madison
Home / News & Blogs

iPhone's remote deletions may help crooks cover tracks

Nick Heath silicon.com | September 3, 2008 6:28 AM PDT

Summary

Certain features of increasingly widespread enterprise smartphones may aid criminals in hiding incriminating evidence, says the UK's Serious Fraud Office.

Topics

Apple iPhone, Team, Mobile, Unit, Encryption, Keith Foggon, PC Architecture, Team Management, Smart Phones, Productivity, Advertising & Promotion, Management, Consumer Electronics, Personal Technology, Marketing, Nick Heath silicon.com, fraud, iPhone, security, Apple
Criminals can remotely destroy incriminating evidence by exploiting security features on the Apple iPhone, a leading digital-forensics expert has warned.

The head of the UK's Serious Fraud Office's digital forensics unit, Keith Foggon, cautioned that the ability to remotely erase the iPhone and other smartphones used by enterprises could be exploited by lawbreakers.

Foggon said: "The iPhone 3G is brand new, there are not many tools for dealing with it and it can be remotely wiped. It's a bit like the BlackBerrys, where users can carry out remote deletion."

He added that the unit took precautions to guard against the feature being exploited. "Because we isolate the devices immediately and never reconnect them to their network, the remote-wiping capability does not present us with much of a problem," he noted.

The 21-strong unit, which hunts out incriminating evidence from crime scenes, uses a number of hi-tech tools to get the sensitive data needed by the police to build a case. Advanced forensics tools, such as the Logicube CellDEK, allow the forensics organization to pull data from more than 1,100 of the most popular mobile phones and PDAs, while the team members carry suitcases containing handset connectors of every shape and size to help collect data from the devices.

However, Foggon warned that the shift away from PCs towards mobile devices is posing an increasing headache for the digital-forensics teams.

He said: "It is a concern that society is moving more towards using mobile phones. The PC architecture is usually stable but, with mobile devices, they change daily. If a mobile device comes out tomorrow, we will not be able to look at it until a tool becomes available."

"We can still analyze it, by photographing every screen on it, but we won't be able to get hidden data on it, so photographing every screen is not a very practical way of doing it," Foggon said. "That is an area where we are almost playing catch-up." Another growing problem, as regards forensics teams' ability to recover evidence, is the encryption features found in modern operating systems.

"With Windows Vista, you have BitLocker, which will cause us some problems," Foggon noted.

"It ties in the encryption to a chip. There are ways around it but it is something we can't crack; we need a pass to get around that."

The team cracks low-grade encryption using 100 quad-core PCs but, for high-grade encryption, it relies on the threat of a prison sentence for individuals refusing to hand over passwords or decrypted files.

Foggon believes that the unit's years of experience in unearthing evidence from everything from 186s to MacBooks will mean it will have a key role to play in any central UK e-crime policing unit.

The government has committed itself to funding such a unit and indicated it could be part of the proposed National Fraud Reporting Centre, under the Attorney General's Office, while the Metropolitan Police Service and the Association of Chief Police Officers have put forward proposals to the government to establish a policing central e-crime unit.

Foggon said the unit's structure could soon be transformed, and it may even tackle a wider range of criminal investigations, following the publication of its reaction, due imminently, to a review of the Serious Fraud Office carried out by former senior New York City prosecutor Jessica de Grazia.

The review called for clarity about the roles, responsibilities and qualifications of case controllers and assistant directors within the Serious Fraud Office.

Talkback Most Recent of 4 Talkback(s)

  • Doesn't matter if it doesn't work!
    http://www.dslreports.com/shownews/iPhone-Users-Greeted-With-Morning-Outage-97436
    ZDNet Gravatar
    bjbrock
    3rd Sep 2008
  • RE: iPhone's remote deletions may help crooks cover tracks
    Remote deletions have been a feature of police radio handsets for ages now. It's a shame that they start moaning when the public can do it.

    Time after time the authorities abuse their power and hide behind flimsy protocols and policies when questioned. It's about time we had some decent tools to fight back against the erosion of civil liberties
    ZDNet Gravatar
    mark@...
    4th Sep 2008
  • Interesting spin...
    If you only browse the headline, you'll come away with
    ZDNet screaming "iPhone can be abused by hax0rs!
    (Implicitly,) Windows Mobile is the safe choice!"

    Reading what the article actually says, and the expert
    quote included, leads to a somewhat different view. "It's a
    bit like the BlackBerrys", he says. His point clearly was "the
    shift away from PCs towards mobile devices" entails risks
    and difficulties so long as new devices appear in the
    marketplace before forensics tools support that new
    device.

    This really isn't a failure of any technology, and certainly
    not iPhone-specific. Rather, it's a political/regulatory
    issue, and is best addressed at that level. Governments
    which place substantial priority on being able to access
    data in these devices, for law-enforcement or other
    purposes, will eventually fine-tune their
    approval/certification process so that these concerns are
    addressed (and ideally well-publicized).

    Several security-aware iPhone enthusiasts here (Singapore)
    have blogged about speculation that the lack of such tools
    was one reason the iPhone 1.0 was not (officially) offered
    for sale here. When a government can decide which Web
    sites its subjects may lawfully view or what news they may
    lawfully read, allowing a sure-to-be-popular device that
    can't be mind-raped at will is highly inconsistent.
    ZDNet Gravatar
    Jeff Dickey
    7th Sep 2008
  • RE: iPhone's remote deletions may help crooks cover tracks
    "Why can't we read your email and diary? You must be hiding something". In that case, the "delete key" and "empty recycle bin" functions also help criminals. The man wont be happy until you can't keep your thoughts locked away either. Encrypt everything with TrueCrypt. Shred your doodles. Use a VPN. The moment they open the files to the police station and Pentagon to the public, trust them with your life. Until then, "Anything you say can and will be used against you in a court of law".
    ZDNet Gravatar
    gotProps
    8th Sep 2008

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity