Smartphone and the law…

Posted November 26, 2009 by admin
Tagged As: | Categories: General | No Comments

A Smartphone has been design to make our life simple and keep
important information in our hand, but what about Laws?

Storage on these device getting bigger than ever, iPhone 8GB, 16GB and
32GB or Blackberry the memory with SDCard can be raise to 8 GB.

These huge amount of space give a user so many possibilities, just
like any laptop, a Smartphone can hold the complete contact database
of the company, some of his recents documents files, products
database, sensitive information and even more, like client documents
or confidential information about them and of course, all emails
received from everyone.

One simple rule, meet the lawyer of your business and explain him what
you planning to do with your Smartphone, and listen carefully every
concerns he may have. If you planning to store any sensitive data that
is not yours, make sure you have the written autorisation to do so,
storing that info in your device with out prior requesting that right,
it may result to a costly defense in front of judge.

It’s impossible to prevent any employee to store sensitive information
like some client passwords, just like it is impossible to warranty
that no one will loose his Smartphone.

Same old song, plan for the worst hope for the best!

Security fight: Blackberry vs. iPhone vs. Android

Posted September 28, 2009 by Sylvain
Tagged As: | Categories: General | No Comments

Well, this remember me the old days, when peoples compares Linux OS, Apple OS and Microsoft OS, with Windows all flavour, full of security holes to let Virus, Trojan Horse, Root-Kit, Backdoor and any malicious script to be install and run.

But Apple security became so popular these days, as I can read on popular Blog over the net and with reason. As the mobilEEnigma creator, my very first concern has been exactly this. How to encrypt my data in my phone? At my great surprise nothing has been develop by Apple directly in the OS to encrypt it any sensitive data!

Apple state that it’s encrypt inside the device and it’s decrypt for me automatically!
Wow…so if I can read it, anyone can read it!
Of course all of us use the auto-lock system required a PIN to unlock our device right?

Eh, probably not, why?
Because any time I want to use my Device with people around me I need to hide my gesture by turning my back to them, or hiding my device under the table! it’s not a good thing to do if you are at diner with a date!

Anyway let focus on our subject for now…

If you use mobilEEnigma you probably already read my older post and why I came to develop rapidly my own ciphering tools. But now, the thing become serious, real business man would like to use a cool Smartphone like the new iPhone.

Of course RIM with Blackberry is not that bad, they are developing some cool features too, but to be honest it’s a bit out of competition, too many people are already addict to iTunes with iTunes Store, then the iPhone become a wanted device for a doing all device.

But what about security. Carrying a device that can synch with your downloaded music from iTunes and all others stuff like Contacts, it’s a real gift, but at what price?

iPhone device got very poor security compares to Blackberry. The first comparison is the wipe method (see wired post), this can be a real issue if your iPhone as been steal from you. I insist on stealing, not a lost or misplaced devices. If someone had steal your iPhone to look at it, good chance by the time you realize that it be just too late to send the wipe command.

Because the wipe operation had to be done by you with a PC, by first login to MobileMe then issue the command. It’s a kind of race that you don’t want loose. If your devices is off network, the command will never reach your lovely device!

Compare to Blackberry, the wipe operation may be execute with the Wipe when the off network status occur, after all, it’s a Smart Phone!

No OTA (Over-the-Air-Install), at first I thought it was a missed thing, but finally I realize quickly the security issue behind OTA. But if anyone can jailbreak his iPhone for 25$, that will be the cheapest way to remove your first human security. By doing this that’s mean you want to install a new downloaded application to your device with out using the Application Store. That’s a really bad idea!

You should never do that, that exactly what happen whit your old PC, remember? Virus, Trojan, Backdoor!

Anyway, it’s seem the perfect world is not out there yet, but if you Jailbreak your iPhone, restore it, and upgrade your OS right now, and stop using free iPhone application from unknown source. Application store offer you more security, because every application are tested and reviewed by Apple personals.That doesn’t mean it can be at 100% free of malicious code, but the developer that publish his application has to be under contract with Apple, then expose his real identity. Just for that it twill stop anyone that want to develop those malicious application.

If you are a developer like me, it’s another story, you have probably one for your normal usage an some other device for testing and development!

If you’re a Blackberry user, limit yourself to doing OTA on your device specially if you don’t know the application issuer. The wipe operation on Blackberry is much more safer then iPhone or Android devices. So if you scared to death that your device can be steal, think about buying a Blackberry. So your phone will be wipe if it goes off network for some times.

About Android OS, some tools exist for remote wipe operation but they are expensive, over 20$, I never test it so far… maybe in a future post! The OTA for Android device exist and work well, less security device for sure. Android market is just too easy to get in.

To give you and idea, developer can add almost anything on android market, they just not reviewed all applications for security and bugs as Apple do! Posting an application to Android market can take less then two hours to be available and be install in device. The Apple Application Store, takes me more then a week for me!

In conclusion, these are all great devices, remember the old days, just not install and run every application as you do with your old time PCs. Reduce your risk by limiting OTA install, and beware to install any application when using a unlock iPhone .

But the principle still the same, whatever the Smartphone you use, always encrypt your sensitive data.
Do I need to write, do a Backup too!

The source book Pass phrase strategy…

Posted September 24, 2009 by Sylvain
Tagged As: , , | Categories: General | Comments Off

When the last time you’ve bought a good story book, but used it for something else!

The scenario is simple, let’s say we have 3 persons, Bob, Alice and Sam that need to communicate with a system required a pass phrase for encryption, like mobilEEnigma, and they required more security about the pass phrase selection and the most important they want to change their pass phrase everyday!

Their questions was: How to do it? And how to make sure they are first secure but also stay synchronized with the others two persons?

So, one day Bob, Alice and Sam when to take a coffee, and secretly agree to buy a source book, then use this book as a source to generate all their future Pass phrase for the next year. First they make sure this book as enough chapter, at least 12. So they can use the chapter as the month index. January chapter one, February chapter two etc… and using pages for day, each line may represent the hour the message has been sent.

By using any imagination, anyone can use their own way to select precise text in the book. Per example, on odds months (1,3,5,7,9 and 11) they may start from the last page for the first day and for evens months (2,4,6,8,10 and 12) use the first page for the first day.

Your Imagination is the key words here, any combination of anything can be used it’s just endlees!
As your secret book, the pattern selected need to be known only by the persons that will cipher or decipher those secrets messages.

Another scenario, our little group, Bob, Alice and Sam, agree to buy 3 books, one for Bob message, one for Alice and another one for Sam. using the same patern, When Alice and Bob receive an encrypted message from Sam, Alice and Bob take the secret book assign to Sam. And it works the same way when Alice needs to encrypt her message for her two friends.

Using this technics, a kind of One Time Pad, you can easily switch your Pass phrase everyday, with out any doubt that till your secret book is not reveal and your method been used with this book there’s no way your ennemies will find all yours secrets Pass phrases.

Have fun!

Password strategy…

Posted September 16, 2009 by Sylvain
Tagged As: , , | Categories: General | Comments Off

Recently you probably sign up for a new service, like a new online email service, another time to select a secure password. Which password to enter this time?

This post will help you to select a different password each time you are required a new one with out using any other tools except you own memory!

A minimal password should be at least 8 characters, made a password of 64 bits, ends up with  4 294 967 295 possibilities, that’s a minimal length for today protection.

Keep in mind, there’s no way to use a brute force on long password or pass phrase. It’s just too long to test all possibilities. Specialist says, one password with 16 characters (128 bits) 2^56-1 possibilities, will take more time then the age of the universe. If brute force is not an option, what else?

Dictionary attack!

What that’s mean, if you have lost one of your password once, good chance you try this technic already. Your pets name, wife name or kids names, birthday, social number etc…

That’s a good example of a dictionary attack.  So if anyone know you enough to build the same list, that’s means these passwords are not good enough to protect your virtual life information.

To protect your data or services access with a password it’s important to keep in mind the complexity.

But password complexity, of course remember a password of 24 pure random characters can be a nightmare, worst case forgotten or mistyped.

To help you with this task here are the instruction to start you own password strategy.

1. Build your new password seed

2. Set reference by application

3. Apply reference  to your seed

4. Use your new password


Why not using something you know very well, but not as a password but as seed. This seed will become your key

to generate usable password you want to use in different application, but remember your should never be used as a password itself!

Let’s say your name is Bob Smith and your wife is Alice Cooper and take the first and last letters of these name, BbShAeCr, then we’ve got an 8 chars seed.

Easy to remember, right?

Now the fun part of it. Now invent your own string scramble, it may be switch lower case to upper case, and same for upper to lower case, bBsHaEcR, and why not add a symbol to this seed, bBsH+aEcR=.

The seed is now ready to be use and not doubt that can be repeat anytime.

Now the application process.

Let say we need 3 password, one for the login account in your PC, your Bank account,  and your email account. You can named these applications as 1, 2 and 3, but I find it to easy.

Let’s add more fancy pattern, number of characters in application name, a PC will stand as 2, bank to 4 and email as 5.

Now generate the password to be used with the number:

PC will be : bBsH+aEcR= + 2, become dDuJ+cGeT=

Bank will be : bBsH+aEcR= + 4, become gGxM+fJhw=

Email will be : bBsH+aEcR= + 5, become hHyN+gKIx=


We have now 3 strong password that will resist to any Dictionary attack and that I will be able to generate anytime we want it!

It may seem hard at beginning, but you will remember it very easily if you practice it.

Every time I end up with strange looking password like these one. I open Notepad, and type it 20 or 30 times these password. My hands memory will remember more then 60% of these hard to remember password.

If in the worst case I forgot a password, for sure I know my seed very well then, if a few second I’ll be able to recover my forgotten password.

Lockdown your iPhone (part 2)

Posted August 21, 2009 by Sylvain
Tagged As: | Categories: General | Comments Off

Now we can track our losted iPhone, we’re probably on our way to get it back but….

How smart I was?

I’m using a smartphone right, should make me smarter!

So, I lock my device to be not used be anyone but me!

Every Smartphone device there’s a way to lock it down so, it will prompt the user to enter a PIN number like in iPhone or a swipe pattern like HTC android phone.

Like most of us, nobody use this option on regular base, why?

It’s painful to do unlock with a PIN every time we need to look something in our Smartphone when the screen is lock!
I do not remember anyone using it!

I remember someone ask me why I always put a boot password, then a second password for OS session.  The answer, the OS may protect my session but not the computer access. Anyone with a BOOT CD can access unprotected files. Then put a lock on our Smartphones is similar to a BOOT password, and encyption of data is the next level protection to lock down my sensitive data.

In the iPhone I set mPasscode locky Passcode lock to be effective after 5 minutes.

The other option you should consider it’s the Erase Data option. Erasing my phone data after 10 failed attempts it’s a must!

This option may stop anyone guessing your password while you are on your way to get back your iPhone.

Apple make a great work to lock down your device, but I did not see so many people using it! I know it’s a shame, we lock down our home PC with at least a OS session password, admin or root account, but I never lost or forget my PC in a restaurant or somewhere else… but a cell, can be forget or misplace so easilly.

For my Android phone I really like the gesture motion as a PIN number.
I’m away from this phone right now but will post all explanation later.

Lock down of your iPhone : part 1, Localization with MobileMe

Posted July 28, 2009 by Sylvain
Tagged As: | Categories: General | Comments Off

We’ve learn in the first post how easily we may cipher or encrypt any sensitive data in our Smartphone devices, in case someone look at our private or sensitive data, he will not be able to read any plain text again.

Now, we need to add a minimal security, let’s call this: The Human Firewall!

The need to lock down a Smartphone device, like an iPhone, is not an option, it’s a must. To make sure the iPhone forgotten in the restaurant where you took your lunch today, should be protected somehow right? So, let’s talk about the new options iPhone Localization first.

With the recent iPhone update, a great features is provided. It’s localization device with MobileMe service. When you add your MobileMe account to your iPhone device don’t forget to enable the Option ‘Find My iPhone’, by setting this feature at ‘On’ you will be able to pin point your device with MobileMe web site.

IMG_0016 If you have already a MobileMe account, make sure is already set with your iPhone. Start the Setting application, in your email setting (Settings/ Mail, Contacts / MobileMe), then select your MobileMe account. If is not added yet, do it first.

When you get the MobileMe account in the Mail setting, select it. It will take you to the next step. ‘Find My iPhone’ features.

IMG_0015At this point, you may select some others interesting features like syncing your Mail, Contacts Calendars and Bookmarks with MobileMe.

Now, make sure the Find My iPhone is select, and answer Allow to the question about enabling the feature.

That’s it! At least for your iPhone, for this point we will test this features with MobileMe web site, to see how it works, and look to other options accessible with the MobileMe option.

Start your Browser, then go to Mobile Me site at www.me.com, log with same account you’ve just set into your iPhone. With the top graphic menu go in Setting section, you should see the left side menu with the last option ‘Find My iPhone‘.

When you get there, a nice Google map will show you where exactly the iPhone is located. If the map is not update, just use the ‘Update Location‘ button.

To be honest, it’s very impressive, how simple can be to pin point the exact location of your lost iPhone, but it’s not all. You can also interact with the iPhone by sending an alert message to it.

IMG_0017So if anyone got your phone is his hand, he will know, that you are looking for it.

So the rest it’s up to to run over your precious iPhone.

But, all sensitive information, are already cipher right?

Remember our last post. Using mobilEEnigma, all Notes, SMS and mail are well encrypted! If not, it’s never too late to start this good habit. Get you free version right now at iTunes Store.

click here to start your download with iTunes.

Feel bad because nobody seem to answer your call or ignore your message sent to your iPhone. Last final step is crucial. Delete your data remotely. That’s the worst case scenario of course, but you made a backup on regular base right?

So the lost iPhone will be automatically restore to factory setting, period. Now one more things for sure, call your service provider to warn them that your iPhone is lost.

Conclusion, a remote location, message to lost iPhone and ultimate Wipe are the first thing your should know before using this devices and begin to enter all kind of information on it. Then you get an iPhone device, great device, but become a real Great device when it’s combine with MobileMe service.

Thank you for Reading and never forget,
Hope for the best, but plan for the worst!

Smartphones and our security…

Posted July 20, 2009 by Sylvain
Tagged As: | Categories: General | Comments Off

The usage of Smartphones are so popular today, a cell phone with a Qwerty interface it’s so useful right? Very handy to type in all our notes, PIN, Password list, driver license number, social security number, and so on… So, everything is in place for an identity theft!

Smartphones are not automatically blocked if you loose it or left behind anyone can easily look all your notes, emails, sms, contacts, and many more things about you and your daily habit. Of course, they exist so many applications and company involve in security telling you to protect your sensitive data with their software, but some are very hard to use and very limited also. None of them can lock down some or all your notes, sensitive emails or sms and maybe some of your hot contacts. May be one, mobilEEnigma.

I’ve be been so scared to loose my Smartphone in the past, then I always limit myself to store any sensitive data in my devices and I had so many to remember. As a computer technician and software developer for over 15 years now, a lot of these things where just remembered by heart or lock in a safe just in case. So, I started to research the perfect tools, it wasn’t exist, then I made it for myself. I realize that it was very easy to use, with all application I normally use, like all my Notes from my devices and also Notes from my Desktop.

The next step, I start to share mobiEEnigma with friends, same feedback, so after that I put this application on his own page web for public access. As a free application, my goal is to  make safer world and if it can prevent only one identity theft, it will be a great success!

To get overview visit http://www.mobileenigma.com for a Smartphone solution,
or http://www.officeenigma.com for a desktop version
and also there is an online version at http://www.onlineenigma.com

Remember: Hope for the best, but plan for the worst!

Sylvain Deguire
mobilEEnigma creator.

Smartphone Security, a new Blog…

Posted by Sylvain
Tagged As: | Categories: General | Comments Off

Welcome to Smartphone Security Blog,

This blog will be about Smartphone Security of course.  I will write various articles about Smartphones, how to use them Safely and efficiently.

From BlackBerry to iPhone, and new Android device, these 3 great platforms will be my main cover.

Thanks to visit this Blog,
Sylvain Deguire