Here’s a question from a field worker who writes, “Our mission team is located in a ‘police state.’ We know the police listen to our phone calls regularly. We also know they can use triangulation to locate us. We’re fine with that stuff. :-) But now we’re facing a couple of new concerns:
“*** REMOTELY EAVESDROPPING WHEN WE’RE NOT ON THE PHONE — The microphones in cell phones are now being turned on remotely to allow eavesdropping on their owners anytime (even when you’re not making a call). We’ve figured out how to overcome this problem… but we kind of hate to always have the batteries out of our cell phones. :-) [By the way, if you think this worker has been watching too many episodes of “24”, just do an Internet search for the term, “FBI taps cell phone mic as eavesdropping tool.”]
“*** REMOTELY ACCESSING CONTENTS OF YOUR PHONE — We’re hearing (from some pretty tech-smart guys) that it’s easy to remotely hack into the contents of our phone, getting full access to our pics, calendars, docs, task lists, etc. The implications are huge. Can anyone confirm or deny this?
“To the degree all of this ‘just depends’ upon what model of phone a person uses we would be extremely grateful for information about which models are suceptible and which aren’t. Also, we’re re-evaluating our team’s technology security protocol. Can anyone share cellphone security guidelines they’ve adopted?”
Well, that’s a lot… but if you’ll just click on the link below, then click on “Comment”, you could write to your heart’s content, even anonymously.
http://www.cs.berkeley.edu/~daw/talks/SAC02.ppt
http://www.orange.co.bw/help/cellphone_security.php
Maybe you will recall Newt Gingrich, former Speaker of the House in the USA.
“A Florida couple cruising through the streets or Washington, D.C. engaged in cell phone hacking with nothing more sophisticated than a hand-held frequency scanner, intercepted House Speaker Newt Gingrich’s cell phone conversations, transcribed those conversations and then sold them to the tabloid magazines and newspapers. Both of these people were later prosecuted by the Federal government and sent to prison as a result of this but, of course by then, the damage had already been done.”
What happened to Mr. Gingrich IS against the law in the USA. However, that does not stop people from doing evil.
As for security on Cell Phones, the first link should convince you there is none.
The second link should tell you your security plan is to treat the device as unsecured, even with digital encryption.
Now, what to do.
The easiest method is to not use the cell phone for encrypted conversation.
Perhaps you may wish to use codes for some conversations. For example, need to bug out of country? Say, there’s a party at Aaron’s house tonight.
As I try to engage Citizens in personal disaster planning (http://www.fema.gov/areyouready), plan NOW for communications during a disaster.
THINK. Be as WISE as serpents, yet innocent as doves.
Hope this helps:
Your Cell Phone Is a Sitting Duck for Data Theft
If you're like me, you carry your cell phone everywhere. And, you may not give much thought to the information on it: phone numbers you've saved, photographs you've taken, records of calls made and received, along with text messages. Not to mention emails and browsing records for cell phones connected to the Internet.
If someone managed to retrieve this information, would that person find anything embarrassing? Or potentially incriminating?
Hopefully not. Because thanks to a new device called a Cellular Seizure Investigation Stick (CSI Stick), anyone can grab the data from your cell phone very quickly. By plugging the CSI Stick into the data port of your cell phone, anyone can almost instantly download all emails, instant messages, dialed numbers, phone books and everything else stored in its memory. The CSI Stick can even recover deleted data, if the space the data occupied hasn't been overwritten.
The CSI Stick (manufactured by Paraben, specialists in electronic forensic hardware, software, and training) is also cheap, as surveillance devices go. It only costs US$200, plus US$99 for the most basic version of the software used to analyze the data. The device can capture data from many Motorola and Samsung cell phone models, and Paraben promises more manufacturer support coming soon.
If you're looking to dig up dirt on your girlfriend, boyfriend, ex-spouse, boss, co-worker, etc., the CSI Stick just might be a great way to start. But more likely, you simply want to protect your cell phone data from this type of analysis.
The first step is to keep only as much data on your cell phone as you really need. Delete calling records, emails, text messages, and photographs daily. Copy any photos you've taken onto your PC and then delete them. If your cell phone has a SIM card (most U.S. phones don't) ask your cellular provider for a new one, and destroy the old one (e.g., by smashing it with a hammer and then incinerating it).
Unfortunately, simply deleting the data isn't enough to protect you if someone conducts a "data dump" of your cell phone. Just like on a personal computer, deleted data can be recovered until it's overwritten. But unlike PCs, the tools necessary to securely delete information on your cell phone aren't readily available. In most cases, you'll need to reformat the phone to make the data unrecoverable. Before you proceed, make sure that your cell phone carrier will activate your reformatted phone.
Here are a few resources to check out:
Your cell phone manufacturer. Look in your cell phone manual index for entries like "delete data" or "reformat device." If you've lost or discarded the manual, you can probably download a replacement copy at your cell phone company's website. While you're on the website, look for reformatting instructions based on the phone and carrier.
Cell Phone Data Eraser. If you go to http://www.recellular.com/recycling/data_eraser/default.asp, you'll find deletion instructions for hundreds of cell phones. Unfortunately, not all cell phones are supported and in many cases you only receive instructions on how to delete the data, not reformat the device. But it's worth checking out.
With cell phones becoming ever more sophisticated, it's only logical that the possibilities for data loss are becoming larger as well. Protect yourself before someone plugs the CSI Stick, or a similar device, into your cell phone!
MARK NESTMANN, Privacy Expert &
President of The Nestmann Group
http://www.nestmann.com
Also if you do a search for bluetooth sniper rifle, it’s a cheap device to build that lets you grab the info off devices that use bluetooth supposedly from up to a mile away. If some teenage hackers can figure out how to do it, certainly a government can.
So, between this device and the CSI sticks, I wouldn’t keep anything of importance on their and/or would regularly delete/wipe the phone if possible.
Best of luck, God bless.
My wife and I spent 20+ years in a ‘closed country.’ We eventually realized that our regular phone and our cell phones were security threats. We soon developed the practice of having everyone leave their cells in their coat pockets) and then the coats were put into a bedroom far from where our team meetings were held.
We also developed the practice of assuming that every conversation we held was being listened to by someone, somewhere. We always spoke in guarded terms, never mentioned people by name, and NEVER used emails to send info about sensitive subjects. Not even encrypted emails.
A few comments of a simple practical nature first.
1) Simple is best – adding features in general adds security vulnerabilities. Don't use a cell phone if you don't really have to. If you use one, do not carry it with you to sensitive location, meetings, or conversations. Do not use or carry PDA's laptop's etc.
2) Analog cell phones are vulnerable to anyone with a little patience and a frequency scanner as alluded to by Lloyd. Analog phones are quite obsolete and have not been useable in the USA for many years, longer in most other parts of the world, though it is still used in a few areas. CB radios are just as bad or even worse than analog mobile's. "Family Service" radios and "walkie-talkies" of any sort are just as bad as analog mobile's.
3) Remote control of phones (microphones and CAMARAS!) and remote data read back is theoretically possible, but without hands-on access to the phone is still beyond the reach of most spies. That is changing quickly though, and a spy with a big budget working with the cellular service provider (such as a draconian government) has pretty much an open door.
4) WiFi & Bluetooth features are very convenient for both phone owners and spies. Avoid having a phone or any other personal data storage device (PDA, laptop, MP3 music player, etc) that even has such a feature. It can be used by even a relatively simplistic spy to track your movements in a crowd (from quite a distance in the case of WiFi). remember that Bluetooth is meant to operate normally from at most a few meters away, but that is for fast accurate transmission of data using a thumbnail sized antenna and power from a coin-sized battery. A spy who is willing to use an antenna the size of the plastic dome that sits on top of the taxis in most parts of the world (he could hide the antenna inside the plastic dome) and who can power it from the car's electrical system can capture a lot of the data stream from ten times that far and can track the source of the signal without being able to capture the data accurately from a hundred times that far. WiFI is harder to hack the data from but can be tracked at longer distances. If you must have a WiFi or bluetooth capable device and you need to optimize security, turn these features off when not actively in use, or better yet, use a USB dongle that you can physically remove.
5) At this time, removal of batteries is the only absolute protection against remote activation of features on most phones. A few phones with mechanical on/off switches can be trusted but unless you are an electronics expert or are consulting with one, don't guess – remove your battery.
6) again, simpler is better. If your cell phone does not have a camera (or the lens has been broken and filled with dark epoxy cement), then nobody can use it to take pictures remotely. If it does not have a speaker phone feature, then it will usually have a less sensitive microphone that will not do a very good job of picking up conversation if remotely activated. If your cell phone lacks bluetooth, then bluetooth cannot be used as a back door by a spy or hacker. If your cell phone does not have a micro USB or other data port, then a potential spy is denied that easy access if they get their hands on your phone.
7) Don't compromise – memorize. A popular slogan in the security business. If you memorize sensitive numbers rather than storing them in a directory on the phone, usually, it will take longer for a spy to see who you like to call.
8) Lock the phone. Most digital phones can be locked so that the keyboard will not work until a certain key or combination of keys is pressed. Not very strong security, but good enough to beat most spies – James Bond will own you if he ever takes interest in your mobile, but 99% of the spies out there are looking for the easy stuff and mostly they look for your secrets inside your mobile phone or PDA incidental to plain old theft. An open phone stolen from a wealthy looking foreigner may provide a treasure trove to a thief looking for good places to rob, but a locked phone takes hours to unlock and risks exposure as even a dealer may have to contact the factory and provide them with positive identity info. On the other hand, erasing is usually cheap fast and easy for a crooked dealer in the brand who is looking to make a few dollars in less than a few minutes. An erased phone will sell on the street faster and at a better price than one that still has your personal data locked inside.
From what I hear, the ONLY way to for sure know your cellphone is safe from hackers is to take out the battery. That way, no one can track it. But then of course calls can’t come in either.
I have two thoughts about this:
1. We need to be aware of such security issues and be wise about them. Especially in restricted countries, but also everywhere. Identity theft is a concern. Safety of missionaries and their contacts is another. I am sure there are many other dangers.
2. However, Paul was able to name his friends, even when writing from prison! Sure, he only used their first name as opposed to their full name – he is prudent to this degree. Nevertheless, it leads me to wonder – are we more worried than what we need to be?
It has been said that if someone is using the mic on your phone to monitor conversations then they are having to use the transmitter on your phone to get that data back to them. The average phone will get warm , the way it does when you are making a call.
If you do not live in a hot location one of those stick on temperature indicators could help you see if your phone is transmitting.