Tag Archives: CheckMEND

The pocket spy: Will your smartphone rat you out? – New Scientist

by Linda Geddes (New Scientist)

The pocket spy: Will your smartphone rat you out? – tech – 14 October 2009 – New Scientist.

THERE are certain things you do not want to share with strangers. In my case it was a stream of highly personal text messages from my husband, sent during the early days of our relationship. Etched on my phone’s SIM card – but invisible on my current handset and thus forgotten – here they now are, displayed in all their brazen glory on a stranger’s computer screen.

I’ve just walked into a windowless room on an industrial estate in Tamworth, UK, where three cellphone analysts in blue shirts sit at their terminals, scrutinising the contents of my phone and smirking. “If it’s any consolation, we would have found them even if you had deleted them,” says one.

Worse, it seems embarrassing text messages aren’t the only thing I have to worry about: “Is this a photo of your office?” another asks (the answer is yes). “And did you enjoy your pizza on Monday night? And why did you divert from your normal route to work to visit this address in Camberwell, London, on Saturday?”

I’m at DiskLabs, a company that handles cellphone forensic analysis for UK police forces, but also for private companies and individuals snooping on suspect employees or wayward spouses. Armed with four cellphones, which I have begged, borrowed and bought off friends and strangers, I’m curious to know just how much personal information can be gleaned from our used handsets and SIM cards.

A decade ago, our phones’ memories could just about handle text messages and a contacts book. These days, the latest smartphones incorporate GPS, Wi-Fi connectivity and motion sensors. They automatically download your emails and appointments from your office computer, and come with the ability to track other individuals in your immediate vicinity. And there’s a lot more to come. Among other things, you could be using the next generation of phones to keep tabs on your health, store cash and make small transactions – something that’s already happening in east Asia (see “Future phones“).

Gone phishing

These changes could well be exploited in much the same way that email and the internet can be used to “phish” for personal information such as bank details. Indeed, some phone-related scams are already emerging, including one that uses reprogrammed cellphones to intercept passwords for other people’s online bank accounts. “Mobile phones are becoming a bigger part of our lives,” says Andy Jones, head of information security research at British Telecommunications. “We trust and rely on them more. And as we rely on them more, the potential for fraud has got to increase.”

So just how secure is the data we store on our phones? If we are starting to use them as combined diaries and wallets, what happens if we lose them or they are stolen? And what if we simply trade in our phones for recycling?

According to the UK government’s Design and Technology Alliance Against Crime (DTAAC), 80 per cent of us carry information on our handsets that could be used to commit fraud – and about 16 per cent of us keep our bank details on our phones. I thought my Nokia N96 would hold few surprises, though, since I had only been using it for a few weeks when I submitted it to DiskLabs. Yet their analysts proved me wrong.

Aside from the text messages stored on my SIM card, the most detailed personal information that could be gleaned from my handset came from an application called Sports Tracker. It allows users to measure their athletic performance over time and I had been using it to measure how fast I could cycle to work across London. It records distance travelled, fastest speed at different points along the route, changes in altitude, and roughly how many calories I burn off. But when DiskLabs uploaded this data to their computer and ran it through Google

they were able to pull up images of the front of my office and my home – with the house number clearly displayed. Sports Tracker also recorded what time I normally leave the house in the morning and when I return from work. “If I wanted more information, then I could just stalk you,” says Neil Buck, a senior analyst at DiskLabs.

I had deliberately chosen to turn Sports Tracker on, and many people might not stop to consider how such programs could be used against them. In February, Google launched Latitude, networking software for smartphones that shares your location with friends. It can be turned off, but campaign group Privacy International is concerned by Latitude’s complex settings and says it is possible the program could broadcast your location to others without your knowledge. “Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends,” the organisation warns.

It is possible your phone could broadcast your location to others without your knowledge

A phone-based calendar could also leave you vulnerable. Police in the UK have already identified burglaries that were committed after the thief stole a phone and then targeted the individual’s home because their calendar said they were away on holiday, says Joe McGeehan, head of Toshiba’s research lab in Europe and leader of DTAAC’s Design Out Crime project, which recently set UK designers the challenge of trying to make cellphones less attractive to people like hackers and identity thieves. “It’s largely opportunistic, but if you’ve got all your personal information on there, like bank details, social security details and credit card information, then you’re really asking for someone to ‘become’ you, or rob you, or invade your corporate life,” McGeehan says.

Code cracker

When Buck looked at my colleague’s iPhone, he found two 4-digit numbers stored in his address book under the names “M” and “V”. A search through his text messages revealed a few from Virgin informing him that a new credit card, ending in a specific number, had just been mailed to him. Buck guessed that “M” and “V” were PIN codes for the Virgin credit card and a Mastercard – and he proved to be correct on both counts.

“Out of context, an individual piece of information such as an SMS is almost meaningless,” says Jones. “But when you have a large volume of information – a person’s diary for the year, his emails, the plans he’s building – and you start to put them together, you can make some interesting discoveries.”

In this way the DiskLabs team also identified my colleague’s wife’s name, her passport number and its expiry date, and that she banks with Barclays. Ironically, Barclays had contacted her regarding fraud on her card and she had texted this to her husband. Buck’s team also discovered my colleague’s email address, his Facebook contacts, and their email addresses.

This kind of personal data is valuable and can fetch a high price online. It’s ideal for so-called 419 scams, for instance, in which you receive an email asking for help in exporting cash from a foreign country via your bank account, in exchange for a share of the profits. “What they need to launch a successful 419 scam is personal information,” says Jones.

A growing awareness of identity theft means that many people now destroy or wipe computer hard drives before throwing them away, but the same thing isn’t yet happening with cellphones, says Jones. At the same time, we are recycling ever greater numbers of handsets. According to market analysts ABI Research, by 2012 over 100 million cellphones will be recycled for reuse each year.

As part of a study to find better ways to protect cellphone data, Jones recently acquired 135 cellphones and 26 BlackBerry devices from volunteers, cellphone recycling companies and online auctioneers eBay. Around half of the devices couldn’t be accessed because they were faulty. In our own smartphone experiment, we were unable to retrieve any data from a BlackBerry, or the Samsung E590.

However, Jones’s team found 10 phones that contained enough personal data to identify previous users, and 12 had enough information for their owner’s employer to be identified – even though just three of the phones contained SIM cards.

Of the 26 BlackBerrys, four contained information from which the owner could be identified and seven contained enough to identify the owner’s employer. “The big surprise was the amount we got off the BlackBerry devices, which we had expected to be much more secure,” says Jones. While BlackBerry users have the option of encrypting their data or sending a message to purge data from their phones should it be sold or stolen, many had not done this. “Security is only any good if you turn the damned thing on,” says Jones.

Security is only any good if you turn the damned thing on

His team managed to trace one BlackBerry back to a senior sales director of a Japanese corporation. They recovered his call history, 249 address book entries, his diary, 90 email addresses and 291 emails. This enabled them to determine the structure of his organisation and responsibilities of individuals working within it; the organisation’s business plans for the next period; its main customers and the state of its relationships with them; travel and accommodation arrangements of the individual; his family details – including children, their occupations and movements, marital status, addresses, domestic arrangements, appointments and addresses for medical and dental care; his bank account numbers and sort codes, and his car registration index. Two further BlackBerrys “contained details of a personal nature about the owner and other individuals that would have caused embarrassment or distress if it had become publicly known”, says Jones.

Although his team used specialist forensic software to retrieve data from the phones, much of it could be obtained directly from the handsets themselves, or by using simple software of the kind that is sold with a phone. “This was not designed to be a sophisticated attack, it used simple techniques that anyone would have access to,” Jones says.

That’s bad news, considering that around 20 millions handsets were lost or stolen worldwide in 2008, according to UK data-security specialists Recipero. So how can people go about making their phones more secure? Turning on the security settings is an important first step, says McGeehan, as this may dissuade potential thieves from going to the effort of trying to crack the codes. Then make sure you delete anything you want to keep secret, while bearing in mind that it is often possible to recover it (see “Phone security Q & A“). “I work on the basis that anything I put on there I’ve got to be prepared for people to see,” says McGeehan.

As for me, I’ve taken to deleting potentially incriminating messages as soon as they arrive in my inbox – and reproving the sender in return. I have also passed my old handset to my husband for safekeeping. If those brazen messages must fall into someone else’s hands, I’d rather they were the hands of the Don Juan who composed them than a smirking IT geek in a distant windowless room.

To read the rest of this article please go to: New Scientist

Stolen bike listed on Ebay leads to recovery and arrest

Police officers in Cheltenham, Gloucestershire have recovered a high value bicycle and returned it to its rightful owner after it was listed for sale on the online auction site Ebay.

The Marin Mount Vision 5.8 2009 model bike was stolen, along with a Hard Tail mountain bike, from a home in Hester’s Way Lane in Cheltenham between 10pm on Wednesday August 5 and 5.45am on Thursday August 6.

Annoyed by the theft of their bikes one of the owners began searching online auction sites and immediately recognised one of stolen bikes as theirs. The police were alerted and acted straight away carrying out a warrant at an address in Springbank Grove, the marin bike, which is valued at approximately £2850, was recovered and a 29-year-old man arrested.

The man was later charged with theft of a pedal cycle and bailed to appear at Cheltenham Magistrates Court on September 18. The second bike has not yet been recovered and officers continue to work to try and locate it so that it can also be returned to its owner.

Officers are encouraging cyclists to register their bikes on www.immobilise.com, a website that allows you to create a free, private and secure portfolio of all of your personal property and adds the items to the National Mobile Property Register. If the bike, or registered item, is then lost or stolen the website can be used to tell the Police, your insurer and the second-hand trade to assist in recovering your property and catch the thief.

If you are about to purchase a second-hand bike and are unsure of the bikes history we recommend you consider checking the bikes serial number against Immobilise’s sister service CheckMEND – The Second-hand Database of Lost, Stolen and Counterfeit Goods.

Anyone who thinks they may have seen the outstanding bike is asked to contact Gloucestershire Constabulary on 0845 090 1234 quoting incident number 94 of August 6. Alternatively you can call Crimestoppers anonymously on 0800 555 111.

Carphone Warehouse expands its use of CheckMEND

Carphone Warehouse Website

As of the 8th June The Carphone Warehouse have extended their trade-in scheme to include iPods and GPS equipment. Every item is checked in real-time on Recipero’s CheckMEND due diligence service.

The system has been integrated with Carphone Warehouse’s EPOS systems in over 800 UK stores, their website, and direct sales channels, allowing them to ensure only ‘bona fide’ customers can benefit from their trade-in offers.

With nearly 50 billion items of serial numbered goods recorded CheckMEND is the world’s largest database of stolen goods, making it an obvious partner for Carphone Warehouse.

For more information please visit the following links:

www.carphonewarehouse.com

www.checkmend.com

www.recipero.com/cpw_expand_checkmend_use

Immobilise helps reduce mobile phone thefts

stolenmobilephonesThe Northamptionshire Evening Telegraph has reported that mobile phone theft rates have been steadily decreasing throughout the county thanks to forensic property marking schemes, encouraging people to use the security features on their phones and advising people to register their phones on www.immobilise.com.

However Crime prevention officer Paul Golley said people weren’t doing enough to protect themselves from thieves and against robbery:

We’d urge people not to show off their mobile phones or leave them unattended in public places like pubs and restaurants. People are advised not to use them while walking in public places as you are more prone to robbery.

We’d remind motorists not to leave phones in their cars and people should switch their phones to vibrate if they think their phone might bring them unwanted attention.

The number of mobile phone thefts in north Northamptonshire stood at 1,482 for the period 2006 to 2007. In the following year they dropped to 1,446 and the latest annual figure was 1,291.

To read the source article in full please go to: The Northamptionshire Evening Telegraph

Police target mobile phone stores in a crackdown on the sale of stolen goods

Emma Stone of the Coventry Telegraph has reported that police in Coventry are targeting mobile phone stores in the city in a crackdown on the sale of stolen goods.

Officers from Stoney Stanton Road police station, along with officers from Coventry City Council’s Trading Standards, have been carrying out spot checks at shops selling mobile phones and accessories.

Four mobile phone stores have been visited in the last week and two were found offering illegal handset unblocking services.

The stores were searched and seven stolen mobile phones were seized from the two city stores.

In addition to the stolen phones, trading standards officers also seized a large quantity of counterfeit phone accessories from one of the shops visited.

As part of the police operation, second-hand mobile phone stores are being asked to log details of the serial number, phone number and customer details of all handsets brought in for sale.

Shop owners are also being advised to check national database

will tell us if a phone has been stolen.

Anyone wising to carry and use phones which have been stolen are now much more likely to be caught.

Stores that do not check the validity of the phones they are selling will also be targeted by police and trading standards officers.

He added that further spot checks were planned throughout the city.

To read the source article please go to: Coventry Telegraph

Gwent Police launch high-tech war on thieves

The South Wales Argus has reported that vehicle thieves and shoplifters in Gwent are being targeted by police.

Extra officers are being used this week to capture cars and use specialist number plate recognition equipment to find stolen goods and return them to their rightful owners.

Detective Inspector Peter Jones, who is leading the operation, said

This is a response to the increase in thefts from vehicles during the run-up to Christmas … We know that thieves are stealing number plates, sat navs, audio equipment like CD players and mobile phones. We also know they are selling them on and are working with second hand shops to stop that.

People can register their valuables on the specially designed Immobilise.com website so their goods can be returned if stolen.

Officers from the community safety team will also be out in January showing shoppers how to register their valuables.

Inspector Terry Davies from the team said:

We are concerned that the credit crunch may be leading more people to risk buying dodgy goods which could have been stolen, to save money.

To view the source article in full please go to: South Wales Argus Newsdesk

Cheltenham Police Urge Students To Keep Their Accommodation Secure

Gloucestershire Constabulary make some sensible recommendations for students:

Cheltenham Police are reminding students to keep their accommodation secure. The warning comes after two student homes in the town were burgled last week.

Sergeant Mark Stephens from Whaddon Safer Community Team, who are responsible for policing issues at the Francis Close Hall, Hardwicke and Pitville campuses said: “Sadly student houses are an easy target for burglaries as with several people coming and going from the property they are easily left insecure.”

“If you add up the cost of everything you own, ipod, television, bike, laptop and mobile phone, you’ll probably be surprised at the amount it comes to.

“Along with the financial ramifications of losing these items it can also be very upsetting and devastating to your university work if any of your notes were stored on the stolen items.”

In addition to registering property on the Immobilise Property Register, Cheltenham police also make these sensible suggestions:

  1. A remarkable number of burglaries occur because a window or door has been left open, so make sure you keep them closed.
  2. Do not leave cash or valuables on display in your room and make sure valuable items cannot be seen from the window.
  3. During the Christmas, Easter and summer holidays take all items of value home with you.
  4. Make sure your property is insured.
  5. Get valuables security marked.

To see the orginal article in full go to: Space – University of Gloucestershire Students Union

Compulsory registration of mobile phones in the UK

The concept of making everyone register their handset in the UK is greatly misunderstood and is being hyped up by the press. Did you know that any contract mobile phone owner’s information can already be accessed by the Police using either a request under the RIPA or DPA procedures? So why should be people using PAYG phones not be subject to the same system? this is all this is about and it closes a loophole used by criminals that make it harder for the Police to identify stolen handsets or handsets used in connection with dubious activities. The only argument surely is whether the owner’s information is subject to the safeguards afforded by RIPA. If you use the DVLA registration of cars as a proof of concept, the Police can tap in your registration number and see the owner’s details in a heartbeat without having to make any formal requests so why not do the same with mobile phones?

Property stolen from luggage and sold on eBay!

With the recent incident highlighted in an article on the register website regarding the theft of consumer electronic from people luggage and their subsequent sale on eBay once again the use of CheckMEND could have saved a lot of people buying this stuff a lot of hassle. Remember if it looks too good to be true it probably is, always check what you are buying with CheckMEND.

CheckMEND service addresses online auction sites’ problems

CheckMEND SERVICE ADDRESSES ONLINE AUCTION SITES’ PROBLEMS

 

Need for Stronger Solutions Underscored by eBay Counterfeits Ruling in France; US Decision Imminent 

 

Gloucestershire, UK, July 2, 2008 – In light of the recent legal ruling in France resulting in a $63 million fine against eBay for selling counterfeit luxury goods, the global issue of product authenticity among online auction sites has been brought sharply into focus. Cybercrime and “e-fencing” are serious matters in the US as well, costing consumers an estimated $4 billion annually. A judge in the US is due to rule at any time on a similar case brought by Tiffany. 

 

This threat was identified eight years ago by the founders of CheckMEND.com, an online property validation service, who have compiled what is now the world’s largest database of counterfeit and stolen goods with more than 100 million records. A simple online search (or “check”) allows auction sites, consumers and manufacturers to validate the authenticity of a product for less than a dollar.

 

Adrian Portlock, founder and CEO of CheckMEND, has been in the business of identifying dubious goods sold online for nearly a decade and is an expert in this area, having worked extensively with law enforcement and government organizations. He said, “If you strip away the smoke and mirrors, this is a simple argument about whether online auction sites should be pro-active in policing the property being sold on their sites, and this issue is not going to go away. No system is ever going to be perfect at identifying all questionable items, but you have to start somewhere. CheckMEND is the most comprehensive system of its type, recommended by eBay in the UK when buying a mobile phone.”

 

A short demo of the CheckMEND system can be viewed at www.checkmend.com.

 

About CheckMEND

CheckMEND is a commercial service provided by Recipero Limited, a specialist aggregator of information. Based in Gloucestershire, UK, Recipero provides services to a range of blue chip clients and government organizations. The data on the CheckMEND database is checked over 1 million times a month by hundreds of approved organizations from more than 40 countries worldwide. For more information, visit CheckMEND at www.checkmend.com.