LMTV Interop | NetScout Guarding Our New World (Live from the Show Floor)
Ever Hear Of A Routing Audit? (by Tony Fortunato)

Security, What! There’s an App for that? (by Casey Mullis)

When the iPhone was born many saw the great design as a leap forward. Many took to programming applications AKA: App for the new device. Along came many other Smart phones like the Droid. So naturally, along came many more App’s. The saying is “There is an App for that!” for just about anything you could think of asking for. What about your data? Where is it when you trade up to a new phone?

Smartphones-apps

What we miss with all these new found applications is the fact of what we already have built in to the device itself.  Out of the box the smartphone already has many application and programs to do just about anything we need. What we are going to talk about today is the encryption feature built in to just about all smartphones. There are many applications for wiping a cell phone, to be purchased from most app stores. Why buy what you already have?

Apps_2

Most of the applications you find on the app store will do what they say they do but they have a catch. You can use the application to do a percentage but you will have to buy to do a complete wipe. You may be asking why we are telling you all this. Ask yourself this “How many cell phones have I had to date?” then ask yourself this “How many did I use to log in to personal accounts like banks, emails, social media, or credit card accounts?”

Most forensic data recovery programs are based on open source code that can be found in places on the internet. Do you think your data was truly wiped by a factory restore? Do you think the cell phone company you traded your cell phone to, took the time to do a true government wipe of your data before selling or trading? Your data is still there and you should take a few minutes before selling or trading your phone. Make sure your data is truly gone or hidden from prying eyes.

Your cell phone has a feature to encrypt the entire device or just used space. You want to make sure to encrypt the entire device, not just the used space. The reason for this is the fact that if you do only used space your data is left in the unallocated space. Which can be recovered by an end user who ends up with your old phone?

Getting-to-it

Getting-to-it_2

If you selected to encrypt your SD card you will see the following image… In my case I do not have SD card so it shows me not having one.

Screenshot_2015-03-29-21-37-23

When you select to encrypt your cell phone, you will see the following. I had to take two screen shots to get all the information. You will need to make sure you are plugged in to power and it will need to be eighty percent charged before it will start.

Getting-to-it_3

Once you encrypt your complete cell phone, reboot it. When it reboots a screen will display asking for the password to decrypt your entire phone. If you are getting ready to trade in, just enter the password incorrectly several times. After you do this the phone will factory reset, leaving all your data in the unallocated space, completely encrypted. Even if the unallocated space is recovered it will be nothing more than gibberish to the end user looking at it.

You have an option to set up SIM card lock. The issue with this is the fact that the four digit PIN has been cracked. So this offers little to no security to the professional data thief. If you want to protect your data on your SIM, take it out when you trade in your cell phone. You do not have to turn it in with the cell phone. If they want the SIM then put a rare earth magnet to it or cut it in half and turn it in. It is your data, protect it.

Screenshot_2015-03-29-21-37-53

There are other options in your security settings that you can do to help protect your phone if it were lost or stolen. What if your SIM was changed with a cloned one for tracking or ease dropping? Well you have options for this as well. The question is “How much do you believe in your privacy and data protection?” We are all to often quick to point our fingers at companies for losing our data and want to sue them in the court of law. Yet we do not even use one third of the security built in to our own devices. Why, because most don’t care until their data is stolen, then want to point fingers.

Today is your day to take action and control of your data in your cell phone at least. Do not pass this by, thinking it is someone else’s job. It is our own responsibility to start. If we did all we could do to protect our own data and then and only then the company fails; then we should hold them accountable. Accountability starts at home.

You even have in most smart phones the ability to stop people from activating your phone after they steal it. Why is this important, because the first thing the cell company is going to do once you report it stolen is deactivate your phone. We hope this write up helps someone out there become safer with their data.

Moral of the story:

  1. Always take steps to protect your data.
  2. Do not rely on others to do it, because their job may not be in line with your data.
  3. Look with-in before buying applications; you may already have what you need.

Thanks for stopping by and as always we look forward to hearing back from you here at lovemytool.com!

 

Casey

Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people; this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!

Comments