This guest post is from Marc Weber Tobias, an attorney and physical security specialist.
If someone asks to borrow your cell phone, or you leave it unattended, beware!
Unless you actually watch them use it, they may be secretly grabbing every piece of your information on the device, even deleted messages. If you leave your phone sitting on your desk, or in the center console of your car while the valet parks it, then you and everyone in your contacts list may be at risk, to say nothing of confidential e-mails, spread sheets, or other information. And of course, if you do not want your spouse to see who you are chatting with on your phone, you might want to use extra caution.
There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.
I recently attended and lectured at the Techno-Security conference in Myrtle Beach, Fla. About 1,500 law enforcement and security professionals participated and were briefed on the latest in cybersecurity vulnerabilities from participating federal agents, manufacturers, and cyber-consultants. The CSI Stick caught my attention because of the potential to rapidly and covertly download all of the information contained in many cell phones.
This device connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.
The good news: the device should find wide acceptance by parents who want to monitor what their kids are doing with their phones, who they are talking to and text messaging, and where they are surfing. It could also be valuable in secure areas where employees need to be randomly monitored to insure that sensitive information is not compromised through the use of a cell phone as a memory device.
The CSI Stick sells for $200 and requires an added piece of software to mine the data and do sophisticated processing on your computer. So now, in addition to worrying about your conversations or data being intercepted through your Bluetooth headset, there is a new threat, and it is very real.
The rule: if your phone contains sensitive data, do not leave it unattended. If you loan it to someone to use because they tell you theirs is not working, make sure you actually see them using the phone and there is nothing connected to it.
USB device spies on mobile phones
(Credit: Marc Weber Tobias)