Secure at Hand? The Pre and Security 70
With all the coverage of President Obama's efforts to keep his BlackBerry after being elected, as well as the almost daily reports of data breaches (including from lost smartphones and laptops), the issue of security and smartphones is an important one. It's not just politicians with national security clearance either; most users have something they might want to keep away from unwelcome eyes, and those of us with formal obligations of confidentiality (attorneys, doctors, etc.) must be sure that our smartphones won't cause us to break those rules.
So where does the Pre fall in terms of security? In considering security and privacy issues related to any smartphone, there are a number of areas on which to focus, including:
- Operating system
- Transmission and interception
- Phone data
Let's take those in turn, after the break!
Operating System
The Pre's WebOS is built on the open-source Linux operating system, upon which Palm has overlaid the Mojo framework. Linux itself is considered fairly secure from casual intrusion, both because its open-source nature means that many developers have examined and patched any holes, and because it is less common than OSes such as Windows (and therefore less frequently the target of malicious hackers, who want to maximize the number of potential victims). For that matter, open-source advocates will suggest that Linux is even more secure than other flavors of Unix (including the closed-source version underlying the iPhone's OS X), because so many have been able to explore its potential problems. (Those seeking a more detailed discussion of Linux security might be interested in this document from Kevin Fenzi.) Through Mojo, Palm has placed a layer between developers (both legitimate and malicious) and the operating system, as shown in this excerpt from the O'Reilly WebOS development book, minimizing the opportunity for trojan-horse applications to manipulate the operating system. While there is perhaps the potential for malicious scripts to run in WebOS (as discussed in this thread), it's highly unlikely that an ordinary user would all take the steps necessary to make it possible.
Transmission and interception:
The Pre utilizes two different data transmission technologies: Wi-Fi and cellular networks like Sprint's EVDO Rev. 1 technology. The two have different security issues. The Pre's Wi-Fi may be completely unsecure (utilizing open networks), or encrypted using a variety of standard methods (WPA-personal, WEP or Enterprise). Even the lowest-strength encryption, WEP, is likely immune from casual interception, while the Pre's communication over an open network can be easily intercepted using a packet sniffer. On the cellular side, technologies like EVDO are much more secure than older analog cell networks, and are generally not subject to interception.
Even if one is using an open Wi-Fi network, though, it doesn't mean that an intercepted communication can be understood and used, because the actual content can be encrypted. On the e-mail side, most of the protocols supported by the Pre (e.g. Exchange ActiveSync, IMAP) support encryption independent of what network is being used, and Web-based e-mail and e-commerce generally offer SSL-encrypted browsing sessions. Beyond that, you would need to verify how each individual application does (or does not) encrypt its communications between the Pre and the remote resource, in order to judge security.
Data security
Here, the burden is on the user, since the easiest way to steal data stored on a Pre is to steal the Pre itself. While the Pre offers the ability to lock the screen with a PIN or password, if users fail to enable that feature, anyone who grabs the Pre can access everything on it. (The PIN is also required after resetting or power off the Pre and will block enabling USB mode, aiding in protection.) While using a PIN or password can be inconvenient for the owner, it's a lot more inconvenient for the thief. Further, using difficult-to-guess passwords for both the Pre and the online profile are simple and smart techniques to help secure your data.
Two caveats to be aware of: If you have enabled Developer Mode set to On, it can be accessed via a terminal program even when the PIN has not been entered unless you have taken additional steps to add an OS password; you may wish to read through the WebOS Internals article on setting up a non-privileged user here. The second caveat is that setting a pin is merely a password gateway, the data itself on the Pre is not encrypted.
What if the Pre is stolen? First, there is the automatic backup (which, by the way, is itself encrypted, according to Palm), so the authorized user (who knows the password, of course) can restore the data to a new device. Next, you can use the online gateway to your Palm Profile to remotely wipe your Pre, although it's not instantaneous and requires your Pre to be able to receive a cell signal, as Palm says:
The erase device command is sent via SMS and must be received by an activated phone within 24 hours. Wireless coverage area only. Requires data services at additional cost. Erase does not deactivate your phone from your carrier's network - contact your carrier.
If you use Exchange ActiveSync, WebOS 1.1 included an update that allows your system administrator to send a Remote Wipe command, assuming that feature is enabled on the server side. That command, though, will only erase the Exchange data stored in apps like Calendar and E-mail, and not any other data you may have on your Pre.
As for USB mode, once it's enabled, it represents a significant potential security risk, since an easily-available microUSB plug turns your Pre into the equivalent of a thumb drive, ready for anyone to connect and copy/modify/delete your stored files. There is currently no way to encrypt the stored data on the Pre itself, while still retaining the ability to access the data. (One possible exception: if you are using Classic, there may be PalmOS file-encryption software you can run, but only for the information stored within the Classic PalmOS memory partition, which is separated from the rest of the Pre's memory.)
You can, however, encrypt any outside data you are storing on your Pre as an external drive, using open-source tools like TrueCrypt to encrypt the files and folders you carry with you (and can even place the TrueCrypt software on the drive, so you yourself can access them with the appropriate passwords wherever you find a convenient computer with which to connect). You will not be able, though, to access the TrueCrypt-protected data through WebOS itself, at least for now. (It's entirely possible, given that WebOS is Linux-based, that someone may be able to port the TrueCrypt software to the Pre, which would be a huge step forward in security for the device.)
One other thought: given that no security is perfect, if you have information whose disclosure would cause serious problems for you or someone else, don't keep it on your Pre, or travel around with it at all for that matter, regardless of any encryption or PINs. It's too easy to accidentally e-mail a file to the wrong person, or be watched by a keen-eyed "shoulder surfer" as you read that sensitive e-mail. Plus, no matter how strong the security, once a hacker has physical access to any computer and can prevent a remote wipe - be it a desktop, a BlackBerry, or a Pre - it's only a matter of time and skill before your data is revealed.
Would President Obama be able to use a Pre instead of his ultra-secure BlackBerry for those Eyes Only Top Secret communiques? At this point, probably not. For the rest of us, though, the Pre's technologies and software do provide a reasonable amount of security for both the operating system and the software and data on the device...if we take the time and care to use them correctly.
(FYI: If you'd like to read more about smartphone security and other risks, you can download my free e-booklet, Shooting From the Hip: Managing the Risks of Portable Computing and Smartphones in Your Business, here.)
70 Comments
The pin code gave me an idea.
Let me start by saying I would hate having to type a pin every time i check my phone (and probably most of you fell the same way). However it would be nice to have a pin app that ask every 24 hours, so pretty much you would only have to enter pin once a day, like at the beginning of the day.
That way if it was stolen or lost, they would only have access for less then 24hr, most thief's would not think to take all the important data off it right away IMO. It would also make the phone useless to them after that daily pin hits them.
If only i was a programmer and could make an app like that.. =/
My guess is that if a thief was aware of a 24-hour PIN check-in policy then they would try to get the data off the phone ASAP.
I think the intent was for an app to be developed, not part of the palm basic package. Most thieves are probably going to be kids or casual thieves, not the nemesis of Jack Baur. I love this idea...but I to am not a programmer. I'd pay $5-10 for this!
That was a feature built into PalmOS. I found it disappointing that WebOS didn't keep it. I very much miss it. If only for the purpose of providing a splash screen with my contact info on it. This gave honest people an opportunity to return a lost phone. I wish WebOS had this.
very good point, that would have to be a feature added to it. I actually thought of that drawback to the lock right after i posted, and you came with a good solution lol nice.
I look forward for someone to develop a splash screen and timer. Great.
Isn't this one of the issues that remote wipe is intended to solve? If the device is lost or taken, I think it can be cleared of all data.
Only if it's reachable via SMS within 24 hours of the wipe command being sent. {Jonathan}
Thank you for the article. I found it informative. Perhaps it should be noted that there is an App Catalog and a Homebrew app that allows us to store sensitive data in a password protected manner.
Often people's contact list and other live data on the phone qualifies as confidential data. Call logs, Messages, Emails, etc.
Yes, it is somewhat useful, but not the best solution. PALMOS (TREOs) had each app with its own security. You could select any contact, or memo (notes) or TO DOs that you wanted to hide when a password had not been entered, but still show the rest of the contacts if the password had not been entered.
This approach gave you the best of both world, where you could have hidden/secure information, and at the same time not have to enter a pesky password every darn time you wanted to use that particular application. See, most of the time you don't want to access secure information, and when you did, you would type the password, and all that hidden info would show up.
The only problem Treos had was that no one came up with a timer feature on their security, which would automatically turn the security back ON (HIDE info again), in case you would forget to secure after you left the application or simply left all that info exposed, as it happened from time to time.
"and Web-based e-mail and e-commerce generally offer SSL-encrypted browsing sessions"
that's wrong!
very often only the login is encrypted and after that you go back to the normal unencrypted website. I just checked... e.g. the German amazon site does is this way.
It really depends on the site. Most banks should use an encrypted connection at all times. Shopping sites will probably encrypt on login and during the credit card transaction. Some shopping sites don't encrypt data at all... I refuse to use those.
yes, that's why I said that the "generally" statement was wrong! it simply depends on the site and even well known e-commerce sites do not encrypt the whole session -- as you also said.
Actually, most e-commerce sites has SSL pages for their entire shopping cart just for the comfort of their users. You can enter credit card and other info on a regular page as long as it submits to a SSL location. In reality ONLY that location needs SSL. (And of course a return/confirmation page should be secure if it prints that information back out.)
"In reality ONLY that location needs SSL. (And of course a return/confirmation page should be secure if it prints that information back out.)"
no... the cookies are not encrypted if you do not use SSL. and normally the session id/key is part of a cookie. if this information is not encrypted the session can be "kidnapped".
you does not say anything about palm itself. how much of a risk is palm. does palm know what is on you phone? it what format is the backup? can palm decode the backup, so that they get to know all the data on my phone?
PalmOS could lockup your device after X minutes of inactivity. I used to have it set to 15 min. This will allow me to not worry about the screen going off and having to keep entering the pin / password. I wish the pre would support this as well.
I want security, but entering a PASSWORD every time is too cumbersome. On the other hand the PINN is easy to use but not secure enough. So what I have thought would be an easy, perfect option all along and not sure why it was not implemented is having both options at the same time. Use the PINN but after "X" amount of failed attempts to enter the PINN then the pre would switch to the PASSWORD option.
I like it! Good one!
How about facial recognition security? Should not be too hard for one face (i.e. the user) with a backup of a pin / password. This would make unlocking it easy.
I suspect most facial recognition could be bypassed by showing the phone a photograph of you (say from Facebook or wherever).
The current PIN entry set-up, which lacks ANY type of customization, actually deters me and many other users from using Security at all... even though I WANT to use it. I refuse to enter a PIN code literally 50-100 times per day. My 6 year old Windows Mobile Dell Axim has a very simple, basic customization feature under the security menu that allows me to choose a designated time-out period of inactivity before the PIN is automatically enabled. I agree that 24 hours, even 12, is too long. However, entering your PIN once every 3 to 6 hours is certainly quite reasonable, not cumbersome for the user, and provides a relatively brief window of opportunity for a thief, assuming the unit is "lost" for a few hours before being found and used by an intruder. PALM should implement this time-out option in a future update. There is no need for a separate App, as this is an extremely basic feature that should have been there in the first place!
I agree with last post it should be easy to add more options. Besides what I mentioned above:
I want security, but entering a PASSWORD every time is too cumbersome. On the other hand the PINN is easy to use but not secure enough. So what I have thought would be an easy, perfect option all along and not sure why it was not implemented is having both options at the same time. Use the PINN but after "X" amount of failed attempts to enter the PINN then the pre would switch to the PASSWORD option.
What others have mentioned for a time out would be great also. Maybe anywhere from 15 minutes to 24 hours. We really need more options. I need security, but the current options make it fairly annoying to use.
Thanks for your agreement with my post. Another "clever" but easy idea would be to have some BASIC security (in place of the PIN) tied to programming in a specific directional path for the "Swipe" when you bring the Pre out of sleep mode. I would think it would be pretty simple to allow a user to program/design a "Swipe Path" (like an "S" or "Up then Down To the Right") that could be recorded and stored in the device. Therefore, each time we "Swipe" (which we have to do anyway), security would be built into that "Swipe"... Killing Two Birds w/One Stone!
That my friend is not a good idea, its a GREAT idea... and combining it with the idea of the PIN for 3 times then password, I would say swipe path, and if the user fails 2 o 3 times (user defined) it would bring a screen where we can input a password... if we can vote how we want our pre to be more secure, I will say the swipe path would be the best option...
Thanks for your "Vote" Chav1! I see that this comment thread (after my suggestion) evolved more into one of Data Encryption. While I understand and support Data Encryption initiatives, I have to believe there is a MUCH LARGER contingency of users that are more concerned/worried about SIMPLE security of their device. My recommendation of a "Swipe Path" is to address a simple, quick, and easy method to LOCK your device. I'm not only concerned about thieves, I'm also (more) concerned about snooping co-workers and/or curious girlfriends picking up my device for a "quickie" (look) when I head to the bathroom. Most users need SIMPLE (unencumbered) security to deter prying eyes more so than worrying about thieves and data hi-jackers. If someone really wants to steal my MP3's and Hawaii Vacation Pix, let'em have'em... they'll get to hear some great tunes and see what a phenomenal vacation I had... with that "curious girlfriend"!
Yes, I agree with everything you said.
But it is also not a new idea. I believe Android uses that right now.
>>>That was a feature built into PalmOS. I found it disappointing that WebOS didn't keep it. I very much miss it. If only for the purpose of providing a splash screen with my contact info on it. This gave honest people an opportunity to return a lost phone. I wish WebOS had this.>>>>
I agree we need the SPLASH SCREEN that PalmOS had to show our contact info so honest people can return the phone to us.
PALM we do NEED a owner contact screen! I can't believe this is not on here.
OK, let's be realistic. Any password prompt that doesn't prompt EVERY time is non-secure. What, you hope that if you leave your phone behind no one will find it for 1 / 3 / 6 hours? Is the password on your work computer set to prompt only every now and then? I don't think so.
But if we're being realistic then let's also realize that nothing is secure if the thief has physical access to the device. I don't care if it's Linux, Windows, or an IBM mainframe, if someone has the device and time, and knowledge, they'll get to your data. That's true of the Pre, of a Treo (Palm or Linux), an iPhone, or any other handheld you care to name.
The only way to really secure the information on a portable device is to encrypt it. And that's where the Pre is weak, so far. On the Palm OS, and I believe on Winmob, you can apply industrial strenght encryption if you need it. I honestly have no idea if you can do that on an iPhone or not.
Regardless of the handheld though, unless you're encrypting your data, don't store anything you want to keep confidential: SSN, credit card numbers, bank account pins, company bid and proposal info, or classified information. Period. Hmm, I wonder if the Pre caches credit card information when you make a purchase from a web site? I hope not.
> Is the password on your work computer set to prompt
> only every now and then?
Do you lock your desktop EVERY TIME you walk more than three feet away from it? Almost no-one does this. It's the same thing -- after a period of time, most desktops will lock the screen. There's a period of inactivity required unless you manually lock it.
That's logically the same thing as what you're responding to.
I agree with everything else you said.
At home, no, but that's not a public environment. But my screen saver is set to prompt for a password, and set to a 10 minute time out.
At work, you bet. It's a requirement for any smart work environment that deals with sensitive data. It's also smart to protect yourself from someone else coming in and playing games with you.
You can choose to set up your password how ever you want. But don't fool yourself into thinking that locking the device every hour, or every 3 hours, is secure.
FWIW, I don't use the password lock on my Treo at all. But I also don't keep sensitive information on it that isn't encrypted. But on my work issues BlackBerry, I must have an 8 character password, and I have to enter it each time. That's the policy of the agency that gave me the BB, and I'd better follow it.
The user should have OPTIONS, whether pinn, password, encryption, that make them feel secure. I want to put information on my smart phone, otherwise what is the point in it. Some of that information is sensitive. For me a convenient password protection option make me feel safe. If it is stolen I have time to get to a computer, go to my palm profile and wipe my phone before someone can hack the phone. So if we are realistic, we are not going to always have our phone encrypted, but if there are options I think the average person will also be pretty safe.
This is a fine opportunity for me to plug Keyring, my password management app:
http://www.precentral.net/homebrew-apps/keyring
It stores passwords (and eventually notes and credit-card info) in an encrypted database. It uses the Blowfish encryption API provided as part of Mojo. It doesn't encrypt the entire phone, but it does provide a way to safely store sensitive data.
Personally, encryption, or a lack there of, is a deal breaker. The company that I work for will only allow Exchange on certain devices (read Blackberry; and soon iPhone 3GS) because they support actual data level encryption.
Wonderful, that webOS supports Exchange with pin and remote wipe (which said company also requires); but without encryption I will never have my email on my hip, or not at least with a webOS device. I don't think I work for a mom and pop, fly by night type of operation. It's a S&P 500 company and has over 30,000 employees. So I have to believe there are a couple of employees here who wants, or has, a webOS device.
ENCRYPTION IS A MUST! Period.
I disagree based on my experience. My IT dept set the kill switch on my Pre and it was a full reset and restore from backup...which restored the Exchange account...which tried to connect again...which remote wiped me again...again and again and again. I had to change my network password via my laptop to stop the cycle. Somebody did NOT think this remote wipe thing through all the way. BTW, during this debacle I activated my Windows Mobile device and I tried to connect it to my Exchange...and got a full hard reset too. But at least I could choose to NOT restore my Exchange account from backup.
What about using a similar technology as some newer cars have, using a key-less ignition. A small blue-tooth keyring which has a unique id code. As long as the phone is within range of this device it remains unlocked. A stronger password based lock can be used for the times you are wandering the house away from your keys. I would imagine most people are always within 6' of there keys, at most times.... of course the device doesn't need to necessarily be on a key chain... probably the most convenient place though. As long as a device has blue-tooth, a program should be able to be written for it to add protection to the device. I'm not a programmer or am all that familiar with whether or not the current blue-tooth revision would support it, but could possibly be a simple device a company could develop (if it does not yet exist)and a solution to some of the security issues.
Just my brain out-gassing for the day! back to work.....
I also wonder if just on the phone side it could use a BT device you already use since they already have to pair using a pass-code... if that is enough security. That way it would be a purely software based solution to make gaining access to a secured phone easier...
Man the password lock on this phone is laggy for me. the touchscreen doesnt respond if you type it too fast or even at a medium speed. Also for me if certain things happen at the same time it only shows a blue screen with no numbers or anything. Has that happened to anyone yet? It happens to me weekly. This phone rocks tho and I am glad I have precentral!
I totally agree with the PIN "Lag"... another reason I stopped using it... and another reason why I'm pushing for a User Defined "Swipe Path" Lock - See My Posts Above.
LOVE the idea of the swipe password. I want to throw away the PRE everytime it forces me to repeat the darn pin because it didn't get the first, second, or third time, until i SLOW DOWN, which is counter intuitive to the quick 4 number pin.
I still get bewildered by the sheer stupidity of the PRE designers NOT to adopt the already winning features of the TREOs, and instead build up from those and come up with new ones!
Like allowing us to HIDE certain pictures from the pic app, like the Treos would allow you with Contacts and Memos. This way you don't even have to enter a pin or password at all if you want to use your phone, or any app in your phone, and still have ALL the data the you want secure HIDDEN, and make it available only after you enter the correct password, which you would only need to do it once in a while. DONE! Now, why can they just do this?!
"Now, why can they just do this?!"
the more I read about the pre, the more I come to the conclusion, that palm had some nice ideas, but the implementation very often not very well thought out :(
I get that a lot. When someone calls me and the screen has been off, I move up the dot to answer the call, and if I want to access my apps while during that call, the pin pad doesn't show up, only its blue screen outline, so I am stuck! I have a "smartphone", want to give this client a phone number i have stored in my contacts, but I can't, my security pin pad doesn't show up, blue screen. It doesn't happen always but often.
Just make a security feature where you press a certain button, and then the phone locks up and you need a password to get in.
Say you are at a friends house, and you want to put your phone down, it would be nice to choose when to enable security code on wake up. Not have that feature enabled all of the time, which is so annoying to enter the code everytime the Pre's screen turns off. Mine is every 30 seconds.
Right ON, Yes!
I'd like separate PINS/passwords for the Photo App, and hidden folders, Just saying....
Yes, that's what I have been saying. Just like the Treos do it with their basic Apps. But, yes, for sure, do also the picture app, and email, SMS too, etc. Same password to all of them, but not to prevent you from accessing the application itself, but only certain data within the application.
And still have the security feature that it currently has for the masochist out there, which prevents you from accessing the entire PRE unless you enter the correct pin, but you have to do it 100 times per day; what a delicious pain for some?
Putting in a PIN for most of us business users is standard practice. It isn't really a hassle.
Yeah, you're one of the masochist I was talking about. :-)
It is NOT a hassle? What kind of business do you do? Scubba Diving?
And just because something becomes a standard (for you anyway) does not mean that it is the best way, or that in fact it could be right out backwards, nor does it make our desire to improve upon that standard a bad idea.
It was standard for cars not have seat belts. It was standard to carry infants on our laps also. It was standard to crank-start your car with a handle. It was standard to drink and drive...
So, who cares what's standard. If there is already a better way, why fall backwards?
So many great ideas but I found jayty97's the most intriguing because it bypasses the need to always input a pin or password...very little tech knowledge here though so I wander if this is even possible? My keys, phone and wallet are the only things constantly with me...you can never be 100% protected all the time so im hoping that if I do lose my phone my keys arent with it! Of course there needs to be different levels of security for different users and the data stored on their phones so a bluetooth device would be most convenient for me!!
Thanks, at least one more person agrees! Sound like an easy to implement solution.
What about fingerprint scanner? you could just put your finger on the screen and you can access your phone. I know the g1 does that but that would be simply amazing and easy for the pre.
An elegant solution, but practically speaking it would only work if it would recognize it fast enough not to be annoying, that is, it would have to be much faster than entering 4 pins, which is annoying as-is.
I still like better the swipe solution mentioned above. And yet,it would have be able to recognize that pattern fast enough which I doubt. But, in theory, i like both solutions, better than the pin.
The winning solution is already out there: Allow free access to the phone, and its applications and only secure the particular data you want within each major app. And still, give us the option to completely lock down the entire phone if we want, as it is now. (But, I like the idea above of a button that locks it down on command only).
It's already been said but I would also pay to have a timer/splashscreen program. I would consider it money well spent
has any one else accidently called 911? if i could change one thing when the pre is locked is that the largest button on the unlock screen doesnt say "EMERGENCY CALL". I threw my phone on my car seat picked it up and noticed it said 911 on it and the call duration was 10 minutes, i picked up the phone and said " i dont know how i got you on the phone" because of course 911 cant hang up on you. and the lady said " learn how to lock your keypad sir!" and the irony is... it was locked. so if i could reccomend something it would be make that the smallest button or atleast have it ask " are you sure"
In order to use my company e-mail on my iPhone, I must use the passcode every time I turn the phone on. However, I have a jailbreak app that bypasses that requirement, allowing me to set up my own security level as I see fit.
My brother is concerned about one thing:
ROOT ACCESS...
He's paranoid about whatever he works on and how has root access... so if that's what programs have access too or can be accessible...
That can always mean deliberate or unintentional consequences.
I have been conducting security research on this phone since release. I have multiple published discoveries that are all documented here (http://tlhsecurity.com/). I will also be releasing a critical vulnerability in this phone come the release of 1.2 so stay tuned =p
Thanks for that post. Anyway I don't understand why phone companies advertise a feature like remote wipe which then takes half an hour to finish, if the should have an encrypted file system by default in which case they just have to 'forget' the key.
Mobile phones - especially smart phones - getting more and more important and more powerful should finally start getting more secure. Starting with whole disk encryption up to on the fly call encryption - the technology is there - Palm/Apple/Nokia start using it!
We need a pin app that lets you turn off your loud blasting alarm going off at 5 am waking everybody in the house up without typing in a pin.
EXACTLY! This is yet ANOTHER reason I was forced to completely disable the PIN access. I use my Pre as my alarm clock, and the fact that I can not simply snooze and/or shut off the alarm while the phone is locked is simply RIDICULOUS!. I can answer a phone call when it's locked, but I can't shut off the alarm? How silly is that? --- This is another benefit of the "Swipe Path" solution (see above posts) I've been pushing above. It would be great to have a simple alarm option that either Snoozes or Shuts Off the Alarm with a simple "Swipe"... which I can easily initiated with my Eyes Closed! --- I also agree with the implementation of a user enabled lock. This is BASIC... Come on PALM!!!
It would be nice if not only did it lock BUT had a message on screen. My old blackberry allowed that and I left my wifes cell number and message "if found please call for reward". This way there was a slight chance they may say "they found it" since it was locked.
The Pre also has Voice Privacy basically an additional encryption for CDMA that encrypts the ESN from the phone to the tower.
This won't prevent law enforcement or government from tapping your phone because they do it from the switch when they need to eavesdrop.
Yet for the "Private Criminal or P.I." who may or may not have broken the CDMA encryption code (ALMOST impossible).
Voice Privacy prevents the "Private Criminal or P.I." from getting your phone number to put on another CDMA device or get your number to begin listening to your calls at the switch.
Voice privacy ONLY works on the Sprint network though boys and girls.
Yet it's all moot anyway thanks to a guy named Ron Carter who worked for Sprint in their "Black Hat" division a few years back.
Now he came up with something REALLY SCARY that works on ALL phones regardless of network. Even when your phone is turned off "they" can access your speaker phone and turn the unit on and listen to whatever is in range. Yet if you looked at the phone it is OFF and you don't know the difference.
Two ways to defeat this:
1.: Take the battery out of your phone.
(SORRY SO SAD ALL YOU iPhone LOSERS!)
2.: Get a tupperware bowl and put your phone inside when not using it. (High tech listening...Low tech defeat!)
All "THEY" will hear is something akin to charlie browns teacher's voice.
Big Bro' is listening guys and girls.
2.: Get a tupperware bowl and put your phone inside when not using it. (High tech listening...Low tech defeat!)
totally disagree on that - if someone is interested in what you are talking about they don't care about in which voice you are talking....
http://hackaday.com/2009/09/14/disabling-your-cell-phones-mic-for-securi...
that is the way to travel :)
Stay suspicious!
;)
hertzi: Obviously you've never watched a charlie brown cartoon. The voice is gibberish when heard from inside a tupperware bowl.
Let's think about this one...either crack open the phone solder a magnet and void whatever warranty... or spend 0.79 cents on a tupperware bowl?
I'm starting to think you went to charlie browns school and was taught by his teacher.
KISS principle people.
hertzi: Obviously you've never watched a charlie brown cartoon. The voice is gibberish when heard from inside a tupperware bowl.
Let's think about this one...either crack open the phone solder a magnet and void whatever warranty... or spend 0.79 cents on a tupperware bowl?
I'm starting to think you went to charlie browns school and was taught by his teacher.
KISS principle people.
Thank you very much,I have read it now.
And welcome to my site,
Tiffany
Tiffany 1837
tiffany jewel
I think the security for the pre is good. There has only been a few issues which is ok.
fort lauderdale auto accident attorney
to thwart would be hackers i keep all my information on my phone encrypted using pig latin... aketay athey ackershay!