Tuesday, January 24, 2012


You have most likely received those fraudulent SMS messages that try to con you out of your M-Pesa money. Social engineering is the primary technique used to ensnare the unsuspecting into sending money to these criminals popularly known as Kamiti conmen.

These ‘soft’ techniques will eventually become well known and the conmen will naturally innovate other methods of getting those PINs that reside in your mobile phone. They can do this in two ways – logically or physically.

You data can be pried out of your phone’s temporary memory (logically) or from your phone’s hard drive/flash card (physically).

Your temporary (or cache) memory is simply the information that disappears when you switch off your phone and is similar to the computer’s volatile memory. Examples would include your PINS, passwords or email messages.

Permanent data in your phone is usually stored in the internal drive or the flash card in most phones. This data remains there until physically changed, or deleted. The data is not lost when the power is turned off.

Temporary data (for example online banking or money transfer details) can be obtained from your phone by conducting a logical dump. This technique basically dumps all your temporary data into a destination within a few minutes. Obtaining a physical dump on the other hand is much easier because it simply entails the copying of your data that is stored in the internal drive or the flash card.

Another concern that you should be aware of is that data stored on some smartphones can be forensically restored or retrieved. Data stored on physical media such as the phone’s internal drive, or its flash card, can be restored even after deletion. This data can, for example, be deleted voicemail messages, emails, SMS messages, calendar events, deleted photos and typing cache (where an SMS can be retrieved even if the SMS was deleted before sending).

The main point to note is that the data in your phone is worth more than your phone many times over. This data can be obtained overtly and covertly. Deleting it does not mean it can’t be retrieved.

The sheer amount of your personal data that is in your mobile phone is enormous and how you protect it should be of paramount concern to you.

No comments: