Mobile 'Remote Wipe' Thwarts Secret Service

bennyboy64 writes "Smartphones that offer the ability to 'remote wipe' are great for when your device goes missing and you want to delete your data so that someone else can't look at it, but not so great for the United States Secret Service, ZDNet reports. The ability to 'remote wipe' some smartphones such as BlackBerry and iPhone was causing havoc for law enforcement agencies, according to USSS special agent Andy Kearns, speaking on mobile phone forensics at a security conference in Australia."

Aww..

[Jaysyn]

My heart bleeds for these guys. Really, it does.

Re:Aww..

[h00manist]

My heart bleeds for these guys. Really, it does.

Your free flight to a remote dark room is on its way.

Re:

[Jaysyn]

Bleh, whatever.

Re:Aww..

[Anonymous Coward]

Cool, I love photography!

Re:Aww..

[bickerdyke]

the OTHER kind of darkroom.

Re:

[Anomalyst]

the OTHER kind of darkroom

You mean where you buy the "dancer" some "champagne" and the "hostess" sticks her head to ask you to buy her another every 5 minutes?

Re:

[bickerdyke]

Kind of.

But it's to dark to see if the "dancer" is worth the expense.

Re:

[GameboyRMH]

Now his other love organ is going to bleed x_x

Re:

[palegray.net]

It's okay. Hopefully they'll still have plenty of information from tapping phone calls that were already placed.

Re:

[pelrun]

Watch out - remember they've almost figured out how to detect sarcasm in forum posts now!

http://science.slashdot.org/story/10/05/17/1541236/Software-Recognizes-Sarcastic-Tweets

Re:

[Lumpy]

To me it highlights how much bumbling idiots these guys are. If you have a phone that you NEED the evidence inside it, the second you get it you wrap that thing in several layers of tinfoil and take it directly to a faraday cage workspace to start the process. Honestly, this should have been standard practice for ANY phone over the past 10 years.

Dont they teach these guys anything?

Re:

[Mysticalfruit]

I know this is crazy talk, but if you read the article they specifically say that their standard procedure is to put the phone in a Faraday bag. From there the phone is then brought to a shielded room for dissection.

Like everything else... it's people, policies and procedures.

Just because an agent has a kit containing a Faraday bag, doesn't mean they'll use it...

Re:

[oakgrove]

If ever there was evidence that remote wipe is a Good Thing(TM) and sorely needed as a native tool on Android, this is it.

Re:Aww..

[fuzzyfuzzyfungus]

Umm... Because it suggests that the phones (though not the networks) aren't backdoored?

The fact that the Secret Service, who ought to be a bit sharper than Joe Beat Cop, haven't mastered the art of "turning the phone off before it gets wiped" doesn't strike me as a good thing. However, the fact that "wipe" means "wipe" not "Wipe, unless the state says otherwise" does.

Re:

[Em Emalb]

The fact that the Secret Service, who ought to be a bit sharper than Joe Beat Cop, haven't mastered the art of "turning the phone off before it gets wiped" doesn't strike me as a good thing. However, the fact that "wipe" means "wipe" not "Wipe, unless the state says otherwise" does.

Right, because the S.S. never works with local law enforcement,etc, etc.

Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be

Re:Aww..

[Mister Whirly]

Right, becasue everyone knows that mistakes are never made by law enforcement.

I mean if you don't have anything to hide, why should anyone be worried?

Re:

[nicolas.kassis]

Except the S.S. aren't the only one who could benefit from this information. I'm sorry for them but the reality is that the function is performing as advertised. The S.S. having a backdoor is just that much easier for crackers to get in your phone. Remote wipe is an important feature now that our phones hold much more info then they used to.

Re:

[Sir_Lewk]

I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

OH RIGHT!!! I forgot about dem darn tooten turrists! Thanks for reminding me!

Seriously though, you are in idiot. If you want to trust the gover

Re:Aww..

[element-o.p.]

If you want to trust the government like that then fine, but you are a minority in this respect.

Unfortunately, I doubt he is.

Re:

[geekoid]

In general the government is fine. The US government is one of the most trustworthy.

That doesn't make it perfect, and that doesn't mean it always will be.

I support remote wipe and peoples rights. Over all, the US government does a pretty damn good job for it's citizens.

Re:

[Sir_Lewk]

If you want to trust the government like that...

I trust the government to some extent in my day to day life, everyone does. I just don't trust the government in this context. [youtube.com]

Re:Aww..

[commodore64_love]

>>>Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

Yeah. After all the government never, never arrests innocent people and throws them in jail to rot. So you're right. Nothing to fear.

/end sarcasm

Here's an interesting case where government cops entered the wrong house (therefore an illegal warrantless search) to do a drug raid. Of course there were no drugs at the address (again: wrong house), but the man inside was scared to death so he ran to his bedroom and hid for fear of his life. When the intruders entered, he acted in self-defense of his life and killed the intruder. Then he was charged with murder and sentenced to life for murder.

That man is completely innocent, but nobody seems to give two shits. He's already spent a decade in jail. It could have just as easily been you.

http://reason.com/archives/2006/10/01/the-case-of-cory-maye [reason.com]

Re:

[ehrichweiss]

And to make matters worse, if the police raided your home and killed you and your family "by accident", they'd be all like "oops, my bad" and that'd be the last you'd hear of it. Try to defend yourself and you're committing some form of crime whether that be murder or "obstruction of justice"..

Re:Aww..

[Fulcrum of Evil]

And hiding in the bedroom can be seen as attempting to avoid a deadly confrontation. Killing the intruder when he backs you into a corner is then the action of last resort.

Red Herring

[DeadCatX2]

The SS thing is a red herring. So what, they're one small part of the government. They only have a two-letter acronym!

What about the FBI? NSA? CIA? Trust the SS all you want. The other three-letter agencies? I don't trust them, and it's their own fault. Had they not repeatedly abused the public trust for the past several decades, I might feel differently.

Re:

[shentino]

For starters, they ought to be getting a warrant before they even lay a fucking finger on my phone (assuming I even had one).

Re:

[nabsltd]

First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

They're concerned with counterfeiters and threats to dignitaries and the President.

And the best part is that since the Secret Service themselves get to define "threats to dignitaries and the President", there's no way anybody would ever be investigated by them for speech that isn't actually threatening but is political.

Note: please make sure you run the above through the sarcasm detector [slashdot.org] before replying.

As others have pointed out, there can also be mistakes, like Richard Jewell [wikipedia.org] and the bombing at the 1996 Olympics. It that case, it wasn't the Secret Service, but anyone can screw up.

Re:Aww..

[geekoid]

" I'd have to be in a pretty precarious situation in the first place.

in thir view, yes. Not necessarily true in reality. It does give them a way to go hunting for indicators of other crimes. Not crimes, just some pre set 'indicator'

for example:
if the believed 13% of people who visits X site commit y crime, and you happened to have been to that site, they will detain you. Even if it has nothing to do with why they have the phone.

" The reality is, the S.S. doesn't give a damn about the average person. T"

And that's the problem.

" They're concerned with counterfeiters and threats to dignitaries and the President. "

really?

http://en.wikipedia.org/wiki/GURPS_Cyberpunk [wikipedia.org]
http://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._United_States_Secret_Service [wikipedia.org]

Imagine if that was today. They would have taken a record of every person the called, and then investigate all those people.

Do you need to actually live in a fascist state before you get it?
Talk to people who lived in the soviet union during the 70s. All that was done under the guise of making people safer and catching 'bad guys'.

You need to stop living under the pretense that only guilty people get investigated.

Re:

[dwillden]

Because they want to keep it in an unchanged state until it can be handed to the forensics techs. Turning off the power will wipe anything in the ram. Now they have to make the decision to kill the power or risk a remote wipe.

And the Forensic techs now need to make sure they power the device up in a signal free area, so a latent wipe command can't be sitting on the network waiting for the device to log in and receive the command.

The Service will now need to ensure it's agents always have an exploita

Re:

[Chris Mattern]

Because they want to keep it in an unchanged state until it can be handed to the forensics techs. Turning off the power will wipe anything in the ram. Now they have to make the decision to kill the power or risk a remote wipe.

Or they can have Faraday cage boxes made up and pop the phone into a box as part of the standard procedure of picking it up. Putting the phone into a locked box as soon as it's picked up is good for the evidence chain anyways.

Re:

[gyrogeerloose]

Or they can have Faraday cage boxes made up and pop the phone into a box as part of the standard procedure of picking it up.

They don't even have to have them made up. RF-proof enclosures are readily available off the shelf [ramseyelectronics.com] for a (relatively) low price.

Re:

[K. S. Kyosuke]

Yes, Obama should be so scared of my president-lethal ringtones!

Re:Aww..

[daid303]

I might have been playing to much Commandos, The Saboteur, Wolvenstein and Day of Defeat. But when you say S.S. I think about a whole different kind of 'cop'.

Scary enough, you see them the same way as the original S.S. was seen by the public many years ago.

Re:

[Jaysyn]

I don't feel sorry for them if they aren't bright enough to turn the damn thing off.

Re:Aww..

[KingSkippus]

...if they are unable to gain access to these phones before they're remotely wiped, that's a bad thing. I don't understand why people think this is a good thing.

Because if they are able to gain access to these phones before they're remotely wiped, then other people can gain access to your phone before it can be remotely wiped. 99.999% of those people do not have your best interest at heart. Probably 99.9% of them are thieves and criminals trying to screw you over. 0.099% of them are law enforcement officials overstepping the bounds of what is allowed by law. (But it would cost you tens or hundreds of thousands in legal fees to prove it in court, and you'd risk the chance that you get an idiot judge who sets a bad precedent for everyone else.)

If we're lucky, 0.001% of them have anything to do with the president or counterfeiters, but really, I think that's being generous.

Re:

[MindStalker]

No, they're for counterfeiting and reporting back to the treasury department on the Presidents actions/physically threatening the president, because the treasury really runs this country. /Or some crazy conspiracy theory, I can't remember which. //As conspiracy theories goes, it is one of the better ones.

Re:

[asdfghjklqwertyuiop]

The S.S. isn't your average cop, they're for counterfeiting and protecting the President of the US, (and foreign and domestic dignitaries)

You sure about that? [2600.com]

Re:

[commodore64_love]

>>>I don't understand why people think this is a good thing.

Because the Patriot Act takes-away my right to a jury trial, and that means I need extra tools (like remote erasing) to protect myself from perpetual imprisonment by the government.

Re:

[mysidia]

Sometimes phones are configured to self-erase, if turned off, if the battery is removed, or if an incorrect password is entered 10 times. So pressing the power button can actually initiate a secure erase.

Secure wipes?

[Infiniti2000]

Are they secure wipes or can data still be gleaned?

Re:Secure wipes?

[Anonymous Coward]

Are they secure wipes or can data still be gleaned?

I don't know about iphone, but blackberry wipes securely. The blackberry platform has been tested, audited & certified by many government & private agencies:

http://na.blackberry.com/eng/ataglance/security/certifications.jsp [blackberry.com]

The iphone has been tested, audited & certified by... nobody.

But there is one advantage to the iphone - since you can't take out the battery, it remains on the network for a longer time to receive the wipe signal.

Re:

[afidel]

iPhone 3GS with OS4 will be secure, it will wipe the key immediately and then clean the datastore in the background. This change was made because the old phones took forever to wipe their fairly large flash storage space.

Re:

[aaarrrgggh]

The 3GS should be pretty secure now; the key is wiped immediately, although I don't know if the data store is cleaned. The feature wasn't brought out until OS3, so the 3G and 2G phones shouldn't expect the function. Only the 3GS encrypts the data on the device itself and has the hardware to support on-the-fly decryption.

Re:

[Anonymous Coward]

What is this? Multitasking and background processes on my iPhone?

Re:

[natehoy]

You've always had multitasking and background processes of stuff Apple writes into the OS. It's third-party apps that don't allow multitasking.

Plus, if the phone is being wiped, I don't think any other processes are going to be running. :)

Re:

[SQLGuru]

Were I in law enforcement, I would institute a policy where electronic devices were put into a signal inhibiting box (Faraday cage) upon acquisition. Said box could then be taken to a room for analysis. It won't necessarily prevent the wipe, but it will help a lot. Would also help in situations where the bad guys were doing something with the phone signal (like trying to locate where the cops were staked out).

Re:

[jimicus]

Had you RTFA, you'd know that this is already in place. It's just that the occasional agent here and there has forgotten to follow it and has sent a device off to the lab without removing the battery and/or putting it in the shielded envelope.

The entire FA is a big fuss about nothing, AFAICT. Even the lab admitted that it happens occasionally but it's not a huge problem.

Hmmm.

[sean.peters]

But even for an iPhone, you can't remote wipe it if the device is powered down, right? I would think even putting it in airplane mode would be sufficient, as the phone stops, well, "phoning home". And if the Secret Service can't even manage to remember to turn off the phone, well, yeah. My heart bleeds for them.

Re:

[AmiMoJo]

Put a tinfoil hat on it, no network signal.

If you don't have time to make a tinfoil hat then an anti-static bag is just as effective.

Re:

[gyrogeerloose]

Put a tinfoil hat on it, no network signal.

If you don't have time to make a tinfoil hat then an anti-static bag is just as effective.

I'm not so sure about that. The tinfoil hat might work okay but if you're talking about the typical plastic anti-static bag then I think you're mistaken. RF will go right through one of those things, especially at the frequencies (~800MHz-2.5GHz) on which cell phone networks operate.

Re:Secure wipes?

[fuzzyfuzzyfungus]

Depends on the phone model, I suspect.

My understanding is that the accepted "proper" way to do it is to have all the user-relevant data on the phone stored in encrypted form, with a stored key making it transparently accessible. That way, when the "wipe" command comes, you just have to nuke the key, which takes mere moments, rather than a potentially quite large block of Flash, possibly hiding behind one or more controller chips that are abstracting things, and remapping, and doing other stuff that interferes with your ability to wipe the data hard enough to resist an adversary willing to physically inspect the memory chips, or even a raw dump of their contents.

If a phone implements that correctly, any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it. If there is some nasty flaw in their implementation, or if they use an inferior system of some sort, it is quite possible that fairly trivial attacks will reveal most or all of the information.

Re:

[OzPeter]

any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it.

I call you a liar .. CSI is a 3 letter agency and they surely won't need some imaginary computer stolen from some imaginary space peoples in order to recover the photo that the victim took of their attacker just moments before they died.

Re:

[GameboyRMH]

Plus even if the attacker's face is only 10 pixels wide in the grainy, dark, blurry photo they can zoom it right up, run an "enhance filter" (proprietary CSI stuff) on it a few times and see his face in high resolution.

Re:

[mlts]

This is how Windows Mobile 6 and newer protect the contents on the memory card. It creates a key (and I forgot what exact file it uses under \Windows), and when writing to files on the SD card, uses that key with AES-128. When reading files, it checks the file against the list of keys stored to see if it can decrypt it. If it can, it will transparently decrypt it.

Hard reset the WM device either by a remote wipe, too many wrong PINs, or physically, and that keyfile is wiped and recreated with a new random

Re:

[mini me]

iPhone also requires having a MobleMe account

Or an Exchange account. Which can include the use of z-push, if Exchange is not your thing.

Re:

[Jeng]

I do not believe that any US based three letter agency would be stupid enough to force all hardware vendors (most of which manufacture in China now) to include a backdoor.

Any backdoor for the three letter agencies is a potential backdoor for those the three letter agencies would like to stop. Yes, they are smart enough to realize that.

It is not like the three letter agency would be able to do this without the developers knowledge which would just be another avenue for the backdoor to be released.

Now China

Re:

[guruevi]

Usually (as in the case with the iPhone and Blackberry), all data is encrypted by default and the remote wipe deletes the encryption key a couple of times. This makes all data unreadable and unrecoverable - even if you could read the data it would still be worthless.

Hm

[pudge]

The Secret Service just need a Faraday Cage Fanny Pack.

Re:

[MozeeToby]

Or just put the phone into 'airplane mode'. I would have thought that would be what they did anyway, do they just leave them connected to the network all the time when they're working on them or what?

Re:

[sunderland56]

Or just put the phone into 'airplane mode'.

That would require every police officer to know how to navigate the menu system and do that on every smartphone ever made. Even just turning off a phone you've never seen before isn't necessarily obvious.

What isn't clear to me is exactly what evidence they're expecting to find. A log of every phone call made or received, and every text sent or received, is already available from the service provider. If a criminal is smart enough to know about and deploy a remo

Re:

[toastar]

Some phones never truly turn off, and have the ability to be turned on remotely. The government was pushing for this feature, and now it has turned around and bit them. The only way to be certain that the black box you are carrying cannot communicate with the outside world is to remove the battery or stick it in a Faraday cage. Both methods have advantages and disadvantages.

What's the disadvantage of a Faraday cage? Metal rooms get hot?

Also would a cell jammer not work?

Re:

[pavon]

I can't think of any disadvantages to a faraday cage for a normal unrigged phone, other than the fact that you have to have one with you. The first cop on the scene probably won't, and will have to wait for the crime scene folks to show up. The phone could be remote wiped in that time. The disadvantages of removing the battery are that there may be info that is lost upon removing power and that not all phones have removable batteries.

A phone could be rigged to clear itself on boot and/or in the case of bein

Re:Hm

[davidbrit2]

They have one, apparently.

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."

Re:

[Anonymous Coward]

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."

Deep below the earths crust where an army of techie-like-gremlins work tirelessly in a labrinthy maze of dusty, dirty laboratories consisting of ancient testing equipment made before the dawn of man. Only Down here, where only the flicker of overhead lamps shine shadows into the darkness, is justice done.

Re:

[pudge]

That's what I get for not reading the story fully. At least they know what to do ... they just now need to get the people on the scene to do it. :-)

Re:Hm

[jimicus]

No it doesn't. It requires a simple, mindless process: supply all agents with shielded bags for mobile phones, instruct them that the process for mobile phone evidence is it goes in the special bag and does not come out before it gets to the lab.

And if there's one thing most law enforcement agencies worldwide are extremely good at, it's simple mindless processes.

Re:

[elrous0]

Good luck explaining a scientific concept to the average Secret Service agent. That's like trying to tell a CIA analyst that psychics don't exist in real life.

Re:

[bzzfzz]

Although most of them aren't scientists or engineers, they're smarter than your average bear. Nearly all have four-year degrees, in addition to their law-enforcement training.

Don't conflate them with the donut-eating locals whose eyes glaze over when you try to explain the Doppler effect and what it has to do with their radar.

Enemy of the State

[Tekfactory]

What no empty aluminized mylar potato chip bags?

Or a bag made out of the same Steel Mesh as these Wallets?

http://www.wired.com/gadgets/miscellaneous/news/2007/07/steel_wallet [wired.com]

Gist of the story

[thesaurus]

If officers don't follow evidence procedures correctly, evidence gets screwed up. And it doesn't happen very often.

"Sometimes you'll get a cellphone that comes in that is wiped, [but] it's not all that common," he said. Agents were trained to incapacitate devices, but Kearns cautioned that not all enforcement agencies had the same knowledge.

Re:Gist of the story

[oldspewey]

So basically, this is crime scene preservation training 101. If an officer stumbles around a physical murder scene, eating hot chicken wings, randomly picking up pieces of evidence, and leaving delicious buffalo sauce all over everything, he will destroy the physical evidence before it can be expertly analyzed. But hopefully with adequate training, he learns how to take adequate precautions.

Re:

[torgis]

Sounds like a sinfully delicious crime.

Just pull the battery out!

[omnichad]

I wouldn't waste a moment waiting on the phone to power down on its own.

Re:

[zill]

Especially on phones running Android, where anyone proficient in Java can make a fake "Power off" button that zeros out the entire device.

Re:

[nneonneo]

Most Android phones also have a battery cover, so in these cases you just pull the battery: problem solved.

Re:

[omnichad]

Sure, why not? You think the flash chip will be erased by a little sledgehammer force? But seriously, it does take forever to turn an iPhone/iPod Touch off the proper way. It's holding down two buttons for 10 full seconds before it even responds to the request. Airplane mode would be quicker on an iPhone.

Re:

[nneonneo]

No, to turn off an iPhone/iPod touch the proper way, you hold down the sleep button for five seconds, and slide to power off. It's really not that hard.

Re:

[omnichad]

Sorry. Last time I powered off it was because the OS froze. A hard power off is holding the home and sleep button for 10 seconds.

Re:

[stephentyrone]

One button for 3 seconds. Details, details.

How would you do remote wipe on a laptop?

[joeflies]

Seems to be that the gating factor with a laptop is that it has to be online in order to get a poison pill. A smart phone, well that's easy to send a poison pill because it's still online even after the point you lose control of the device. A laptop, however, can be left turned off and the disk duplicated before anyone actually turns the power on the drive.

Disk encryption helps to the extent that it prevent an unauthorized people from accessing the drive but that's not the same as a remote wipe, since you

Re:

[fuzzyfuzzyfungus]

My understanding is that this very feature is either available or available-real-soon-now in certain corporate models with integrated cellular broadband cards(since, effectively, if the PC has a cell card with BIOS integration, doing just about anything a smartphone could do under the circumstances is just a matter of implementation).

Re:

[blueg3]

Remote wipe is super easy on a laptop. Use full-disk encryption and don't leave your laptop powered on. If they can't guess your passphrase, it's equivalent to what happens when an iPhone is remote-wiped -- with the exception that you could be convinced to give them your passphrase eventually.

Great!

[just_another_sean]

Sounds like it's working then.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[chill]

Personally, I'll bet it is the counterfeiting that irritates them most. The gov't hates competition.

From the article:

The problem is that accomplices can remotely wipe the phones if the agencies don't remember to remove the battery or turn off smartphones before sending them off to the forensics laboratory, he said.

Fortunately, the person in the article isn't wanting anything done about it other than agents remembering to do this. Nothing to this article, other than the guy saying "sometimes we forget to do this and it is a pain. Don't forget."

Re:

[tnk1]

I'm a counterfeiter, you insensitive clod!

The money just wants to be free!

Re:

[maxume]

It's a bit much to read that as a blanket anti-law enforcement comment, it simply means that Taco feels that the law enforcement needs of the Secret Service are subordinate to his right to secure his possessions.

From the Red Herring department

[DeadCatX2]

Anti-counterfeiting and anti-assassination are good, yeah. Killing Remote Wipe helps more than just the Secret Service, though. Just because we trust the Secret Service does not mean that other three-letter agencies are trustworthy.

Re:

[LWATCDR]

The level of paranoia is just too high over all.
Honestly part of the problem IMHO is that law enforcement is getting a bad rep because of dumb laws like DMCA and such.
I have a friend that works in the FBI. Yes he is very happy to bust some with a warehouse full of counterfeit goods. But I asked him about things like bit torrent and pirating MP3s... His comment was. What a freaking waste of my time. They rarely have to get involved in that and just leave it up to the lawyers.
Of course when the police must e

Re:from the cry-them-a-river dept.

[bzzfzz]

I think most Slashdotters will agree that the Service is well within their rights to perform forensic analysis on any device that they obtain during a lawful search, whether conducted under a warrant, incidental to an arrest, or based on probable cause. I do not believe that the Service suffers a poor track record regarding extralegal searches as does INS and some other agencies.

On the other hand, the availability of an effective "remote wipe" of a personal device is a rightful means of exercising freedom.

It's about balance.

The general case

[Sloppy]

If a device serves the interest of a particular user, then that device is less useful to people whose interests conflict with that user.

Not much of a story or revelation when you phrase it that way, huh?

Let's not forget that law enforcement is just one entry on a long, long list of entities whose interests may conflict with the owner of a phone, and most of those people happen to also be law enforcement's opponents. So it's not like you can "fix" the "problem" of devices serving their users, without taking

Faraday cage

[laughing_badger]

Why on earth do agents not have metalised bags to drop phones to be used as evidence into? Not to be opened until in a secure location with no network signal?

Remote wipe requires remote signal, yes?

[DdJ]

As I understand it, doing any of the following should be able to prevent a remote wipe from happening:

* put it into "airplane mode"
* remove the SIM (assuming GSM with no wifi)
* remove the battery

If you need the SIM or battery to get the data off the device, you can then take it to a faraday cage and put the SIM or battery back in once you're sure no signal can get to the phone. Yes?

Anything that protected against these "attacks" would also make it so the phone's user couldn't access their data when the signal strength was sufficiently poor. Which some folks might choose as their configuration, but then they're open to a new kind of denial-of-service attack.

Remote wipe is useful when you want to prevent a random schlub (eg. pickpocket, guy at bar) from getting data off a randomly-acquired phone (eg. "iPhone HD"). I do not think it's useful for preventing a professional with intent from getting data off a phone they're targeting specifically because of its data. Am I wrong?

Re:

[DdJ]

Huh?

Nothing I wrote had anything to do with how long a wipe took, it was based on what triggers the wipe, and how to prevent the phone from ever realizing that condition had been met. I think it's possible that you're confused.

For the iPhone for example, a remote wipe for a typical "MobileMe" user requires that user to go to a web site and press the "remote wipe" button. A phone that's in airplane mode will never receive the resulting signal, and won't be wiped.

So if a pickpocket gets the phone and immedi

Just use the usual solution:

[Hurricane78]

Plant some “evidence”.

There. Done.

Proper procedure

[cdrguru]

Well, if they followed proper procedures, this wouldn't be a problem.

Walk around the exhibits at any forensic conference and you will see a variety of devices for making sure this does not happen. You can use any of them - they all work. Anything from the Paraben "tent" to the HTCI "glove box". The idea is that you put the phone into a shielded container where you can operate on it to collect evidence.

When the phone is collected you have the choice: either remove the battery or put the phone into a shielded bag. No special shielded bags handy? Then you have to remove power and hope the phone doesn't lock itself. Don't want to deal with a locked phone? Get some shielded bags then.

This isn't a real problem with phones, it is a real problem with having the right knowledge and procedures. It shouldn't even be a matter of training anymore.

Re:Proper procedure

[natehoy]

My Blackberry locks itself after 15 minutes of non-use. The key to decrypt the data on the phone is itself encrypted by the password (8 characters minimum) that I use to unlock the phone. Screw that password up ten times and the phone wipes. It also locks itself on power-up.

About the only real option would be to either have someone press a button on the phone every 10 minutes (assuming it's not already locked when taken), which would be a real trick when the thing is in a Faraday cage or bag.

The very same things that make the Blackberry and newer iPhones attractive to businesses (and Government agencies, for that matter) are what make it undesirable from a forensics point of view. These things are designed so they can be configured to be extremely paranoid, and are very tough to crack.

And therein lies the problem. If you allow your citizens their own security, you can't see everything they do, and that makes it harder to catch the wrongdoers. If you want absolute information to catch wrongdoers, perhaps a democratic republic with constitutional protection of its citizens is not for you.

skilled experts huh

[TRRosen]

stumped by a technological problem that can be solved by carrying a piece of tinfoil.

Tinfoil Hat time

[rickb928]

Just wrap it in tin foil, and keep the rays from getting to it and commanding the wipe.

Act quickly...

Later, keep it inside the Faraday cage you have constructed. You HAVE constructed the cage, right? If it's GSM, pull the SIM. If not, well, the cage will need to be expanded to be comfortable...

Any questions?

Re:

[egcagrac0]

That's a great idea.

Where do you buy phones?