Shostack + Friends Blog Archive

 

Mangle those cell phones?

OK. Right off I am *not* advocating physical destruction of old recycled cell phones. This post (Mangle those hard drives!) [link to http://blogs.zdnet.com/threatchaos/?p=392 no longer works] at my primary security blog, ThreatChaos, got a lot of reactions when I suggested that physical destruction of hard drives was the best policy in lieu of a well managed data wiping process. That was sparked by the news that computers being re-sold in Nigeria were being used to harvest bank account information which was then sold to attackers.
Now, Trust Digital has demonstrated that most phones are not properly scrubbed before being offered for sale on eBay. They purchased ten cell phones and proceeded to extract all sorts of data from them. Read the whole story from the Associated Press article [link to http://news.yahoo.com/s/ap/20060830/ap_on_hi_te/betrayed_by_a_cell_phone no longer works]. There is a great quote from Howard Schmidt who types his password incorrectly 11 times to cause his cell phone to self destruct. Of course Trust Digital was demonstrating the need for their products which are justified in the corporate world.
For personal protection? I would mangle the flash memory of all un-needed cell phones. Incinerate? Acid bath? Microwave? All good. But unless you are worried about the NSA recovering your info I would just take it out to the garage and whack it with a hammer on your anvil. Don’t have an anvil? I can lend you one of mine. 🙂
Can’t get the flash memory out of the phone? Hit the phone with a hammer until you can find the chip. Then proceed to instruction 1. above. (Always wear safety goggles when hitting things with hammers).

6 comments on "Mangle those cell phones?"

  • jsaltz says:

    An abomination.

  • Stiennon says:

    Am I missing somthing jsaltz? A quick Google search reveals that you have left comments using the word abomination 729 times! http://www.google.com/search?hl=en&lr=&q=jsaltz+abomination&btnG=Search
    Is this a Monte Python thing? What are you?

  • nzruss says:

    Ha! I’m not the only person who noticed… ( i posted about this on my blog)

  • Karlikurod1 says:

    Karlikurod4

  • Karlikurod1 says:

    Karlikurod4

  • Stiennon says:

    Now there are two of us nzruss. Although I asked the ZDNET blogging commuity if they knew what the abomination guy was up to. I think he is in Italy.
    BTW, comments to your blog require logging in with my GMail account info. Does anyone actually do that? Seems like a great way to harvest credentials.
    -RS

Comments are closed.