steven_oharra Posted June 8, 2010 Share Posted June 8, 2010 Lots of videos and weak solutions (remove your battery; yeah, and how do I get incoming calls?), see if its warm... (I live in San Diego!)... see if the battery runs down fast (I'm IT; its charged 2x a day!), "contact vendor to reformat it" (try it, they'll claim ignorance or after much escalation, mention Patriot Act and accidently disconnect)... Tripwire for smartphones? Seriously... ideas on detecting compromise (hash?) a way to reset to as-shipped format? Check out flexispy (first in the news) or a few more at: http://www.youtube.com/watch?v=dfg5xmrLJlo http://www.thecellsnoop.com/?gclid=COaLo92...CFQ06agod5SW7bw Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 9, 2010 Share Posted June 9, 2010 The types of 'attack' in those videos more than likely require physical access to the phone. Detecting it may be impossible as access to the operating system in general is often restricted by both the phone manufacturer and service provider, either through the phones GUI or via a computer. The only thing you can do is press the 'restore factory defaults' button if you think it's been compromised, however, depending on the phones implementation, this may be ineffective if the function even works any more. Basically, if you get that shit on your phone, your are probably, essentially SOL. You could get the phone forensically examined, but that's expensive and the phone may never work as a phone again as a result of it been dissembled. You might be able to convince the manufacturer or service provider to have a look at it, but there is a good chance the service engineer will glance at the 'problem' description, press the 'restore factory defaults' button and send it back to you. Best option of time vs money vs it's definitely fixed? Get a new phone. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted June 14, 2010 Share Posted June 14, 2010 Or you could just not let random people use your cellphone without you there, watching them... Quote Link to comment Share on other sites More sharing options...
Burning Aces Posted June 22, 2010 Share Posted June 22, 2010 or just always have multiple passwords for anyone to access your phone Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 22, 2010 Share Posted June 22, 2010 or just always have multiple passwords for anyone to access your phone Or lets put this way, different user accounts with different level of access, like read/write/execute. That way you have more control over who's got what and who can do what. If that makes sense. Quote Link to comment Share on other sites More sharing options...
steven_oharra Posted June 27, 2010 Author Share Posted June 27, 2010 Lots of videos and weak solutions (remove your battery; yeah, and how do I get incoming calls?), see if its warm... (I live in San Diego!)... see if the battery runs down fast (I'm IT; its charged 2x a day!), "contact vendor to reformat it" (try it, they'll claim ignorance or after much escalation, mention Patriot Act and accidently disconnect)... Tripwire for smartphones? Seriously... ideas on detecting compromise (hash?) a way to reset to as-shipped format? Check out flexispy (first in the news) or a few more at: http://www.youtube.com/watch?v=dfg5xmrLJlo http://www.thecellsnoop.com/?gclid=COaLo92...CFQ06agod5SW7bw <_< Okay, we either need to let this die or try reading/thinking a touch more before responding. The first responder made the unfortunate assumption that physical access was primarily required. An understandable mistake but that hasn't been necessary for the last 5+ years old. Do you really think your government needs physical access to your cell if they want to monitor it? Do you really think anyone that works with the govt or other agencies that do this daily wouldn't leak that? Do you really think worldwide "services" will fly to your victim's phone to physicaly hack/access it? (for $35!) These "services" aren't hackers. Someone showed them how to do it and now they reap the profits selling our privacy to a no-talent wanna-be cell eavesdropper that has $35-$75 on his/her credit card to buy your life. Sadly, the follow-on posters rode that assumption so far off the track no one is even bothering to read the original post and address the issue in a constructive/learning/opportunity for a Hak5 session. Rarely do knee jerk answers address the problem (though that last one was especially innocent/funny) I've had so many 1st semester kids like that in my beginning networking classes ... And, no Tommy... ACLS (Domino IBM world), Rights and Permissions (MS world) ACLs, Permissions, Rights, NDS/Bindery Trustee filters (NetWare) AccessRights (Unix and by inheritance, Linux) Which is what you are trying to float is not on today's lesson plan or answer sheet. How about it,.. any folks out there with the interest and skillset to address how this can be detected and expunged? Please, CRCs or Hashes are no-go (dynamic)... Not trying to rough ride, but if this forum doesn't have the juice or interest (again, understandable), we can go back to the otherwise fun ZIP, Switchblade and pineapple toys (not knocking them,.. they are great fun for a couple hour's diversion) Remember, they are offering a service that lets them offer 7/24 call recording, realtime GPS for victim's whereabouts, remote muted monitoring, call forwarding and call alert for a one time $35-75 spike. So... Back to my original post, wouldn't it be nice to have an Informed Hak5 session on this topic to include how to detect, expunge and better still, deny such no-skill, full-access cracks to anyone's cellphone? Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 27, 2010 Share Posted June 27, 2010 We are talking about mobile phones, not land lines ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.