Forgot your password?
typodupeerror
Crime Handhelds Iphone Security Apple Your Rights Online

Hacker Teaches iPhone Forensics To Police 193

Posted by samzenpus
from the strange-bedfellows dept.
Ponca City, We love you writes "The Mercury News reports that former hacker Jonathan Zdziarski has been tapped by law-enforcement agencies nationwide to teach them just how much information is stored in iPhones — and how to get it. 'These devices are people's companions today,' says Zdziarski. 'They're not mobile phones anymore. They organize people's lives. And if you're doing something criminal, something about it is probably going to go through that phone.' For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime."
This discussion has been archived. No new comments can be posted.

Hacker Teaches iPhone Forensics To Police

Comments Filter:
  • by jonfr (888673) on Sunday September 12, 2010 @12:30AM (#33550424) Homepage

    European privacy laws. I know nothing about U.S privacy laws. But in all of EU and EEA member states this is in fact illegal. Countries outside EU and EEA might have different law (except Switzerland due to bilateral agreements with EU).

    http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications [wikipedia.org]

    http://en.wikipedia.org/wiki/Data_Protection_Directive [wikipedia.org]

  • by xtal (49134) on Sunday September 12, 2010 @12:42AM (#33550480) Homepage

    Nobody would ever be clever enough to generate false data.. for an iAlibi? ..or clever enough to hack into and plant incriminating evidence? (not that there's ever been a security breach!)

  • by PNutts (199112) on Sunday September 12, 2010 @12:56AM (#33550528)

    This is for the animation of screens opening and closing. This news is about two years old. It doesn't specifically call out the iPhone model so it may not apply to the newer ones with hardware encryption unless the book's been updated since 2008.

  • by Nom du Keyboard (633989) on Sunday September 12, 2010 @02:59AM (#33550978)
    Your iPhone is clearly not your friend, and this isn't the only story about why today. It's the fink waiting to rat you out at the first opportunity. Go look up the new Safari html 5 database tracking that uniquely identifies you to advertisers. Until the phone comes with strong enough encryption to defeat this hacker in addition to remote wipe that truly wipes the phone, you shouldn't be sleeping too well at night, courtesy of Mr. Steve Jobs.
  • by Sycraft-fu (314770) on Sunday September 12, 2010 @06:21AM (#33551594)

    The more crimes you commit, the more people look for you. Despite your best efforts, you'll leave a signature and this'll get noticed. It may take time, but if you keep committing crimes you'll wind up on bigger and bigger radars, more people, at a higher level, will be looking for you.

    Also there's no such thing as no risk crime. So you say ok just stick to property crime. Then it turns out your break in to a house that's wired. A silent alarm goes off, security company sees you on video. Before you know it, there are cops are private security guards outside. Or you break in to a supposedly empty house, but the home owner is home sick. He gets scared and shoots you. Or hell you just break in to a house and happen to wind up getting recorded by a webcam that some guy has set up to watch his cat. All that aside, there's the problem of monetizing what you steal, and then dealing with the money. Money can be tracked, and of course trying to avoid the people who might do the tracking (like the IRS) can also be tracked.

    The more often you do it, the more likely. As I said, we all make mistakes. If you make a mistake when committing a crime, it may be your last.

    Now if you want to try it, well go right ahead. However You'll get no sympathy out of me when it turns out that you weren't quite as clever as you thought, and some slip up finally was your undoing.

    If you don't want to do it, well then that just kinda goes to my point doesn't it?

    I think geeks romanticize the notion of a smart criminal because they like to think they could beat the cops. They think they are clever enough that, if they wanted to, they could be a mastermind criminal who never got caught. In response to that I'll point you to Hans Reiser, who was not nearly as clever as he wanted to think he was.

    You are right, that your average traffic cop is probably not that intelligent. However that isn't all you face. There ARE plenty of very clever people in law enforcement. What's more, they are clever in the right areas. They know all about how to look for clues, how to spot patterns in behaviour, and how to trip someone up. Their profession is catching criminals and that leads to knowing a lot about it.

    You also have the additional risk, that even if you are successful in something where it is difficult for the authorities to get at you, like say the drug lords (though if you follow such things they get arrested more often than you'd think), that is attractive to competition. Being that you are talking criminals, your competition may choose the expedient method of dealing with you by killing you. This happens in the drug trade often.

    All in all it turns out to be a lot of risk for rewards that, if you are smart, are usually not that much better than what you can get legally. Hence, not so many smart crooks.

  • by kialara (145164) on Sunday September 12, 2010 @06:22AM (#33551600)

    If you're worried about getting uniquely identified by your browser, you may want to read or listen to this episode of Security Now:

    http://www.grc.com/sn/sn-264.htm

  • by CharlyFoxtrot (1607527) on Sunday September 12, 2010 @10:42AM (#33552586)

    So your Droid has whole disk encryption ? What makes you think you're invulnerable to this kind forensics ?

  • by shaitand (626655) on Sunday September 12, 2010 @04:21PM (#33554974) Journal

    "Guess what? We've got a pretty good idea how many crimes are committed where people aren't caught. People tend to report crimes, especially big ones."

    That a rather large assertion without any support. I can't speak of all areas of crime, only 'cybercrime'. I can assure that most of this type of crime DOES NOT go reported regardless of size.

    The reason is very simple. At this level both the robbed and the insurance company both have a great interest in making sure the event doesn't go public. That interest is greater than whatever help the police might provide. The insurance company has other clients who are likely vulnerable to the same thing. It is usually better to prevent others from finding out how to copycat than to stop this one guy. Especially if the guy is reported and not caught! The company robbed doesn't want to see a story about how they were attacked on MSNBC the next day. Their stock would plummet! Forget the company getting robbed, that would cost the CEO, VP's, and the board a lot of money on a personal level.

    Your numbers about crime not being profitable run counter to common sense. The bulk of the things we outlaw are only called bad because they shift a large amount of wealth from one to another easily, consistently, and rapidly.

    Also you pose this false dichotomy where one has to repeatedly take the same chance or else be able to live off a single event.

    Five years ago it took 3hrs worth of work (but not time since you have to wait for mailings and such) to fake an identity get a few thousand in credit extended and convert that credit into cash. A reasonably intelligent person could figure out how to perform this task and make tracing and catching him meet the 'hard enough' threshold within an afternoon. That person could walk away with $5000. That is a pretty large chunk of cash for most of us.

    The credit card company not only wouldn't report this but would fight with law enforcement in every way they legally could if law enforcement tried to investigate. Because of this if the 'victim' tries to report the crime the local police would say that interstate banking is the FBI problem. The FBI would tell her not to file the report because the card companies won't cooperate!

    How do I know? I saw it first hand many times. If you did this enough the card companies would see a pattern and report you. They would cooperate. But if you were bright enough to stop at one or two times you could make $5k-$10k pretty much risk free.* Afterward you could continue your life the same as before but with a pretty substantial chunk, perhaps to invest for retirement. Perhaps for a child's college fund. Or maybe just to blow, it was free and easy money after all. As for taxes, $5k-$10k doesn't change a lifestyle and can easily be absorbed without having to pay the taxes as long as you don't deposit it all at once (or even at the same bank within a 3 month period, banks have to report large cash transactions over $5k or a suspicious combination of them).

    * This is no longer the case. So many bright and unreported criminals did this that identity theft laws were lobbied for and put into place to make this more difficult.

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

Working...