[Full-disclosure] Retrieving "deleted" sms/mms from Nokia phone (Symbian S60)
michael.holstein at csuohio.edu
Wed May 16 20:25:29 BST 2007
and what's more .. Flash memory not being infinitely over-writable, file
systems used on those devices (JFFS2 for example) actually encourage
leaving data behind by ensuring recently unlinked logical blocks aren't
re-used anytime soon (wear-leveling).
I know the original method proposed is non-destructive, but using a test
clip it's possible to dump the contents of just about any flash device.
Furthermore, given a significantly motivated adversary (and barring all
but physical destruction of the chip die itself -- not just the package)
one could also read the contents with a microscope -- even after several
(*) link : http://www.cl.cam.ac.uk/~sps32/DataRem_CHES2005.pdf
But if all you're trying to do is retrieve SMS messages, it'd be a lot
easier to just subpoena the carrier .. they keep the contents forever
(even if they say they don't .. I know for a fact they do because I
personally saw one of the major US carriers .. [ahem.. Verizon] ..
deliver boxes of sent/received text messages -- for hundreds of phones
-- going back at least a year).
Michael Holstein CISSP GCIA
Cleveland State University
> It's also possible to recover deleted photos from almost any flash card
> in almost any device (camera, mobile, etc) - it's a way general purpose
> file systems work. Requirement to delete information securely is
> enforced in devices certified to e.g. process US military secretes. In
> this case, device must follow DoD 5220-22-M recommendations and you can
> expect secure erase. In general purpose operation systems and devices,
> to delete information securely (wipe it) some additional
> actions/utilities are usually required.
Full-Disclosure is hosted and sponsored by Secunia.