Cell Phones

AH, OUR BELOVED PHONES
A friend asked yesterday, Wednesday, May 10, 2017, if companies can snoop on you by snooping on your call, text, and browsing activity on your phone.  I assumed, yes, since if you’re using your company’s app, you are surrendering your personal data and personal contacts.  So I checked online this morning and found a couple of things.  Here is one:

Even if you are not sure, always assume yes. Even if you are sure, they might have a contract with the ISP, a rogue admin who installed a packetlogger, a video camera that catches your screen… yes.

Everything you do at the workplace is visible to everyone. Especially everything you do on digital media. Especially personal things. Especially things you would not want them to see.

One of the basic rules of Information Security is that whoever has physical access to the machine, has the machine. Your employer has physical access to everything: the machine, the network, the infrastructure. He can add and change policies, install certificates, play man in the middle. Even websites with ‘SSL’ can be intercepted. There are plenty of valid reasons for this, mostly related to their own network security (antivirus, logging, prohibiting access to certain sites or functionalities).

Even if you get lucky and they cannot see the contents of your messages, they might still be able to see a lot of other things: how many connections you made, to which sites, how much data you sent, at what times… even when using your own device, even using a secure connection, network logs can be pretty revealing.

Please, when you are at work, or using a work computer, or even using your own computer on the company network: always assume everything you do can be seen by your employer.

So what this tells me is that your employer has a lot of control over the app.  This should spell trouble for anyone.  So be cautious.

Then there was this dated gem:

Employer monitoring is “becoming more and more common,” says Galen M. Hair, Partner at Varadi, Hair & Checki and Rocket Lawyer On Call attorney. “More frequently, however, employers are subject to lawsuits.”

So beware, my young Miles Cavendish.

False reassurance is given by folks saying if you’re on your company’s network, then you’re vulnerable.  But that’s not where it ends either.  What happens is that your network provider, like Verizon or AT&T, will sell or leak that data to the highest bidder.

MetroPCS is owned by T-Mobile.  And we all should remind ourselves what Verizon did back in 2012.  So what we’re confronted with her is passive surveillance by general data collection, more aggressive surveillance from employers who pay 3rd party data collectors and who might pay someone at your network to access your data, and then there is criminal surveillance.  It’s all criminal.  The East German Stasi are amateurs compared to what we face in the U.S. and around the world today.

Then there’s this and this.  Talk about a wicked web.

REVERSE LOOK-UPS
Not all paid reverse lookup sites are alike.  And not all phone numbers are registered the same way.  Some are protected by their carrier.

Reverse look-up directory use only publicly available information. Numbers that are are either unlisted or unassigned are not listed. Also, some carriers do not disclose their numbers for their cell phone customers to avoid unwanted calls.

And then certain numbers go undetected for other reasons :

. . . prepaid phones, public phones or online VoIP numbers (such as Vonage, Skype or MagicJack numbers). In these cases there is just no trace of an owner.

This search tool, called True People Search, came recommended but certainly does not deliver as promised. 

This article provides some useful insights on smartphone security.  The site is called Kaspersky Lab.  See his blog menu.  This was good . . . 

Though people have learned to be skeptical of emails asking them to “click to see this funny video!”, security lab Kaspersky notes that they tend to be less wary on their phones

So people are less wary of their phones than they are while on their computers.  Here is another article that is good.  

TEXTS
Some phones retain 100% of your texts.  I know that iPhones keep your texts.  But Androids, like Metro PCS, does not seem to keep 100% of your texts.  Here is one commenter at Quora.

Short answer, you can’t. Long answer, I’m not sure about Metro but the major carriers (ie: Verizon, AT+T, Sprint…etc) are not allowed by Law to retrieve deleted messages unless subpoened by the court for a legal case or at the request of Representative Attorney on a legal case, not even for the customer themselves. They are governed by law to protect CPNI (Customer Propietary Network Information) so you can’t request them to retrieve that info unless you have an attorney and a pending court case that specifically needs that information. I’ve seen some comments about a hacker that can get that info by hacking into (fill in the blank) but I would be very wary about going that route due to the illegality of it. So the choice is yours…Good Luck.