>From - Sat Mar 02 00:57:25 2024
Received: by 10.86.33.10 with SMTP id g10mr64387fgg.0.1234894017042;
Tue, 17 Feb 2009 10:06:57 -0800 (PST)
Return-Path: <tsc..._at_shaddack.mauriceward.com>
Received: from 121.235.cust.netway.cz ([85.239.235.121])
by mx.google.com with ESMTP id e3si1044839fga.14.2009.02.17.10.06.56;
Tue, 17 Feb 2009 10:06:56 -0800 (PST)
Received-SPF: pass (google.com: domain of tsc..._at_shaddack.mauriceward.com designates 85.239.235.121 as permitted sender) client-ip=85.239.235.121;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of tsc..._at_shaddack.mauriceward.com designates 85.239.235.121 as permitted sender) smtp.mail=tsc..._at_shaddack.mauriceward.com
Received: (qmail 6676 invoked by uid 0); 17 Feb 2009 19:06:56 +0100
Date: Tue, 17 Feb 2009 19:06:56 +0100 (CET)
From: Thomas Shaddack <tsc..._at_shaddack.mauriceward.com>
X-X-Sender: Thomas Shaddack <shad..._at_ns.arachne.cz>
To: TSCM-L2006_at_googlegroups.com
Subject: Re: [TSCM-L] {3346} Re: Cell phone sweep
In-Reply-To: <49975659.5090500_at_gmail.com>
Message-ID: <0902160308410.0_at_somehost.domainz.com>
References: <C5BB781D.60ED%bts_at_charter.net> <49975659.5090500_at_gmail.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
I'd go for the standard approach used in computer forensics. (The
contemporary phones are full-scale computers, with their own operating
system and filesystems. My aging phone now has better screen resolution
and orders of magnitude more memory than my early computers had.)
Gain access to the filesystem. Make sure there are no hidden areas you are
denied access to. Beware of DRM implementations which can be used for
denying you access to parts of your own device.
Gain access to the flash ROM with the system (equivalent of the computer's
ROM BIOS). Make sure it is identical to a known-good phone with the same
firmware version.
Check out the system files on the filesystem, compare their checksums to
the known-good ones. Be aware what could cause potential changes.
Make sure you know the purpose/origin of every file that can be loaded
into memory. Know the vulnerabilities of the current version of firmware,
be aware that e.g. buffer overflows in otherwise harmless files (MP3,
JPG, ICO...) can be injection vectors for hostile code if the phone's
software is vulnerable. (Cf. code injection from patched savegames in
unlocking game consoles.)
In case of doubts, it may be easiest to wipe everything that can be wiped
and reflash the phone's firmware to a known-good version, then make
checksums of everything you can get hands on, and then periodically check
for changes. Kind of like what Tripwire is.
http://en.wikipedia.org/wiki/Open_Source_Tripwire
Open-source architectures (there are a few for cellphones, e.g.
OpenMoko/Neo Freerunner) where both the software and the hardware are
fully documented and open to inspection, are more likely to be securable
than proprietary platforms. New developments involving e.g. Android OS are
going further in this direction, offering some interesting possibilities
for security features - whether a kernel that is stripped down and
offering much smaller attack area, or advanced logging of system
operations allowing earl spotting of hostile software, or patches for
cheap and easy end-to-end call encryption.
>
> I'm really curious as well if there's an option for doing this besides
> with a ball-peen hammer.
>
> bts wrote:
> > There are a number of software packages available now that can be
> > loaded up on a cell phone. What is available to sweep for it? Sort of
> > a malware/virus detection software like you would have for a computer?
> >
> > Any one heard of anything good?
> > --
> > James Greenwold
> > Bureau of Technical Services
> > P.O. Box 191
> > Chippewa Falls, WI54729
> >
> > 715-726-1400
> > http://www.tacticalsurveillance.com
> > t..._at_charterinternet.com
> >
> > >
>
> >
Received on Sat Mar 02 2024 - 00:57:25 CST