PC-mobile shift causing headaches for forensics chief
Criminals can remotely destroy incriminating evidence by exploiting security features on the Apple iPhone, a leading digital forensics expert has warned.
The head of the Serious Fraud Office digital forensics unit Keith Foggon cautioned that the ability to remotely wipe the iPhone and other smart phones used by enterprises could be exploited by lawbreakers.
iPhone take two: All the coverage
♦ Five iPhone apps for business
♦ Editor's Blog: Why we write about the iPhone
♦ iPhone 3G sales hit one million mark
♦ 10 things we'd change on the 3G iPhone
♦ 3G iPhone launch: Tech trouble for O2
♦ iPhone 3G: The wait is over
♦ ¿Dónde está el iPhone 3G?
♦ Photos: Steve Jobs dances the iPhone 3G tune
♦ Unveiled: The 3G iPhone
♦ iPhone 2.0 - ready for business?
♦ iPhone 2.0 - the rumours and the reality
Foggon said: "The 3G iPhone is brand new, there are not many tools for dealing with it and it can be remotely wiped. It's a bit like the BlackBerrys where users can carry out remote deletion."
He added the unit took precautions to guard against the feature being exploited. "Because we isolate the devices immediately, and never reconnect them to their network, the remote wiping capability does not present us with much of a problem," he noted.
The 21-strong unit, which sniffs out incriminating evidence from crime scenes, uses a number of high-tech tools to get the sensitive data the police needs to build a case. Advanced forensics tools such as the Logicube CellDEK allow the forensics organisation to pull data from more than 1,100 of the most popular mobile phones and PDAs, while its team carry suitcases containing handset connectors of every shape and size to help collect data from the devices.
However, Foggon warned that the shift away from PCs towards mobile devices is posing an increasing headache for the digital forensics teams.
(continues on page 2)
He said: "It is a concern that society is moving more towards using mobile phones. The PC architecture is usually stable but with mobile devices they change daily. If a mobile device comes out tomorrow we will not be able to look at it until a tool becomes available.
"We can still analyse it by photographing every screen on it but we won't be able to get hidden data on it, so photographing every screen is not a very practical way of doing it.
"That is an area where we are almost playing catch-up."
Another growing obstacle to forensics' teams ability to recover evidence is the encryption features found in modern operating systems.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
"With Windows Vista you have BitLocker that will cause us some problems," Foggon noted.
"It ties in the encryption to a chip, there are ways around it but it is something we can't crack, we need a pass to get around that."
The team cracks low-grade encryption using 100 quad-core PCs but for high-grade encryption it relies on the threat of a prison sentence for individuals refusing to hand over passwords or decrypted files.
Foggon believes that the unit's years of experience in unearthing evidence from everything from 186s to MacBooks will mean it will have a key role to play in any central UK e-crime policing unit.
The government has committed itself to funding such a unit and indicated it could be part of the proposed National Fraud Reporting Centre, under the Attorney General's Office, while the Metropolitan Police Service and the Association of Police Officers has put forward proposals to the government to establish a policing central e-crime unit.
Foggon said the unit's structure could soon be transformed and it may even tackle a wider range of criminal investigations, following the publication of its reaction, due imminently, to a review of the Serious Fraud Office (SFO) carried out by former senior New York City prosecutor Jessica de Grazia.
The review called for clarity about the roles, responsibilities, and qualifications of case controllers and assistant directors within the SFO.