eavesdropping device, citing a Grandstream SIP phone as an example.

Session Initiation Protocol (SIP) devices can be vulnerable to eavesdropping. 2007
If you use SIP enabled VoIP services, beware. SIP is used by Voice over IP (VoIP) software and hardware to provide digital phone service directly over the Internet, thus bypassing the telcos' analog switched networks and related long-distance charges. Skype is a VoIP service that uses SIP, for one example, and many ISPs and third parties offer VoIP.

Listen to SIP Phones Even When They are on the Hook
Late last year it surfaced that the FBI has used cellphones as "roving bugs", listening to conversations even when the targeted cellphones were turned off. Now a post on the "full-disclosure" list has revealed that SIP devices can be similarly vulnerable to covert listening. The Australian IT security firm Snnet Beskerming has written a commentary about the implications. It writes: "The research that was published indicates that, for at least one vendor, it is possible to automatically call a SIP device from that vendor and have it silently accept the call, even if it is still on the hook - instantly turning it into a classic bugged phone. Whereas historic telephony bugs needed physical targeting of the line running to a property or place of business, the presence of VoIP in the equation allows bugging from anywhere in the world with equal ability. Now anyone can do from their armchair what only spies and law enforcement used to be able to do from inside the telephone switch / pit / distribution
board, though it's still illegal to do so."

WHY VOIP NEEDS CRYPTO Security impact of VoIP technology 2006

NOW YOU CAN GET THE CRYPTO YOU NEED

Voylent is a client for cellphones that encrypts voice conversations. The client has been tested only a few models, mainly Nokia S60 with Symbian OS. The full list of devices it runs on is included in the release notes & FAQ.

Can You Keep A Secret? Discussing Encryption in 1998

Federal Bureau of Investigation, are clashing with cyberlibertarians and powerful commercial interests over efforts to extend controls on so-called strong encryption to domestic uses.

RIM has agreed to provide authorities in Saudi Arabia with security codes that will enable them to read encrypted text messages on the BlackBerry Messenger service.

First Trojan Spy for Symbian Phones

March 29, 2006
Today we heard of a rather interesting new Symbian malware application named Flexispy.A. It's a Symbian trojan spy that records information about the victim's phone calls and SMS messages, then sends them to a remote server. What makes this interesting is that Flexispy. A is a trojan spy written by a company for commercial reasons. The company claims that it's a useful tool for catching a cheating spouse. By installing the application on the phone they can monitor to whom the victim is calling and what SMS messages he or she is sending. The company even claims that Flexispy is not a trojan. However, this application installs itself without any kind of indication as to what it is. And when it is installed on the phone it completely hides itself from the user. So the application could easily be used by malware installing it as part of its payload, or a hacker could simply send it to a victim over Bluetooth and trust that there are enough curious people to install it.
Not to mention the fact that spying on people's private communication is illegal in most countries around the world. And the fact that all of the information is stored on the FlexiSpy servers, puts the company in a rather interesting light.
So yes, FlexiSpy is indeed a trojan and we have added the detection to our F-Secure Mobile Anti-Virus so that any user who has a phone that has been infected with this trojan will get a warning that someone is spying on them.

Whistle-Blower Outs NSA Spy Room

AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center.On March 14, Zimmermann released a beta version of the widely anticipated Zfone. The software is currently available only for OS X (Tiger) and Linux, though a Windows version is due in April.
Zfone is designed to work with VoIP clients that use the industry standard SIP protocol, and has been tested with clients such as X- lite, Free World Dialup and Gizmo Project.

Researchers Crack Code In Cell Phones

by John Markoff Issue: Encryption
Description: A group of Univ. of California computer researchers announced Monday that they had successfully cracked the world's most widely used encryption code that is designed to prevent the cloning of digital cellular phones. The researchers believe that the system, known as Group Speciale Mobile standard, or GSM, was deliberately weakened to permit government surveillance. GSM is used in about 80 million cellular phones around the world and in about 2 million phones in the U.S. The researchers broke the code by "using a computer to determine a secret identity number stored in the Subscriber Identity Module, or SIM, a credit cardlike device inside the phone." But what was even more interesting than the security threat, was that "the cracking code yielded a tantalizing hint that a digital key used by GSM may have been intentionally weakened during the design process to permit government agencies to eavesdrop on cellular telephone conversations." Both the researchers and officials from cellular phone companies said yesterday that the threat of cloning was "extremely remote" in comparison to the vulnerability of analog cellular phones. also see [source]

Record encryption puzzle cracked -- finally ZDNet
The broken encryption method is widely expected to secure next-generation wireless devices. But is the break such bad news?
By Robert Lemos, ZDNet News UPDATED April 14, 2000 7:06 AM PT
http://www.zdnet.com/zdnn/stories/News/0,4586,2542359,00.html
An encryption method widely expected to secure next-generation wireless phones and other devices succumbed to a brute-force collaborative effort to break it, a French research agency announced Thursday.
An international team of researchers -- led by crypto researcher Robert Harley of the French National Institute for Research in Computer Science and Control, or INRIA -- and other computer enthusiasts found the 108-bit key to a scrambled message after four months of number crunching by 9,500 computers worldwide.
<snip>

Easy Listening (for Big Brother) Brett Glass Jun 12 2000http://www.mercurycenter.com/premium/opinion/edit/CELLPHONES.htm
EASY LISTENING: Government must rewrite cell phone eavesdropping rules to provide judicial oversight and incorporate privacy concerns.
SIX years ago, Congress approved a bill to help law enforcement keep pace with the digital world. The purpose was straightforward: Make sure that the FBI and police hold onto the same kind of wiretapping capabilities they had before cellular phones complicated electronic surveillance.
Skip ahead to this month.
Within weeks, the government will have new powers to eavesdrop on you that go beyond maintaining the status quo. That's when the first set of defective rules crafted by the Federal Communications Commission is scheduled to be implemented. Others take effect next year.
The rules need to be revised. If not, law enforcement agencies will be able to follow and monitor cellular phone users in ways that Congress never envisioned. Here's one example: Investigators will be able to track the physical locations of cellular phone users, pinpointing your whereabouts at the beginning and end of every call. In essence, wireless phone systems will be transformed into giant tracking networks....

Pre Paid Mobile Phone

2006 Apparently China is planning on requiring mobile phone users to register with the operators and show their identity papers. The above article says it is "the latest move in the nation's fight against unsolicited advertisements, fake educational certificates and bank fraud via short messages." I'm sure here in the U.S. we can come up with a homeland security justification for needing to show papers before buying a prepaid mobile phone. Can prepaid calling cards be next? APPLE Iphone and Ipad made in China

Pre-paid mobile phones
Tell them you don't want to give an address they will fill in the address of the store. The salesperson wants to make a sale, after all, not enforce pointless rules. Pointless because there is an anonymous aftermarket in prepaid phones and SIM cards. Buying a prepaid SIM card or even prepaid phone when you visit a country for more than a few days is a wise choice, considering both roaming charges and the cost of people to phone you at a foreign number. We are now starting to see kiosks to sell SIMs in the arrivals hall of some airports. However, it is reported that quite commonly hostels operate a cheap and anonymous used market in prepaid phones and cards, where people buy the cheap phone (perhaps $10 or so, more if there's airtime in it) and sell it back for a similar price. It makes sense for the cost conscious hostel guest. As long as these markets exist, "bad guys" will be able to get anonymous phones, and all this other tracking is a waste of time and invasion of privacy. And even if they should ban these markets, I doubt they would eliminate them, any more than they eliminate other black and gray markets in products people want.

HOW GOVERNMENT SPYS ON YOU

Since the 1986 Electronic Communications Privacy Act:
Police / Government Warrantless tracking of cell phones

-- Police may obtain "communications that are not readily accessible to the public only with a search warrant."
-- Police may access "location information regarding a mobile communications device only with a warrant."
-- Police may access to outgoing and incoming call records, which are known as pen registers and trap and trace devices.
-- Police can ask AT&T or any other Telco for information about anyone connecting to one cell site at a certain time, ask for anyone searching for "weaponized anthrax" on a specified date.

Okay, so, we have all known cell phones are "dangerous" ~ Gadi Evron
Stepping out of the cellular protocols security and vendor-side systems, and forgetting for a second about interception of transmissions through the air, Trojan horses/worms that may install themselves on the cell phone and even bluetooth risks, there is the long talked of risk of "operating" a regular un-tampered cell phone from a far and the risk of modified devices.
Sorry for stating the obvious, but cell phones are transmitters.
For years now paranoid people and organizations claim that eavesdropping through a cell phone is a very valid risk. Much like somebody pressing "send" by mistake during a sensitive meeting is a very valid yet different risk.
Some of the stricter organizations ask you to do anything from (top to bottom) storing the cell phone in a safe, through shutting it off or removing the battery, and all the way to *only* "don't have that around here while we are in a meeting". Then again.. *most* haven't even heard of this risk.
Forgetting even this risk, many of us even ignore the obvious. I usually ask people who talk to me while I'm on the phone "even if the NSA (for example) is not interested in what I have to say or not capable of intercepting it and even that I don't care if they heard my conversations... Should the person I talk to hear our conversation?"
Lately there seems to be some more awareness about the "dangers" of cell phones. Knowing which risk is more of a threat than the other is another issue.
It seems to me that other than in the protocols, where there has been a serious learning curve (and GPRS seems very promising), cellular companies keep doing the same mistakes, and we can see the security problems of the PC world reappearing in cell phones, much like those of the main frames re-appeared in PC's (to a level).
History repeated. Heck, I can't even disable Java or the web browser in most cellular computers (we really should refer to them as computers now).
Here are some URL's on the subject:
Here is a product for sale, a cellular phone BUILT for eavesdropping:
http://wirelessimports.com/ProductDetail.asp?ProductID=347
Also, check out the IEEE Pervasive article that mentions this problem area, although discusses more the issue of malware:
http://csdl.computer.org/comp/mags/pc/2004/04/b4011abs.htm
Or Google for "symbian +virus", for example.

Cell phones won't keep your secrets August 30, 2006
http://www.cnn.com/2006/TECH/ptech/08/30/betrayed.byacellphone.ap/index.html The married man's girlfriend sent a text message to his cell phone: His wife was getting suspicious. Perhaps they should cool it for a few days. "So," she wrote, "I'll talk to u next week." "You want a break from me? Then fine," he wrote back.
Later, the married man bought a new phone. He sold his old one on eBay, at Internet auction, for $290. The guys who bought it now know his secret. The married man had followed the directions in his phone's manual to erase all his information, including lurid exchanges with his lover. But it wasn't enough.
Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All sorts of sensitive information pile up inside our cell phones, and deleting it may be more difficult than you think.
A popular practice among sellers, resetting the phone, often means sensitive information appears to have been erased. But it can be resurrected using specialized yet inexpensive software found on the Internet. A company, Trust Digital of McLean, Virginia, bought 10 different phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems. Curious software experts at Trust Digital resurrected information on nearly all the used phones, including the racy exchanges between guarded lovers.
The other phones contained:
* One company's plans to win a multimillion-dollar federal transportation contract.
* E-mails about another firm's $50,000 payment for a software license.
* Bank accounts and passwords.
* Details of prescriptions and receipts for one worker's utility
payments.
The recovered information was equal to 27,000 pages -- a stack of printouts 8 feet high. "We found just a mountain of personal and corporate data," said Nick Magliato, Trust Digital's chief executive. Many of the phones were owned personally by the sellers but crammed with sensitive corporate information, underscoring the blurring of work and home. "They don't come with a warning label that says, 'Be careful.' The data on these phones is very important," Magliato said.
One phone surrendered the secrets of a chief executive at a small technology company in Silicon Valley. It included details of a pending deal with Adobe Systems Inc., and e-mail proposals from a potential Japanese partner: "If we want to be exclusive distributor in Japan, what kind of business terms you want?" asked the executive in Japan. Trust Digital surmised that the U.S. chief executive gave his old phone to a former roommate, who used it briefly then sold it for $400 on eBay. Researchers found e-mails covering different periods for bothmen, who used the same address until recently. Experts said giving away an old phone is commonplace. Consumers upgrade their cell phones on average about every 18 months. "Most people toss their phones after they're done; a lot of them give their old phones to family members or friends," said Miro Kazakoff, a researcher at Compete Inc. of Boston who follows mobile phone sales and trends. He said selling a used phone -- which sometimes can fetch hundreds of dollars -- is increasingly popular.
The 10 phones Trust Digital studied represented popular models from leading manufacturers. All the phones stored information on "flash" memory chips, the same technology found in digital cameras and some music players.
Flash memory is inexpensive and durable. But it is slow to erase information in ways that make it impossible to recover. So manufacturers compensate with methods that erase data less completely but don't make a phone seem sluggish.
Phone manufacturers usually provide instructions for safely deleting a customer's information, but it's not always convenient or easy to find. Research in Motion Ltd. has built into newer Blackberry phones an easy-to-use wipe program. Palm Inc., which makes the popular Treo phones, puts directions deep
within its Web site for what it calls a "zero out reset." It involves holding down three buttons simultaneously while pressing a fourth tiny button on the back of the phone. But it's so awkward to do that even Palm says it may take two people. A Palm executive, Joe Fabris, said the company made the process deliberately clumsy because it doesn't want customers accidentally erasing their information.
Trust Digital resurrected erased e-mails and other information from a used Treo phone provided by The Associated Press for a demonstration after it was reset and appeared empty. Once the phone was reset using Palm's awkward "zero-out" technique, no information could be recovered. The AP already used that technique to protect data on its reporters' phones.
"The tools are out there" for hackers and thieves to rummage through deleted data on used phones, Trust Digital's chief technology officer,Norm Laudermilch, said. "It definitely does not take a Ph.D." Fabris, Palm's director of wireless solutions, said the company may warn customers in an upcoming newsletter about the risks of sellingtheir used phones after AP's inquiries. "It might behoove us to raise this issue," Fabris said. Dean Olmstead of Fresno, California, sold his Treo phone on eBay after using it six months. He didn't know about Palm's instructions to safely delete all his personal information. Now, he's worried. "I probably should have done that," Olmstead said. "Folks need to know this. I'm hoping my phone goes to a nice person." Guy Martin of Albuquerque, New Mexico, wasn't as concerned someone will snoop on his secrets. He also sold his Treo phone on eBay and didn't delete his information completely. "I'm not that kind of valuable person, so I'm not really worried," said Martin, who runs the www.imusteat.com Web site. "I guarantee that three-quarters of the people who buy these phones don't think about this."
Trust Digital found no evidence thieves or corporate spies are routinely buying used phones to mine them for secrets, Magliato said. "I don't think the bad guys have figured this out yet." President Bush's former cybersecurity adviser, Howard Schmidt, carried up to four phones and e-mail devices -- and said he was always careful with them. To sanitize his older Blackberry devices, Schmidt would deliberately type his password incorrectly 11 times, which caused data on them to self-destruct. "People are just not aware how much they're exposing themselves," Schmidt said. "This is more than something you pick up and talk on. This is your identity. There are people really looking to exploit this." Executives at Trust Digital agreed to review with AP the information extracted from the used phones on the condition AP would not identify the sellers or their employers. They also showed AP receipts from the Internet auctions in which they bought the 10 phones over the summer for prices between $192 and $400 each. Trust Digital said it intends to return all the phones to their original owners, and said it kept the recovered personal information on a single computer under lock and disconnected from its corporate network at its headquarters in northern Virginia. Peiter "Mudge" Zatko, a respected computer security expert, said phone owners should decide whether to auction their used equipment for a few hundred dollars -- and risk revealing their secrets -- or effectively toss their old phones under a large truck to dispose of them. What about a case like the Lothario whose affair Trust Digital discovered? "I'd run over the phone," Zatko said. "Maybe give it an acid bath."

Tracking anonymous peer-to-peer VoIP traffic over the Internet is possible (PDF). In fact, it can be done even if the parties have taken some steps to disguise the traffic.

From Cell phones to VoIP and law enforcement

IN A DISASTER
YOU CAN'T
TRUST CELL PHONES

Spectrum Warfare

The means by which a military seizes and controls the electromagnetic radiation that makes all wireless communication possible. It is well known that America's military dominates both the air and the sea. What's less celebrated is that the US has also dominated the spectrum, a feat that is just as critical to the success of operations. Communications, navigation, battlefield logistics, precision munitions—all of these depend on complete and unfettered access to the spectrum, territory that must be vigilantly defended from enemy combatants. Having command of electromagnetic waves allows US forces to operate drones from a hemisphere away, guide cruise missiles inland from the sea, and alert patrols to danger on the road ahead. Just as important, blocking enemies from using the spectrum is critical to hindering their ability to cause mayhem, from detonating roadside bombs to organizing ambushes. As tablet computers and semiautonomous robots proliferate on battlefields in the years to come, spectrum dominance will only become more critical. Without clear and reliable access to the electromagnetic realm, many of America's most effective weapons simply won't work. “Now anybody can go to a store and buy equipment for $10,000 that can mimic our capability,” says Robert Elder, a retired Air Force lieutenant general who today is a research professor at George Mason University. Communications jammers are abundant on global markets or can be assembled from scratch using power amplifiers and other off-the-shelf components. And GPS spoofers, with the potential to disrupt everything from navigation to drones, are simple to construct for anyone with a modicum of engineering expertise.

 

A SATELLITE PHONE

Satellite phone encryption cracked
German academics said they had cracked two encryption systems used to protect satellite phone signals and that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent. Hundreds of thousands of satellite phone users are thought to be affected. "We were able to completely reverse engineer the encryption algorithms employed," said Benedikt Driessen and Ralf Hund of Ruhr University Bochum as they announced their report, "Don't Trust Satellite Phones".

The main problem is no communication connectivity and telecommunications will breakdown
Satellite phones work in emergencies, transmit calls through networks of low-earth-orbiting satellites technically capable of transmitting calls anywhere on earth, BUT they have the drawback of not working inside buildings and being much heavier and more expensive than cell phones. Trusting cell phones to work in many emergency situations can be dangerous or fatal.
Two firms -- Iridium and Globalstar -- dominate the satellite-phone market. Cell phones become useless from call traffic overloading, power cutoffs, microcell batteries running down within a couple of days, power failures can turn regional cellular networks into largely useless hardware in short order. Organizations should not depend on inexpensive cell phones rather than the expensive dedicated radio equipment. Newer satellite phones commonly sell for $1,000 to $1,500 dollars. Monthly calling plans aren't cheap either. Iridium subscribers typically pay between $1 and $1.50 a minute for air time.

Why cell phone outage reports are secret
Consumers have no idea how reliable their cell phone service will be when they buy a phone and sign a long-term contract. The Federal Communications Commission could offer some guidance, but it won't. The agency refuses to make public a detailed database of cell phone provider outages that it has maintained since 2004. A federal Freedom of Information Act request for the data, filed in August by MSNBC.com, has been rejected by the agency. The stated reasons: Release of the information could help terrorists plan attacks against the United States, and it would harm the companies involved. [The refusal to release the records "on the grounds it might harm the companies involved" is especially egregious and blatant. The feds are not supposed to be protecting the telcos against their customers' legitimate grievances.]

Mark Woods secretary of the international cellular emergency alert services association (CEASa)

LOCKED UNLOCK CELL PHONES

Step by Step guide to jailbreak and unlock IPone 3.0

How do you get out of your current contract?
Sites help free cellphone users from contracts 1/1/07
Internet cottage industry of companies that help liberate people from their contracts. The websites, Celltradeusa.com , Resellular.com , and CellSwapper.com, provide online marketplaces where customers trying to get out of their contracts can connect with people willing to take over the remainder of their contracts, for a fraction of the typical $175 termination penalty. Customers post an online advertisement with the details of their contract, and any benefits they're willing to throw in -- such as a free Blackberry, a Bluetooth headset, or money toward the contract. The services charge $19.99 at Celltradeusa.com and $14.99 at Resellular.com to people trying seeking to get out of their contracts. CellSwapper.com is still a beta version. Once a person who wants to get out of a contract is matched with a person who wants to get in, the transfer must be made through the wireless provider. That type of transfer is already available to customers who call their providers and have a relative or friend willing to go through a credit check and legally take over the rest of the contract. But these Internet services allow people to look beyond their immediate friends and connect with a nationwide network of people.

Cell Phone Speed Test - verify Edge Speed

LIFELINE

Lifeline program in 1985, during the Reagan administration. In 2005, under President George W. Bush, the FCC expanded the program to cover low-cost cellular service. The program pays for phone service, not the phones themselves. But many companies that receive funding through the program offer free and low-cost phones to their subscribers. The discounts average $9.25 per month for qualifying households, and the program is funded through fees that the telephone companies pass on to consumers on their monthly bills.
The point of the program is to ensure that everyone has access to basic communications services, especially during emergencies. For more than 25 years, the Lifeline program has played a vital role in ensuring that the neediest among us stay connected to our communications networks," FCC Chairman Julius Genachowski said in a statement earlier this year 2012. But even the FCC acknowledges that the costs of the program have ballooned in recent years. By 2011, Lifeline was costing phone subscribers $1.75 billion per year. Genachowski said the program "created perverse incentives for some carriers" and "invited fraud and abuse." Rep. Tim Griffin (R-Ark.) has attacked Lifeline as a "government-run, taxpayer-funded program that's running wild and costing more and more." He authored a bill that would ban Lifeline from supporting cellphone service. In January, the FCC overhauled the program in an attempt to bring down its cost.
The commission toughened eligibility standards and created a database to ensure that multiple companies were not receiving subsidies to provide service to the same customer. The reforms are on track to bring down the cost of the program by $200 million this year and $2 billion over three years, according to the FCC.

Collection of secret codes for your mobile with Android OS (Can be Called as Android Tricks). These codes enables you to access the hidden options which are not shown by default on your device, and can be used for testing the functions of various utilities used by your mobile.

DISCLAIMER: USE AT YOUR OWN RISK
Note: We Cannot guaranty that these codes will work on all Android mobiles!
These codes are used only by technicians, So be careful with them and use it at your own risk.

Hidden Android Codes

*#06# - Display's IMEI number.

*2767*3855# - This code will Format your device to factory state (will delete everything on phone).

*#*#4636#*#* - Display's Phone information, usage statistics and battery.

*#*#273282*255*663282*#*#* - This code will Immediately backup of all media files.

*#*#197328640#*#* - This code will Enable test mode for service.

*#*#1111#*#* - Will display FTA software version.

*#*#1234#*#* - Will show PDA and firmware version.

*#*#232339#*#* - Wireless LAN tests.

*#*#0842#*#* - This code is used for Backlight/vibration test.

*#12580*369# - Display's Software and hardware info.

*#*#2664#*#* - This code is used for Testing the touchscreen.

*#9900# - System dump mode.

*#9090# - Diagnostic configuration.

*#*#34971539#*#* - Will display Detailed camera information.

*#872564# - USB logging control.

*#301279# - HSDPA/HSUPA Control Menu.

*#7465625# - This code will display phone's lock status.

*#0*# - Enter the service menu on newer phones like Galaxy S III.

*#*#7780#*#* - Reset the /data partition to factory state.

Basic Codes:

*#*#7780#*#* - This code is used for factory restore setting.This will remove Google account setting and System and application data and settings.

*2767*3855# - This code is used for factory format, and will remove all files and settings including the internal memory storage. It will also re install the firmware.

*#*#4636#*#* - This code show information about your phone and battery.

*#*#273283*255*663282*#*#* - Quick Backup This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

*#*#197328640#*#* - This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

*#*#7594#*#* - This code enable your "End call / Power" button into direct power off button without asking for selecting any option(silent mode, aero plane and power-off).

*#*#8255#*#* - This code can be used to launch Google Talk Service Monitor.

*#*#34971539#*#* - This code is used to get camera information. Please avoid update camera firmware option.

W-LAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - W-LAN test (Use “Menu” button to start various tests).

*#*#232338#*#* - Shows WiFi MAC address.

*#*#1472365#*#* - GPS test.

*#*#1575#*#* - Another GPS test.

*#*#232331#*#* - Bluetooth test.

*#*#232337#*# - Shows Bluetooth device address.

Codes to launch various Factory Tests:

*#*#0842#*#* - Device test (Vibration test and BackLight test).

*#*#0588#*#* - Proximity sensor test.

*#*#0*#*#* - LCD test.

*#*#2664#*#* - Touch screen test.

*#*#2663#*#* - Touch screen version.

*#*#0283#*#* - Packet Loopback.

*#*#0673#*#* OR *#*#0289#*#* - Melody test.

*#*#3264#*#* - RAM version.

Code for firmware version information:

*#*#1111#*#* - FTA SW Version.

*#*#2222#*#* - FTA HW Version.

*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number.

*#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate.

*#*#1234#*#* - PDA and Phone.