phone extraction device

Alex Samorukov ml at os2.kiev.ua
Sun Oct 2 19:32:22 CEST 2011


On 10/02/2011 06:55 PM, Denis 'GNUtoo' Carikli wrote:
> On Sun, 2011-10-02 at 04:12 +0200, Rashid wrote:
>> "You may have heard about the Cellebrite cell phone extraction device
>> (UFED) in the news lately. It gives law enforcement officials the
>> ability to access all the information on your cell phone within a few
>> short minutes."
>>
>> http://translogic.aolautos.com/2011/04/29/police-device-used-to-steal-your-cell-phone-data-during-traffic/
>>
>> Does it work at free runners too? (Well a debug board could probably do
>> it but hey).
> I guess no one got one to test...
>
> PS: I wonder what's the relation between rooting a phone and that
> device(does the device need to root the phone to gather certain
> informations?).
>
As one of the ex. libsyncml developer i can add some details. There is 
no "magic" here. When you are connected by cable to the typical phone, 
you can:

1) Use syncml to fetch all contacts/notes/calendar events. There is no 
authentication if you are using USB or Serial device.
2) OBEX protocol over USB or Serial usually also allows you to fetch a 
lot of information from phone. Including phone book contents, SMS and 
phone history.
3) AT modem on the most cheap phones (again - no password over serial 
link) also adds a lot of "extended" features, e.g. you can work with 
SMS, tel. history, make phone calls, send sms`s (it is very useful for 
monitoring software or gateways) etc. I was using this on 
Siemens/Nokia/Motorolla/Sony-Ericson and other devices. I am not 
familiar with protocol on modern iphones/androids, but i am expecting 
that they are not protected on usb connection as well.

So in practice its very easy to build such devices (with Linux on board, 
hehe) and you don`t need to work in CIA for this, its could be done as 
homebrew hardware. There is no known way to disable this functionality 
in most of the phones. Locked/unlocked phone will work the same on such 
interfaces.

Now back to OpenMoko. It depends on distro you are using (i am qtmoko 
user) but typically there is nothing but ssh running on USB (USB over 
Ethernet). If you setting up root password - then you are safe. There is 
no way to extract any data without restarting the phone (or by using 
debug board, what is also not possible w/o removing cover). If you are 
very paranoiac about this - you can store all data in encrypted way 
(using standard Linux tools for this) and disable all storage on the SIM 
card.

The only problem i see in this method is that  Police can get all this 
information without touching your device, by requesting this information 
from your network/roaming provider.




More information about the community mailing list