PPCGeeks Forums HTC Arrive HTC HD2 HTC Thunderbolt HTC Touch Pro 2 HTC Evo 4G HTC Evo 3D Samsung Galaxy S II Motorola Droid X Apple iPhone Blackberry
Go Back   PPCGeeks > Site Information > Smartphone News > News Archives

Notices


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 08-26-2009, 11:06 AM
psiphi's Avatar
Halfway to VIP Status
Offline
Pocket PC: HTC Touch Pro
Carrier: Sprint PCS
Location: DC
 
Join Date: Feb 2007
Posts: 718
Reputation: 523
psiphi knows their stuffpsiphi knows their stuffpsiphi knows their stuffpsiphi knows their stuffpsiphi knows their stuffpsiphi knows their stuff
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Exclamation You've encrypted data on your SD card?

Think your encrypted (Micro and Mini) SD card is safe from hacking? Think again!

The Crowbar… looks like a rugged diagnostic tool but is actually a brute force cracking tool that can shred passwords surprisingly quickly. It’s so dangerous that the company only sells it to law enforcement officers and the military.

"...The Crowbar is both powerful and subtle. You can use it to crack security on a handheld device without alerting the owner that the device’s security has been compromised. The Crowbar also stores log-in information for the cracked handheld, so anytime you need to access the hacked device again, you can without going through the entire brute force process again, unless the user changes the password..."

More info here:
http://gcn.com/articles/2009/08/24/g...ecurity_240809
__________________
Psi Phi:]\/[aster 5ys0p of ]\/[@9!]<
Reply With Quote
  #2 (permalink)  
Old 08-26-2009, 02:30 PM
frazell's Avatar
Regular 'Geeker
Offline
Pocket PC: Sprint Touch Pro 2
Carrier: Sprint
Location: Philadelphia, PA
 
Join Date: Aug 2008
Posts: 397
Reputation: 480
frazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regular
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: You've encrypted data on your SD card?

A skim of the article didn't mention Windows Mobile. I wonder how well their device works on Windows Mobile since Windows Mobile 6.1 just recently gotten government certification for use holding confidential government data using its encryption. I'm inclined to think if the encryption could be easily broken with an off the shelf device like this governments wouldn't consider it safe.
__________________
Microsoft Certified Professional
Blog: www.frazell.net
Twitter: Frazell
Free Disposable Email: MyTrashMail
Reply With Quote
  #3 (permalink)  
Old 08-26-2009, 02:42 PM
daoom's Avatar
PPCGeeks Regular
Offline
Pocket PC: HTC Touch Diamond
Carrier: Telus
Location: Canada
 
Join Date: Feb 2008
Posts: 73
Reputation: 25
daoom is just getting started
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: You've encrypted data on your SD card?

Read the article: this is meant to crack SD or MMC cards, not the phones themselves.
Reply With Quote
  #4 (permalink)  
Old 08-27-2009, 01:27 AM
frazell's Avatar
Regular 'Geeker
Offline
Pocket PC: Sprint Touch Pro 2
Carrier: Sprint
Location: Philadelphia, PA
 
Join Date: Aug 2008
Posts: 397
Reputation: 480
frazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regularfrazell is becoming a PPCGeeks regular
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: You've encrypted data on your SD card?

Quote:
Originally Posted by daoom View Post
Read the article: this is meant to crack SD or MMC cards, not the phones themselves.
The encryption WinMo uses on the SD card is included in the security testing the government certification body conducted
Reply With Quote
  #5 (permalink)  
Old 08-28-2009, 12:03 AM
Naldiian's Avatar
Lurker
Offline
Pocket PC: htc touch pro
Carrier: Sprint
 
Join Date: Mar 2009
Posts: 15
Reputation: 15
Naldiian is a n00b
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: You've encrypted data on your SD card?

Well, the #1 rule in informaiton security is that if you have physical access to the data storage media, and time to work with, you own the data.

That said, a good understanding of cryptography also presents that fact that no form of brute force attack can crack a lot of the encryption systems out their currently, and it takes an understanding of how something was encrypted to even know where to start to decrypt it. In this case it looks like they are referring to specific enrycption processes and therefor have a lot of the info need to try and crack it ... but anyone that has government or law enforcement officials wanting to covertly hack their phone should be able to figure out how to use one of the many tools out there to encrypt data to a ridiculous level.

Sure,the basic level of encryption used on a mobile device to make data casually obfuscated from anyone that might find your SD card laying around is probably a simple process - especially if you know the manner in which it was encrypted very specifically, but that encryption is not meant to be a bulletproof means of protecting data from someone with malicious intent and the resources to work on it.

The Window Mobile encryption that is certified for government is actually not just the encryption algorythm and capability built in, but rather the entire methodology possible with managed Windows Mobile devices using enterprise PKI-issued certificates and all of the necessary key recovery capabities to ensure decryption for data recovery when needed as well.
Reply With Quote
Reply

  PPCGeeks > Site Information > Smartphone News > News Archives

Tags
hardware, sd, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 12:59 AM.


Powered by vBulletin® ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0
©2012 - PPCGeeks.com