Tuesday, March 5, 2013

What Your Smart Phone Says About You


Today's is a guest blog by an anonymous friend:

          Smart phones are now pretty much electronic oxygen; everybody needs one every day. For more and more people, their whole lives are wrapped up in their Smart Phone – contacts, calendar, messages, web surfing.  It’s a device that also goes with you everywhere.
          Did you ever wonder what, exactly, your phone can tell about you? Most people don’t pay any attention to the little snitch that runs around in your pocket.  Perhaps it’s time you do.  A recent document release discloses exactly how much information your friendly phone accumulates.
          Some background is needed to put things in context. If you are stopped by the police, there is a chance that you and the contents of your pockets will be examined.  If you are actually arrested, you will be exposed to a “search incident to arrest” and you and the contents of your pockets are fair game. That includes your Smart phone.  Under current case law, your phone can be searched for evidence of whatever crime you committed, especially if the police obtain a warrant. Your phone will squeal if a warrant is obtained.
          So what do the police find on your phone?  A recently unsealed search warrant from Michigan reveals all:
·        Everything you could possibly want to know about the technical features of the phone, software and apps that the phone runs.
·        The carrier, account information and account names connected to the phone.
·        Your complete call log – incoming, outgoing and missed.
·        Your complete text message history.
·        Your complete chat history.
·        Your contacts lists.
·        All data stored on your phone – documents, photos, etc.
·        Your browser history.
·        Your browser bookmarks.
          Alarmed?  It gets better.  Your little snitch also discloses the cell towers and Wi-Fi networks it has been using to keep in touch with the larger world, neatly arranged by time and date.  In the seized phone, there were 659 such contacts, including 227 cell towers, 28 Wi-Fi hotspots connected to and 403 Wi-Fi hotspots contacted. In addition, there was a “media site” which was identified, probably Netflix or something similar.
          So what does all that mean?  It means with a little time and effort, by extrapolating cell tower locations and Wi-Fi locations and placing those locations on a map, your movements can be tracked without any outside assistance. Now granted, cell towers and Wi-Fi networks broadcast over a grid the size of a few city blocks, but still, your phone knows you were in the area.
          So maybe, if you really want to be sneaky, you should leave the little snitch at home.

9 comments:

  1. There is also a TED talk available online from a fellow in Germany who sued to get his records from his cell phone company and found that they had retrieved - and saved - his location via the GPS on his smart phone someting like 10,000 times a month. Scary doesn't begin to describe it.

    ReplyDelete
  2. In Oklahoma they don't even need a warrant to seize and download everything in a cell phone. In 2011, my son had enough cash to buy a used car when he was stopped on the freeway in Oklahoma by Oklahoma State Police. Probable cause: two cars in a row had young white males and Arkansas tags (although there was no connection). The cops detained my son and his friend for four hours on the side of the road. They nearly dismantled their car and found no drugs or anything associated with drugs. Nevertheless, they took my son's cash and his cell phone and that of his friend (gave him a receipt). Neither had any prior arrest record. Then the cops told them they were free to go. If my brother-in-law hadn't had a personal friend in the Oklahoma governor's office, we'd have never seen the money or phones again. As it was, after a bunch of frantic phone calls, my son was able to go to an office in Oklahoma City and reclaim his money. He was forced to sign a hold-harmless agreement. The cops there told him the contents of both phones were being entered into the drug force's database along with the serial numbers on the money. Worse, it was apparent this was standard operating procedure for them.

    ReplyDelete
  3. The free market has a solution for everything. I see an entrepreneurial opportunity for someone to create a 3rd party locking device, perhaps with a fingerprint scanner in the pistol safes (for convenience in rapid opening) into which the smart phone can be quickly deposited or placed should one be stopped by police. It would take a warrant or torches and sledge hammers to get it opened. Or, a smaller entrepreneur could start selling smart phones that don't have the police back door built in, that would really offer features to permit the owner to protect his privacy, such as features to defeat such location tracking (disabling the GPS, e.g.). It may not be possible to stop the logging of which towers are used, though.

    ReplyDelete
  4. I'm trying to buy a unit and if I get one, I'll send you private details on how good it is - I'll tell you to even get a download - they are pretty careful. I gave them all the info they needed to get a sample or even a solid price quote and it's been 3 days so far - nada - and without bragging, I have about as good of a background to legitimately own one of these as any non-law enforcement person can have - they aren't loose with them, that's for sure.

    ReplyDelete
  5. Today, police can easily articulate seizure of just about any electronic storage device, cellular telephone, or computer for almost any type of investigation. Usually this does require a warrant, however, warrants, required or not, are very easily obtained. Never give police/anyone permission to look at your phone, search your phone, and never turn it over to them with consent. If they seize the phone anyway, it is on the police to articulate why they took the phone without your consent whenever the case goes to court. If you are a suspect in virtually any crime, not just narcotics, the police will seize or attempt to seize your phone for forensic examination. During examination, police also have the ability to recover some deleted material which may or may not still remain in the phone's memory or memory card after deletion. There are a few applications you can get to remotely wipe a phone or lock it. Don't rely too much on these applications as your phone will need a signal for the applications to work. Police can put cellular phones in specially designed bags, boxes, or even metal cans to block cellular signals. Bottom line, be aware police will come for your phone, memory devices, and computers if you are being looked at as being involved in a crime. They will almost certainly attempt to take your phone. Assume they will recover all the data on the phone to include private photos of your wife, girlfriend, or both. Also, keep in mind, your phone may not be safe from police prying eyes even if you are a victim or witness of a crime, depending on the nature of the crime or incident in question, these phones may be up for grabs too.

    Good luck,

    Jay

    ReplyDelete
  6. Bill, what sort of unit are you trying to buy? a smartphone without a police back-door built in? Or a mobile safe type device? And what did you find out?

    Bubba

    ReplyDelete
  7. Bubba - I was (and am still) trying to get the actual UFED Tool - With each Smartphone platform, the very features that make them useful become double edged swords in the wrong hands - but it's much worse than just that. The govt exterts a great deal of influence (the same way Tony Soprano 'influenced' people to do what he wanted) over each of the Vendors to provide pretty egregious back doors on the devices. The UFED scanner lets you breach all of the standard security features in the phones - bypass password protection and access to pretty much everything on it and much of what it does seems to be beyond the bounds of what the respective API's allow. I can't say for sure at the moment what all is exposed other than what is known by virtue of the unsealed case info - but I can tell you this - if you're not a law enforcement agency - UFED really seems to ignore you and has not followed up on any of my multiple requests to simply purchase one of their devices. Unless their tools do things that you can't otherwise do with the public API, it's very hard to understand why they're so reluctant to sell the things - there's nothing on their site that says "Only available to Law Enforcement" or anything along those lines - but the only time I got them to respond - they wanted to know if I was employed with a LE Agency - after I said No but provided all the other verification they needed (including proof I was trying to purchase one for completely legal and legitimate uses), they have completely stopped talking to me. I don't want to make paranoid sounding claims about it but the unsealed case info shows some pretty scary stuff - the fact they are so secretive and seemingly refusing to sell the things to civilian customers doesn't really do much to dispel the suspicion that it exploits some pretty worrisome back doors. I've been trying to get one for several weeks now - I've made multiple email inquiries and several phone calls - only one initial email got a response and everything afterward was ignored. There are 3 other people that I know of who've tried to purchase or obtain one of their devices and everyone else ran into the same walls I did. It's possible they just have horrible, horrible customer service but it's hard to imagine a company with products this sophisticated could stay in business is they were just this incompetent. I strongly think they don't want these things in the hands of non-Law Enforcement people. here's the link to their site (Mr Luna - hopefully this is ok for me to post? I have no affiliation to the company and am only linking to it b/c your post references it and Bubba asked - so figured others might be interested in it http://www.cellebrite.com - if you aren't comfortable with it - i'll gladly delete the comment or update it). If anyone else can get them to respond - more power to you -so far though, everyone I know that's tried has hit a wall

    ReplyDelete
  8. Bubba - I was (and am still) trying to get the actual UFED Tool - With each Smartphone platform, the very features that make them useful become double edged swords in the wrong hands - but it's much worse than just that. The govt exterts a great deal of influence (the same way Tony Soprano 'influenced' people to do what he wanted) over each of the Vendors to provide pretty egregious back doors on the devices. The UFED scanner lets you breach all of the standard security features in the phones - bypass password protection and access to pretty much everything on it and much of what it does seems to be beyond the bounds of what the respective API's allow. I can't say for sure at the moment what all is exposed other than what is known by virtue of the unsealed case info - but I can tell you this - if you're not a law enforcement agency - UFED really seems to ignore you and has not followed up on any of my multiple requests to simply purchase one of their devices. Unless their tools do things that you can't otherwise do with the public API, it's very hard to understand why they're so reluctant to sell the things - there's nothing on their site that says "Only available to Law Enforcement" or anything along those lines - but the only time I got them to respond - they wanted to know if I was employed with a LE Agency - after I said No but provided all the other verification they needed (including proof I was trying to purchase one for completely legal and legitimate uses), they have completely stopped talking to me. I don't want to make paranoid sounding claims about it but the unsealed case info shows some pretty scary stuff - the fact they are so secretive and seemingly refusing to sell the things to civilian customers doesn't really do much to dispel the suspicion that it exploits some pretty worrisome back doors. I've been trying to get one for several weeks now - I've made multiple email inquiries and several phone calls - only one initial email got a response and everything afterward was ignored. There are 3 other people that I know of who've tried to purchase or obtain one of their devices and everyone else ran into the same walls I did. It's possible they just have horrible, horrible customer service but it's hard to imagine a company with products this sophisticated could stay in business is they were just this incompetent. I strongly think they don't want these things in the hands of non-Law Enforcement people. here's the link to their site (Mr Luna - hopefully this is ok for me to post? I have no affiliation to the company and am only linking to it b/c your post references it and Bubba asked - so figured others might be interested in it http://www.cellebrite.com - if you aren't comfortable with it - i'll gladly delete the comment or update it). If anyone else can get them to respond - more power to you -so far though, everyone I know that's tried has hit a wall

    ReplyDelete
  9. Bubba - w/ respect to your comment on market oriented solutions... I agree that market oriented solutions are always desirable to compelled ones, but market oriented solutions only work where true markets can exist. The cell phone market here in the US and most of the world is very far from a free market. Today, it's pretty much impossible to operate unimpeded by govt inteference - the cell spectrums all require licenses and the govt operates very coercively in it. Take a hard line position and you'll lose patent protection, face delays or refusals to grant spectrum space or licenses and so much more. If that doesn't work, they can just charge you with facilitating any host of horrible crimes (terrorism, murder, fraud, all of the above) and you can spend banks full of money proving your not-guilty all the while having your clients hassled, being drown in legal motions and having your corporate reputation dragged through the mud by a very compliant media. It wasn't that long ago that any export of Cryptography was considered a violation of the Intl Arms trafficking statues (look at the witch hunt they went on to burn Phil Zimmerman for PGP) and even today there are many restrictions. I'm pretty sure Jack was the one that introduced me to the quote "Government keep things secret from citizens, why can't citizens keep secrets from the govt' but the current reality is the govt hates secrets (both parties show tremendous contempt for citizen's privacy rights so it's not a partisan thing). They treat assertion of privacy rights as prima-facie evidence of a crime -how many people have you heard agree with the "If you didn't do anything wrong, you don't have anything to hide" BS. Phones are the dream come true for intrusive bureaucrats and there's no way they'd concede any ground there - in fact they ahve already pretty much eliminated every privacy protection out there around smart phones. It'll only get worse and while technology will come up with solutions, they'll be rendered impotent or disallowed if they are effective to any degree.

    ReplyDelete

Please leave a constructive comment below. Spam and Advertising will not be posted, so it's not even worth trying - all comments are moderated.