, 'opacity': false, 'speedIn': , 'speedOut': , 'changeSpeed': , 'overlayShow': false, 'overlayOpacity': "", 'overlayColor': "", 'titleShow': false, 'titlePosition': '', 'enableEscapeButton': false, 'showCloseButton': false, 'showNavArrows': false, 'hideOnOverlayClick': false, 'hideOnContentClick': false, 'width': , 'height': , 'transitionIn': "", 'transitionOut': "", 'centerOnScroll': false }); }) HazDat
15Mar/12

FBI’s most wanted smartphone

FBI Can't Crack Android Pattern-Screen Lock | Threat Level | Wired.com

Pattern-screen locks on Android phones are secure, apparently so much so that they have stumped the Federal Bureau of Investigation.

The bureau claims in federal court documents that forensics experts performed “multiple attempts” to access the contents of a Samsung Exhibit II handset, but failed to unlock the phone.

An Android device requires the handset’s Google e-mail address and its accompanying password to unlock the handset once too many wrong swipes are made. The bureau is seeking that information via a court-approved warrant to Google in order to unlock a suspected San Diego-area prostitution pimp’s mobile phone. (For details on the pimp investigation, check out Ars Technica‘s story on the case.)

Locking down a phone is even more important today than ever because smart phones store so much personal information.

What’s more, many states, including California, grant authorities the right to access a suspect’s mobile phone, without a warrant, upon arrest for any crime.

Forensic experts and companies in the phone-cracking space agreed that the Android passcode locks can defeat unauthorized intrusions.

“It’s not unreasonable they don’t have the capability to bypass that on a live device,” said Dan Rosenberg, a consultant at Boston-based Virtual Security Research.

A San Diego federal judge days ago approved the warrant upon a request by FBI Special Agent Jonathan Cupina. The warrant was disclosed Wednesday by security researcher Christopher Soghoian, In a court filing, Cupina wrote: (.pdf)

Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone. A pattern lock is a modern type of password installed on electronic devices, typically cellular telephones. To unlock the device, a user must move a finger or stylus over the keypad touch screen in a precise pattern so as to trigger the previously coded un-locking mechanism. Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.

Rosenberg, in a telephone interview, suggested the authorities could “dismantle a phone and extract data from the physical components inside if you’re looking to get access.” However, that runs the risk of damaging the phone’s innards, and preventing any data recovery.

Linda Davis, a spokeswoman for forensics-solutions company Logicube of suburban Los Angeles, said law enforcement is a customer of its CellXtract technology, which it advertises as a means to “fast and thorough forensic data extraction from mobile devices.” But that software, she said in a telephone interview, “is not going to work” on a locked device.

All of which is another way of saying those Android screen locks are a lot stronger than one might suspect.

It was not immediately clear whether the iPhone’s locking system is as powerful as its Android counterpart. But the iPhone’s passcode has been defeated with simple hacks, the latest of which was revealed in October 2010.

Clearly, the bureau is none too happy about having to call in Google for help. The warrant requires Google to turn over Samsung’s “default code” in “verbal” or “written instructions for overriding the ‘pattern lock’ installed on the Samsung model SGH-T679.” Google spokesman Chris Gaither would not say if Google would challenge any aspect of the warrant. Google, he said, does not comment on “specific cases.” “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying,” he said in an e-mail. “If we believe a request is overly broad, we will seek to narrow it.” Photo: Mike Dent/Flickr

Via http://www.wired.com/threatlevel/2012/03/fbi-android-phone-lock/

 

Share
15Mar/12

How tiny antennae threaten to upset the balance of power

Damn the Lawsuits — It’s Full Speed Ahead for Aereo In New York

NEW YORK — Aereo, the startup which aims to rock the TV world by renting you a remote high definition antenna that allows you to watch and record broadcasts via a web browser, launched Wednesday despite lawsuits which allege that the company is violating the copyrights of broadcasters who own the programming.

Two lawsuits have been filed against Aereo (and it has filed a counterclaim of its own) but there is no court injunction preventing the launch, so here we go. In what is perhaps a little tweak at the broadcasters who are trying to shut Aereo down — or just good business of the “first taste is free” variety — Aereo takes to the airwaves with a 90-day free trial, up from the 30 days initially planned. After that 90 days, it’ll cost New Yorkers $12 a month to get the roughly 20 channels broadcasting in this market in HD.

That is, assuming Aereo is still around in 90 days.

The suits against the start-up, whose backers include broadcast veteran Barry Diller, allege that Aereo is blatantly violating the copyrights of broadcasters who air shows that are otherwise available generally only via cable and satellite middlemen, or if you have your own HD antenna attached to a TV set. Aereo contends it has the legal right to provide this service because its potential customers a) have the right to these broadcasts, made available as they are on publicly-owned airwaves and b) have the right to put an antenna anywhere they want to pull in these signals for our own, personal, non-commercial use.

Aereo essentially says it is merely enabling legal private behavior, and charging for that convenience.

Copyright is a justifiably powerful tool which often trumps all — and I am no lawyer — but I’ve already made clear that I find Aereo’s theory compelling. That said, I’m fantastically interested in how the arguments on both sides will be made. Either way this case will change things: Someone is going to do what Aereo is doing, even if it’s only the broadcasters who didn’t bother to, first.

Via http://www.wired.com/epicenter/2012/03/johncabell/

Share
9Mar/12

Deportation: There’s an app for that.

PHOENIX -- A group of pro-immigrant rights activists in Arizona aim to develop a smartphone application that would help immigrants notify friends, family and their attorney if they are detained and arrested during a traffic stop.

Arizona was the first state to pass a law to make it a crime to be an undocumented immigrant (SB 1070), leading to an increased crackdown and climate of fear among immigrants. A recent Department of Justice investigation on racial profiling of Latinos by the Maricopa County Sheriff’s Office found that Latinos were four to nine times more likely to be pulled over in a traffic stop than non-Latinos

“When someone gets pulled over the first thing to worry about is the family,” said Lydia Guzman, the president of the nonprofit Respect/Respeto.
For years, the nonprofit’s emergency hotline has monitored cases of possible civil rights violations against Latinos by local law enforcement, provided information about rights, and tracked down missing family members in immigration custody after undocumented drivers are detained.

“It’s difficult. We try to get all of this information from them to reach their family, while at the same time we’re trying to advise them about their rights,” she said.

It was Guzman’s experience with Respect/Respeto and the increased crackdown on undocumented immigrants by local police using state laws that inspired her friend Todd Landfried, a spokesperson for Arizona Employers for Immigration Reform, to come up with an idea for a smartphone app that could do what the group does and more.

The app will allow users to notify family, friends, attorneys and even their consulate when they get pulled over by law enforcement or when they are facing an emergency situation that puts their safety or civil rights at risk.

With the touch of a button, Landfried says, the “Emergency Alert and Personal Protection” app will send a pre-set list of people information about the person’s location using GPS technology and date and time of the incident. The app will also have an option to record audio and video, which is a common function on most mobile phones, but it will take it a step further by sending the audio and video to a “web interface” where the data can be stored and accessed by lawyers, for example.

It will also inform them, in English and Spanish, of their civil rights if they are arrested during a traffic stop; for example, reminding them that they have the right to remain silent and have an attorney present during questioning.

Guzman says the app could help people make split-second decisions at a crucial moment about who to call and how to get help. She says it would also provide immigrant advocates a starting point to search for undocumented immigrants once they are in the detention system – a search that can sometimes take days.

In order to take the app from idea to reality, Landfried and Guzman recently launched a 30-day crowdfunding campaign to support the development of the app. If they reach their goal of raising $225,000, they will work with a software developer to have the app ready by July. Donors would get the app, which will cost about $2, for free.

The app is similar to the “I’m Getting Arrested” app that launched in response to the arrests of protestors involved in the Occupy movement. Landfried and Guzman say their app would be designed to specifically address the situation of undocumented immigrants pulled over in traffic stops. They say it would consolidate functions on the phone to allow users to document, store and send photos, audio and video to web interface that can be used to document racial profiling or violations of civil liberties.

Landfried says he believes Latinos are well-positioned to make use of such an app based on recent trends of Latinos' usage of smartphones.
According to a 2010 Nielsen Company report, 45 percent of Hispanic mobile users have a smartphone compared to just over a quarter of white mobile users.

Landfried and Guzman say they hope the app can be a tool for tracking statistics of potential instances of racial profiling.

“Keeping in mind you have to protect the attorney-client privilege,” Landfried said. “If data was made anonymous, we can track how many times people hit the button for traffic stops and they can fill in later what the outcome was.”

“This is about protecting people. Everybody has rights, whether you like it or not,” he said.

Via http://newamericamedia.org/2012/03/im-getting-arrested-app-aims-to-help-those-detained-in-traffic-stops.php

 

Share
20Apr/11

Police Search Cell Phones During Traffic Stops

ACLU seeks information on Michigan program that allows cops to download information from smart phones belonging to stopped motorists.

The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program.

ACLU learned that the police had acquired the cell phone scanning devices and in August 2008 filed an official request for records on the program, including logs of how the devices were used. The state police responded by saying they would provide the information only in return for a payment of $544,680. The ACLU found the charge outrageous.

"Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide," ACLU staff attorney Mark P. Fancher wrote. "No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure."

A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.

"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."

The ACLU is concerned that these powerful capabilities are being quietly used to bypass Fourth Amendment protections against unreasonable searches.

"With certain exceptions that do not apply here, a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity," Fancher wrote. "A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched."

The national ACLU is currently suing the Department of Homeland Security for its policy of warrantless electronic searches of laptops and cell phones belonging to people entering the country who are not suspected of committing any crime.

Via http://www.thenewspaper.com/news/34/3458.asp

Share
9Feb/11

OT: The Arraignment

I would not believe this, had I not witnessed it with my own eyes. Of course, the caricatures have been changed to protect the confessed. In reality, no cartoon could do the actual characters justice. (Pardon the pun.) What it proves is that the right to remain silent is, perhaps, the greatest legal tool in the entire box.

Props to ToonDoo.com for building an online tool that even a right-brain can use.

Share
5Feb/11

Scare Tactics: Dam Lies!

What is the world coming to when our leaders use scare tactics to get what they want? (Rhetorical question, of course.) But that's exactly what happened when backers of the so-called "Internet Kill Switch" evoked images of foreign hackers opening flood gates and drowning citizens.

We are very concerned about an electronic control system that could cause the floodgates to come open at the Hoover Dam and kill thousands of people in the process,” said Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee. ”That’s a significant concern.”

Not only is that not a significant concern, it turns out not even to be an insignificant concern. But the false information was no insignificant matter to the Bureau of Reclamation, which runs the power-generating facility on the Arizona-Nevada border.

“I’d like to point out that this is not a factual example, because Hoover Dam and important facilities like it are not connected to the internet,” Peter Soeth, a spokesman for the bureau, said in an e-mail. “These types of facilities are protected by multiple layers of security, including physical separation from the internet, that are in place because of multiple security mandates and good business practices.”

Yesterday we posted a poll to get your opinion on this issue. Please take a moment to make your voice heard.

Share
4Feb/11

POLL: Do You Think An Internet “Kill Switch” Is An Effective Way To Protect National Security?

In the aftermath of Egypt and Tunisia's government-imposed Internet shut-downs, there has been a lot of talk this week about the U.S. Senate's Internet "Kill Switch" bill. No one argues that our networks are vulnerable to attack. Senators say they have committed to this power only to protect against "external cyber attacks". This raises several questions and deserves serious debate:

  • In a global network, is there really a distinction between internal and external threats?
  • Under what circumstances would the President use this power, and with what oversight?
  • Could the financial damage of isolating U.S. commerce from foreign customers outweigh the potential damage from attack?
  • Does the risk of an "Egyptian-style" shut-down really exist in Western Democracies, and if it does, is it a fair trade-off for national security?

That leads to today's poll question:

Do you think an Internet "Kill Switch" is an effective way to protect National Security?

View Results

Loading ... Loading ...

Of course, there are few perfect Yes/No answers in this world. Please feel free to share your comments below, and we encourage you to use the "Like" and "Share" buttons to elicit more opinions from others.

Share
2Feb/11

Senators Deny Similarities Between Egypt’s Internet Blocking & USA’s “Kill Switch” Bill

Some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet. Nothing could be further from the truth.
-Joseph Lieberman (I-Conn.)

In a statement issued this week, Senators' Joseph Lieberman (I-Conn.), Susan Collins (R-Maine), and  Tom Carper (D-Del.) said that their intent was to allow the president "to protect the U.S. from external cyber attacks," not to shut down the Internet.

Aside from the obvious civil liberties concerns, the problem I see is largely a mechanical one, and it demonstrates the Senators' lack of fundamental understanding when it comes to the world in which they legislate: By the time a cyber attack is apparent, it's no longer likely an "external" threat. The most effective attacks known today are distributed amongst a multitude of machines in various locations, making it impossible to protect citizens without shutting down the Internet -- if such a thing could even be accomplished in this country.

The U.S. network infrastructure is much more complex and diverse than that of Egypt. In part, that has to do with the shear differences in scale. But, perhaps surprisingly, it also has to do with the age of our network. Parts of our interconnected network go back five decades. Some interconnected networks predate the Internet itself. And these are interconnected with new infrastructure being added every day without the need for government knowledge or consent.

Most importantly, when the Advanced Research Projects Agency Network (ARPANET) was conceived, it was specifically designed to survive and reroute against an outage. That means, depending on the final draft, the law would likely be either ineffective, dangerous, or both.

Share
31Jan/11

Security Minded: Drive Encryption

The Need

Where do I begin? Even before (maybe especially before) storage devices were portable, they were still vulnerable to theft, due more to their high resale value than the questionable value of their contents. Today, the market value of even a brand-new desktop computer may not be worth the potential consequences of being caught. But, the lucrative identity theft trade has given rise to an entirely different motive for computer, tablet, and cellphone theft. In this case, the device is simply a means to an end.

But theft and the obvious concern over losing such easily and commonly misplaced devices as thumb drives are far from the only reason to encrypt hard drive data. Today, for instance, international travelers may be subject to the copy and search of their hard drives, as authorized by the Department of Homeland Security's U.S. Customs and Border Enforcement's "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allows Customs Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Regardless of your motivation, encrypting mobile data storage should be high on your list of priorities. Like my AmericanExpress card, I never leave home with out it.

Note to attorneys, medical professionals, or anyone with a fiduciary responsibility: Unlike most professionals, you may have a legal, if not ethical, responsibility to protect your clients' data. Even if a standard for "reasonableness" has previously been applied to "locks" and other 20th century security practices, it may not apply to devices removed from a secure space. Check with your respective associations and/or licensing boards for more information. ... CONTINUE READING »

Share
27Jan/11

Mixed Messages: US Govt. Tells Companies to Collect User Data, But Not To Use It

Last month the US Federal Trade Commission testified before Congress in order to establish "Do Not Track" legislation, challenging companies to either self-regulate, or face potentially stiff laws prohibiting the tracking of Internet users. This week the US Department of Justice testified before congress to establish regulations requiring data retention for the purposes of investigation and prosecution.

"Data retention is fundamental to the department's work in investigating and prosecuting almost every type of crime," US deputy assistant attorney general Jason Weinstein told a congressional subcommittee on Tuesday. "In some ways, the problem of investigations being stymied by a lack of data retention is growing worse." Weinstein acknowledged that greater data retention requirements raise legitimate privacy concerns but "any privacy concerns about data retention should be balanced against the needs of law enforcement to keep the public safe."

Emphasizing the vast disparity between the testimony of  these two Federal organizations is the following statement from the FTC's own prepared statement to Congress expressing a principal of "reasonable security and limited retention for consumer data" among companies collecting sensitive data.

"A key to protecting privacy is to minimize the amount of data collected and held by ISPs and online companies in the first place," according to John Morris, general counsel at the non-profit Center for Democracy & Technology. "Mandatory data retention laws would require companies to maintain large databases of subscribers' personal information, which would be vulnerable to hackers, accidental disclosure, and government or other third party access."

The DOJ's request would require "an entire industry to retain billions of discrete electronic records due to the possibility that a tiny percentage of them might contain evidence related to a crime," says Kate Dean, executive director of the Internet Service Provider Association. "We think that it is important to weigh that potential value against the impact on the millions of innocent Internet users' privacy."

Share

Log In


Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map