Mobile phones are changing the lives of both criminals and the investigators that hunt them, mobile phone security experts said at the Infosecurity conference held in New York on Wednesday. And corporate IT departments should be aware of their criminal capabilities, and take steps to gain more control of the mobile devices used by their workers, they said.
With constantly improving storage and processing power, a mobile phone is probably a much more powerful device than many realize, said James Steele, a computer forensics investigator with T-Mobile USA.
"The cell phone will be the new hacker workstation," Steele said during a panel discussion at the conference. "Except for the limitations of the browser, there's nothing I can't do over the wireless network, that I can't do over a regular workstation."
And because wireless networks are designed to frequently assign and then re-assign IP (Internet Protocol) addresses they can be used to make it harder to track down attackers, he said. "It's making it increasingly difficult to find them," he said.
Steel said that some widely publicized mobile phone threats are over-rated. For example mobile phone malware like the Cabir worm, which has attacked users of phones based on the Symbian operating system, is not a major concern of Steele's. "I have seen one Cabir infection," he said. More concerning was a recent MMS (Multimedia Messaging Service) attack that struck a Chinese mobile service provider, but there are too many different operating systems right now for attackers to mount an extremely widespread mobile phone attack, he said."I think so far they exists as proof of concepts," he said.
More worrying, however is the increasing use of mobile phone cameras to photograph and transmit child pornography. "The camera phone is becoming the new place for child pornography," said co-panelist Anthony Reyes, northeast chapter president of the High Tech Crime Industry Association.
Both panelists agreed that theft of corporate intellectual property via mobile phones could become a more serious problem.
To be better able to investigate such crimes, Reyes advised that companies take more control of the use of mobile phones, especially in sensitive areas, where corporate secrets could be photographed or downloaded to a telephone. Corporate IT should take over the process of issuing mobile phones because once the device is company property, it can be easily examined for any signs of wrongdoing, he said. "If it's their own phone," he said. "the expectation of privacy is there."
There is a lot that can be learned from an old handset the panelists said. In fact, the nascent field of mobile phone forensics is a rapidly advancing field, thanks in part to a number of open source tools created by hackers to examine cell phone memory and network traffic. Using tools like tcpxtract (http://tcpxtract.sourceforge.net/), and bitpim, (http://www.bitpim.org/) investigators are often able to retrieve deleted SMS messages, photographs, and telephone numbers from such devices Steele said.
Steele estimated that he gets two phone calls a week from police officers looking for help extracting evidence from mobile phones found at crime scenes.
Reyes agreed that mobile devices like camera phones are often very useful to law enforcement officials. "What I am seeing is a lot of the cell phones being used by victims to help identify the stalkers and attackers."