Your iPhone May Not Be Your Friend

I love my iPhone but I always look at it with deep suspicion. It probably knows more about me and my secrets than my puffy pillows. It could even betray me.

Blame it on Steve Jobs but I assume I'm not alone. Most of us have fallen prey to the modern digital world to the point of no return – as we take for granted the increasing number of things we can do with our smartphones, we expose ourselves to bottomless risk, knowingly, unknowingly or simply without regard. The amount of information that is contained in the average smartphone can include bank details and other personal data that would be highly profitable to the wrong person who might pick up your phone where you forgot it.

The fact is that they may not even need physical possession of your phone. Consider the extent of what a smartphone can do, based on a true story of what actually happened at several McDonald's restaurants in Australia between 2010 and 2011.

Suspects broke into the restaurants and stole the spare hand-held EFTpos units, which are point-of-sale terminals commonly used in Australia and New Zealand to process debit or credit card payments – similar to the Octopus card-readers that are used in Hong Kong.

The stolen devices, modified with a card skimmer, local storage and Bluetooth transmitter, were then secretly returned and placed at the cashier stations. Every card swiped on these units from then on had their details including the PIN number stored and transmitted via Bluetooth to the smartphones of the suspects who regularly showed up as customers.

As you could have guessed, the stolen details were promptly sold via the Internet and huge bills were quickly footed on them.

Imagine the damages had these EFTpos units also accepted payments from smartphones equipped with Near Field Communications, ie. NFC-enabled smartphones, which have been introduced in Japan, Korea and the US and are expected to take off further when Apple Inc. equips the iPhones with its newly patented iWallet app in the very near future.

All the personal data on your smartphone could thus be transmitted to the scamsters, perhaps sitting beside you at the restaurant.

“For some reasons mobile phones have become so embedded into our daily use that little thought is given to the type and amount of information we store on them,” said Adam Stafford, a mobile phone forensics expert with the accounting firm BDO in Western Australia.

Stafford, a former officer with the Police Computer Crime Squad in Western Australia, recalled how some criminals paid the price for having the odd habit of taking photographs of their prized assets. For example, criminals caught for possessing weapons were found to have posed for smartphone photographs of them with their marijuana plants. With the help of the “location service” on the phones, the police had a home run.

So what exactly is mobile phone forensics?

In the same manner that law enforcement and investigators find evidence through computer forensic techniques to retrieve data on computers, including deleted data, the same can be done these days on smartphones. This is largely due to the convergence of technologies as mobile phones increasingly perform and even replace what we used to do with our computers. Although the file systems in mobile phones are not as organized as computers and can vary from phone to phone and the data recovery process may be more complicated, nevertheless recovery is increasingly possible.

The iPhones, the least secure for their owners, are the dream of mobile phone forensic experts, followed by Android phones and Blackberry, according to Stafford. The traditional mobile phone, with few additional capabilities other than SMS is the most secure for consumers.

Do’s and don’ts for your iPhone

- Pay attention to the terms and conditions when installing apps. Read them before you click “Allow”.

- Download only those Apps that are from known legitimate sources. Jailbreak at your only risk.

- Beware of the information you may be giving out for free to the App developers.

- Remove all unwanted data on a regular basis.

- Update the OS as soon as its released or available.

- Disable Bluetooth and WiFi if you don't use them. It will not only save battery but make your phone “invisible”.

- Keep physical control of your phone at all times. Many apps do not allow password protection and your personal data may be exposed and manipulated if the phone fell into the wrong hands.

- Always use a screen lock.

Source: BDO

But why should anyone care what mobile phone forensic experts can do if they have no skeletons in the closet? After all, not everybody lives in the CSI world.

The “I'm nobody” and “nobody is interested in my personal data” attitude is, unfortunately wrong -- and common considering the popularity of social networking platforms like Facebook and Twitter. “I think rather than be concerned about mobile phone forensics, people possibly should be concerned about the amount of information retained on mobile devices that they are not aware of,” said Stafford. “Some mobile phones retain a log of activity that cannot be viewed on the phone and cannot be deleted. However forensic software may recover this. Some phones maintain a database file of text messages that includes messages which have been ‘deleted’.”

One should be even more concerned when some Apps on smartphones are “intrusive” and put private data at great risk. These apps may have terms and conditions spelled out, including what kind of private data they access and retain but the developers behind the apps usually opt to ease users’ concerns by assuring them the upgrades or downloads were all meant to provide a “seamless experience,” two comforting words that would usually be sufficient to prompt users to overlook the fine print and jump right into the program, ignoring the risks to their private data once they were uploaded to the servers of the software developers.

There are now some 6 billion mobile phone subscribers in the world, equivalent to 87 percent of the world population, with annual 30 percent growth led by countries like China and India.

And mobile phone usage in China is widespread with text messages, QQ and Weibo commonly used for social networking and business communications. On the eve of Chinese New Year earlier this year, almost 1.9 billion text messages were sent in Beijing and Shanghai alone.

“As the mobile phone becomes smarter and faster, it also carries an abundance of evidence not available elsewhere,” said Rio Lam, principal and computer forensic specialist with BDO in Hong Kong, who noted a common practice in China whereby salesmen and businessmen often use QQ or text messages to conduct business transactions such as placing sales orders, giving quotes and product information and even negotiating deals.

“From the perspective of an investigator, it makes it very tempting to examine the target individual's mobile phone to collect evidence in an investigation.”

With tablet computers like the iPad increasingly popular and primed to overtake PC sales, we will have to be even more careful with the way we use and manage our handheld mobile devices.

(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. Email: His column also runs in The Standard of Hong Kong.)