lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 16 May 2007 15:25:29 -0400
From: Michael Holstein <michael.holstein@...ohio.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Retrieving "deleted" sms/mms from Nokia phone
 (Symbian S60)

and what's more .. Flash memory not being infinitely over-writable, file 
systems used on those devices (JFFS2 for example) actually encourage 
leaving data behind by ensuring recently unlinked logical blocks aren't 
re-used anytime soon (wear-leveling).

I know the original method proposed is non-destructive, but using a test 
clip it's possible to dump the contents of just about any flash device. 
Furthermore, given a significantly motivated adversary (and barring all 
but physical destruction of the chip die itself -- not just the package) 
one could also read the contents with a microscope -- even after several 
erasures(*).

(*) link : http://www.cl.cam.ac.uk/~sps32/DataRem_CHES2005.pdf

But if all you're trying to do is retrieve SMS messages, it'd be a lot 
easier to just subpoena the carrier .. they keep the contents forever 
(even if they say they don't .. I know for a fact they do because I 
personally saw one of the major US carriers .. [ahem.. Verizon] .. 
deliver boxes of sent/received text messages -- for hundreds of phones 
-- going back at least a year).

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

>  It's also possible to recover deleted photos from almost any flash card
>  in almost any device (camera, mobile, etc) - it's a way general purpose
>  file  systems  work.  Requirement  to  delete  information  securely is
>  enforced  in devices certified to e.g. process US military secretes. In
>  this case, device must follow DoD 5220-22-M recommendations and you can
>  expect  secure erase. In general purpose operation systems and devices,
>  to    delete   information   securely   (wipe   it)   some   additional
>  actions/utilities are usually required.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ