IDF Task Force

While it hasn’t been advertised to a great degree, mobile spy application development has been going on for many years now. From simple application that will get your contacts list to more sophisticated applications that will track your location are all available on the market for anyone to buy.

There has been cases where mobile spy application have been used by criminals and even pedophiles. Mary Smith (name changed) had mobile spy application installed on her phone while at work without even knowing it. Person that actually installed it, later turned out to be her co-worker. Couple days later Mary started receiving harassing messages stating her location and who she talked to. After several months of trying to deal with her stalker, Mary decided to have her phone checked. After doing some forensics on her phone, a mobile spy application has been discovered. Investigating the matter even further showed the person that installed the application. As was later discovered her co-worker had a crush on her for a long time and after unsuccessfully trying to ask Mary out decided to take a different approach.  Today Mary can talk about the incident calmly; however, at the time when it happened she was having a nervous breakdown as she later said. Despite the fact that its’ all behind her, a feeling that someone is constantly watching her has not fully left her to this day.

Mary is not the only victim of mobile spy software. While not widely publicized, mobile spy application sales go up every year. It takes couple minutes to install it and it costs less than your gym membership.

If you suspect that you have been a victim of mobile spy phone application and your boyfriend / girlfriend or even your spouse has installed a ‘bug’ on your phone, have it checked by IDF Task Force and don’t be a victim.

IDF Task Force is aware of public reports of malicious code circulating via
spam email messages related to the IRS. The attacks arrive via an
unsolicited email message and may contain a subject line of “Notice of
Underreported  Income.” These messages may contain a link or
attachment. If users click on this link or open the attachment, they
may be infected with malicious code, including the Zeus Trojan.

US-CERT encourages users and administrators to take the following
measures to protect themselves:
* Review the How to Report and Identify Phishing, E-mail Scams and
Bogus IRS Web Sites document on the IRS website.
* Do not follow unsolicited web links or attachments in email
messages.
* Maintain up-to-date antivirus software.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Normally, when you enter your password into an iPhone, there are asterix that cover it from prying eyes. However, as was discovered in version 3.0 and 3.0.1, it is possible to reveal hidden password.

Here is how to test it:

1. Navigate to the password field in the email settings.
2. Delete the last masked character
3. Shake the phone for the undo function and select undo
4. Write down the unmasked character iPhone shows when the delete is undone
5. Delete the character again (password is 1 shorter then before)
6. Hit the home button
7. Go to step 1 and repeat until all characters are unmasked

Taking in consideration this issue, it is advisable to use Passcode Lock feature to prevent anyone from unmasking your password.

There is no known fix for this issue.

Are you looking to trade in your BlackBerry or your iPhone. Do you have any personal information on it? If you trade in your phone as is, anyone who gets your phone in the future can have access to this information.

Solution is to wipe it clean. Her is how you do it:

iPhone – Erasing Data

If you have the latest stable version of software on your iPhone, the data can be wiped securely.

The steps to erase the data on iPhones running 2.0 or later versions of the OS are:

Go to Settings > General > Reset > Erase All Contents and Settings

BlackBerry – Erasing Data

On the BlackBerry if you incorrectly enter your password 10 times then enter the code “blackberry” to trigger a wipe OR go to:

Options > Security Options > General Settings > Click the trackwheel/trackball on the Password field > Select “Wipe Handheld” > Enter “blackberry” when prompted.

If you are still unsure on how to securely delete all your data, call us to schedule a clean wipe of your phone – 1-888-843-4262.

As defined in a whitepaper on written by Eric Everson: “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” In other words, a JavaMite is a mobile malware that has been in development for sometime.

In February of 2009 a mobile trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) was released which targeted Indonesia by disguising itself as an instant messaging application for singles. The Trojan-SMS.J2ME.GameSat.a file was designed to compromise the mobile banking of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account. This attack targeted handsets without third party mobile security applications.

At face value this may seem like another harmless attack, but from the perspective of technical sophistication this form of mobile malware is a major development. This form of mobile malware has the technical capacity to infect mobile devices by the masses and so far the authors have demonstrated a preference of targeting the mobile banking sector.

T-Mobile did take its time with 3G network. However, now they are the first in the US to launch a 21 Mbps HSPA+. Not only that, but they are doing it right here in Philadelphia. Next year T-Mobile is looking to launch this network in more places around the country.

Apple released the iPhone OS 3.1 update earlier this month claiming that it will  solve a number of issues. Most noticeable fix was meant for battery issues. However, there are still complaints from some iPhone 3.1 user that claim to have same battery issue.  You can read iPhone user’s complaints at apple forum.

In an effort to correct the problem Apple’s helpdesk has contacted some of users who complained about the battery issue. They were asked 11 questions to narrow down on the cause of the problem.  Users also got a battey life monitoring application that will send battery logs data to Apple.

If you are trying to delete an email, whether it’s from a sweetheart, or your stalker, or your boss from a  top secret government agency,  you expect deleted email to stay deleted.  However, that does not seem to be the case with iPhone 3.0.

Even after deletion, email messages appear in search on iPhone 3.0 dating back as far as several months. This is a major security flaw that can cause a lot of headache.

Here is how to reproduce it:

1.) Find a message with a memorable subject line, and delete it.
2.) Go to your trash, and remove the message from there.
3.) Check whatever IMAP folders may be listed on your device—this works with POP too—and make sure your message is really not there.
4.) Flick over to the main Spotlight search screen, and search for the subject line on that message that shouldn’t exist
5.) Be shocked and confused when you find that not only can you see the subject line in a simple search—you can still view the entire message. Your email-based illicit affairs are ruined.

An undisclosed source has confirmed that version 3.1 does not have same bug.

Solution: Upgrade your iPhone to version 3.1 (You will loose your jailbrake if you upgrade)

Is being unable to delete your email messages really a bug or has this functionality been designed to retrieve user’s emails (for any purpose) and the fact that search feature can find it is just a mistake on Apple’s part? We want to hear your opinion: info@idftaskforce.com