Additional security resources

Submitted by amir on Mon, 09/08/2008 - 16:07.

Security for Activists A Practical Security Handbook for Activists and Campaigns.
A Guide to Mobile Phones A short guide to using mobile phones safely and securely for activists.
A Brief Introduction to Secure SMS Messaging in MIDP: Nokia developer guide
ChameleonSMS: Encrypted SMS (commercial with free trial)
MultiTasker: Encrypted SMS (commercial with free trial)
SecureAge: Encrypted SMS (commercial with free trial
SMS 007: Encrypted SMS (commercial with free trial)

Additional material on Bluetooth vulnerabilities

http://www.thebunker.net/resources/bluetooth

Information about EXIF data

Some information on the hidden data files which are embedded in camera phone pictures
http://www.exif.org/

Mobile Phone Spying

Phones used as spying devices - http://www.mysecured.com/?p=127

Mobile forensics information

SIM Card Forensic Analysis is worth thinking about in terms of how much data is hidden on your phone; from
http://www.mobile-phone-analysis.com/. This can give us:

The phone number (MSISDN), this is dependent on the set up of the handset, and can be altered by the user.
The network provider
The last cell site connected to (LOCI).
Any stored phonebook entries (Abbreviated Dialling Numbers (AND)), if the SIM is set to store this information.
Last Dialled Numbers, if the SIM stores this information.
Text messages (including deleted messages), if the SIM is set to be used as a store.
IMSI (International Mobile Subscriber Identity): A unique number that is allocated to each SIM

Mobile Phone Handset Forensic Analysis
This can give us:

The software version of the phone (similar to the operating system).
The IMEI (International Mobile Equipment Identity) - This is set during manufacture and is a unique string of 15 digits. This can be found on the back of the phone within the battery compartment, and also by typing *#06#. These should match; if they don't then someone has been tampering with the phone.
Phonebook
Speed dial numbers
Phone settings and profiles
Pictures
Audio recordings
Videos
Call logs
Java applications
Calendar/Organiser
WAP settings

Undelete SMS

Software that is available online for retrieving text messages from a SIM card.
http://vidstrom.net/stools/undeletesms/

Cellphone investigation toolkit

http://www.search.org/files/pdf/CellphoneInvestToolkit-0807.pdf
Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specificationspdf (358kb)

With thanks to Mike Grenville from 160characters.org for permission to reuse excerpts from his 'Security Guide for Mobile Activists'.

Printer-friendly version