• Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Protect your mobile phones and PDAs.

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering

View previous topic :: View next topic  
Author Message
Trusted SF Member
Trusted SF Member

Joined: 14 Apr 2004
Posts: 0
Location: Athens,Greece


PostPosted: Tue Nov 21, 2006 11:30 am    Post subject: Protect your mobile phones and PDAs. Reply with quote

Since it is the matter of the days, here are some questions to trouble your minds. Answers of mine will follow bellow.

1) how is someone able to protect his device from bluetooth snarfing?
2) How to avoid , irritating spam sms messages and calls? (e.g. contest updates)
3) What can you do , to protect your voice calls, by eavesdroppers and tapping?
4) How to protect your phone device, physically?

1) Bluetooth.

By default this protocol has not yet , advanced to a more secure broadcasting method. However pairing connection, is a way to enforce encryption and transmit your password in that way, not in plain text.
Invisible mode, is also a way to bypass common scan , but it is not full proof. As said disabling it , is the best way to protect your device from sniffers and possible penetration (if possible that is).
One though new feature that bluetooth has , is on the new dongles, usually installed on notebooks. They work , as a NIC and as such , they are provided with a MAC address. If now your connection is with a PDA-Notebook , there are more than a couple of ways to protect your data with MAC filtering.
On mobile phones, though , what i have noticed , is that several devices like headsets are connecting via bluetooth , but at the same time they can lock down your device and make in that way a very good "isolated pairing" (no such term but said to decribe it).I experienced and tested that recently with a Motorola headset and a z1010 ericsson . No matter then what i did to discover and connect to other devices, my phone was locked to communicate , only with that device. Curious how it works... will comment when i find out why.

2) You do not need to fill out a form or do anything out of the ordinary... pardon for my English , but RTFM (you all know what it means).
Make a group for callers, and ban the rest. Groups and call restrictions , are available to your device and you can also add a rule (after demanding it from your phone company/provider), with an application, to limit access to your phone, only to calls made by those you want to have that right.
Another way , is to use headset with the abillity to show caller's ID . You do not need to answer, if the number is uknown or not wanted.

SMS now , is another case. This is hard to fight back , as you might be spamed from your own provider!!!! (e.g. for offers and recent news).
Over what i know , only if you apply to your provider not to accept such messages (usually originated and sent from a caller's ID with 4 digit numbers)... carefull though , as to leave open your answering machine number (also 4 digit caller's ID), to receive notifications from there.
There is also , today in the market , recent software to protect form viruses and stuff. Maybe at some point , there will be available something to protect from spam. On PDAs or Smart phones with Windows OS, such measures exist by default ...use them.

3)Troubled you... didn't i?

The case , to do this , might cost a bit, but it is a sollution. Use your forwarding feature. Forward your received call to a normal phone. Even though you are now charged with the duration of that call, conversation is made over OTE or other local phone provider and not on thin air. It will take some time for me to explain , but in plain words, GSM network, although connected to your phone device, is not receiving data. So eavesdroppers will be dissapointed. And if you are paranoid...you can use a scrambler on your phone, though i think that this will attract attention from more sophisticated monitoring "eyes" and you might have a special meeting with the men in black suites and glasses, upclose.
The best way is to not use your phone for serious discussions. Arrange a meeting or at the worst case ,use other ways of communicating with him/her if it is important (e.g. encrypted email or even classical mail (paper) if it is about important contract,etc.)
Truth is though , that there is no full proof way. There are only ways that can make their life (and yours) harder , as to avoid evesdroppers.

Most of the cases were covered regarding damages (except from falling down...hehehe).

What i will add here, is to backup all of your contacts. Cell phones on their own , if lost, will cost you , just in money .
But if you lose your contact list.... well... imagine if you have 200-300 contacts , uniquelly stored in the SIM card of yours. Losing them , is a case which can be able to cause a havoc in your bussiness and personal relationships.
Also ...DO NOT COPY YOUR CONTACTS ON THE PHONE DEVICE... locking the phone is not considered safe, as there are many reset and crack tools out there , for this purpose. Keep them stored only on your SIM.
Same of course is valid , when you are giving away your phone device. Make sure that you have erased ALL DATA from the device.
Another thing that most users forget, especially on those new smart phones and PDAs.
Reset them to factory defaults. Most devices , have kept networking connections (Email, WEB/WAP, VPN credentials, etc.) and if you do not reset them, then the buyer, will have a small data "Treasure" in his hands. Resetting them is easy , as 99% of the devices , have such an option, locked for activation with PIN2 code.

Protect your phone device with other ways:

from water:

In most devices , when you place them inside an external leather "glove-cover", there might be a small gab inside . In there you can go to a hardware store and get some flexible , thin , rubber (kinda like nylon), and place it there , in order to protect , the device from moisture.

from heat:

Never take it to the beach without having it inside a protective glove suit, or a small bag. Even then you need to keep it , in a shadowed place, as in your bag the temp can reach up , to 50 celcious!!!


This is interesting...Most thieves in the past were trying to change IMEIs on the devices, as to remain untraced. Today changing IMEI although still a working and possible sollution , could cause severe troubles to your device, especially if it is a new build firmware . (IMEI code for most phones appear with command *#06# where last four digits show year of production)
GPS/GSM tracking is indeed a sollution , though , a bit expensive and at some point the monthly fee will outcost your device.
What i will suggest is to use the following:

a) Get one of those fancy strings , and hand your cell phone arround your neck. Most of us , tend to forget devices , where we go and we have 50-60% possibillities to lose it , that way.
b) Use ear phones or headsets with wire or cordless. In first case ,any attempt to take it from you will end up in a good ear drag and allert to you.
In second case, your phone will remain hidden , as the only visible thing will be the ear phone , in your ear. Unless now , someone does a strip search on you , your device will remain safe.
c) Tech approach.
How important is your cell phone to you and how much are you willing to spend?
There are some commercial homing devices , to the size of a pins head. They can be powered by your small battery phone and give a beeping signal while you can track it down (to limmited distance ofcourse) with a scanner. Your phone even though turned off, it will still broadcast a signal to you.!!!


Phone lock code
Code protection of telephone (phone security code) it is usually constituted by a four digit number ( in the new appliances it can also be of 6 digits) that it should be imported each time we need to activate the device. This number is registered in its flash chip and constitutes a part of the firmware. Unfortunately, this number however, is not 100% effective. The process, is easy to be taken out or be reset , with the use of computer, special cable of connection and certain technical knowledge. If firmware gets upgraded/updated or with the use of a specific software, this code is erased or it is replaced by a different number of preference , assigned by the intruder.

Contrary to the above code protection, the SIM card contains its own mechanism of safety. Based uppon the significance of the functions of the device, it requests for two codes of protection

PIN 1.
Basic code safety, that protects the device and SIM, but also gives the electronic [OK] for the connection of the mobile into the GSM network. This code is initially programmed to be in a form of a four digit number but it can reach the form of a 16 digits (depending on the device), where it is also stored on the SIM card and not in the mobile device's firmware. . Card SIM "communicates" and triggers the status of the device with special way (language of machine) that is translated by the software of telephone, that we use.
Bypassing or cracking the SIM PIN codes is considered to be highly impropable.
The Second safety code protects secondary operations that however cannot influence the integrity of the device or the process of entry in the network of supplier. Nevertheless, because the nature of this security lock, and due to the same nature of its storage way, it is considered equally impossible to be compromisedd with conventional methods.

Those are actually disarming codes. They are capable of reseting the PIN codes , in case someone has made three mistaken entries by accident (or not). PUK1 is reserved to be used when PIN1 is blocked and PUK2 is reserved to be used when PIN2 is blocked.
Both PUK codes are stored in the SIM card and till now there is no known software or other conventional method to retrieve them.


Differences here to the above mentioned things.

PDAs have a way to protect data inside with a major password , where even a h/w reset wont change. (taking battery off).
This alone can make the device uselless to the thief and an additional reason not to steal it and risk getting caught.
PDAs , have also an additional feature recently of GPS, which can give a nice signal of it , if they try to use that service. If now you are registered to a site , that monitors these signatures, you can easilly locate the device and do what is nesseccary afterwards.

p.s. please forgive me for any grammar or syntax mistakes, since this is a translated article from Greek to English.

to be continued shortly.... gathering more info...

Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering All times are GMT + 2 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register