Old pre-smartphones from eBay – Blackmail Central!

Whilst most smartphone users understand the need to factory reset a phone before selling the handset, in our experience, older pre-smart phones are rarely wiped.

So we bought a few from eBay, resurrected them using a few simple tricks and started gathering data.

Some of the information we found was pretty interesting: very compromising photos and text messages, all of which could be used to blackmail the ex-owner.

Here’s a how-to, covering a couple of example handsets.

What did we get?

One of the boxes contained two old style, pre-smartphone mobile phones from around the mid to late 2000s. Here we can see them all bruised and manky looking below:

Whilst trying to get my logic analyser to actually work, I wondered what was on these phones; did the previous owner follow all advice and wipe them first, or did they just throw them into a box and hawk them on a popular auction web site?

Fail at Start: Power

So, it’s time to have a look. The first problem is to get power into the phones, the phones both had their original lithium-ion batteries. Lithim Ion batteries tend to have a good cycle life, but they have a shelf life as they degrade massively with age. After five years it is unlikely that the batteries would hold enough charge to use the phone.

So, the only other option is to skip the battery and use a charger. I no longer have any pre-smartphone chargers, and only a Sony Ericsson one had been included in the boxed of junk. So I needed to jump back on that auction site and buy myself a charger.

Using the charger included in the box of junk, I managed to get enough power into the Sony Ericsson to turn it on; although the battery was on its last legs and didn’t hold enough power to run without it being plugged in to the mains.

You can probably already guess what I found on there: text messages, photos and phonebook entries which gave a little snapshot into the owner’s life from around 2008 to 2009.

The Nokia phone would not hold even enough charge to boot, so an alternative solution had to be found: as part of my experimentation with JTAG ports, I had an adaptor cable which took USB power and piped it out to three connectors, which matched the Nokia battery perfectly, the connectors being:

• VCC – 3.7 V power feed
• GND – Ground
• BSI – Battery Status Indicator – which tells the phone how much power is in the battery

Attaching these allowed me to boot up the phone and browse around it, although as the SIM for the Nokia had a PIN lock on it, I had to swap over the SIM for a deactivated one to even be able to boot the phone!

The contents of the Nokia were similar to those of the Sony Ericsson: complete phonebook, text messages and photos.

Removable Media

One of the easiest tests to find information is to start at the basics: removable memory, if we look at the nude back of the Nokia we can see two things that can be removed:

1. In green: an SD-Card (32 Mbyte, oh, the halcyon days!)
2. In red: a SIM card

The Sony Ericsson had a SIM card but no memory card.

SIM cards contain not only the data for your phone to connect to the mobile networks, they can also store information, such as a small amount of SMS messages and some phone book entries. It’s always worth having a look at what they have on, using an appropriate adaptor. In our case, one SIM was PIN locked and the other seem to be a standard O2 pay as you go SIM:

Phonebook

SMS store

We can’t get anything interesting from here, so next up is that SD-Card from the Nokia phone, and here we first see something interesting; it has files, mostly image and audio:

The files themselves give a decent idea of how old the phone is and its period of use (between October 2006 and September 2007). Looking at the photos allows us to see, not only what the owner looks like, but also probably more of one of his lady friends than I think she’d want us to see; and no level of redacting would make that publishable here.

Extracting Data from the Phone

So, how can I get this data off the phones? With a connector cable I can get a disk view into the phone’s file system, this is find for media files such as photos, but wouldn’t allow me to pull off the entries in the address book or the text messages. I could potentially set up a virtual machine with Windows XP and install the official PC programs for the phones, if they are still available and still work, but this doesn’t appeal to me.

So, let’s do it the hacky way: by using the modem interface of the phone. We can route to the phone’s GSM modem and issue commands which can allow us to alter the configuration of the phone or read data.

To get to the modem we can use a wired cable or even Bluetooth. For simplicity and as I didn’t want to alter the configuration of the phones, I used a cable.

There are a selection of modem ATtention codes defined by the ETSI GSM 07.07/3GPP TS 27.007 AT command set extensions. These include information to allow the reading of data about the phone, reading SMS messages and the phone book.

These commands can be issued programmatically or manually through your favourite serial communications program, such as Hyperterminal or minicom. Here’s an example when the version of the phone is requested:

Here, the ATI3 is the command, and the response is “Nokia 6230i”.

We can then use commands to read the SMS messages:

Notice that those are the same text messages shown when we dumped the SIM? That’s because most pre-smartphone phones had multiple memory banks which they could swap between them. The specifics depend on the manufacturer, but for our purposes we can see that we’re reading from the memory bank SM (for SIM). We want to read from the phone’s memory, so we need to set that to reading from the ME bank:

We can do the same thing with the phonebook, note this is also segregated into memory banks, the default is to access the SIM card:

Then we can change it to access the phone’s memory:

Also there’s a restore to factory default settings which was used to clear the phones so that they can’t be used once I dispose of them.

Conclusion

Just because that old-school pre-smartphone has sat in your drawer for years doesn’t mean that you shouldn’t wipe it. If you can’t power it up to do so because the battery has died, follow the tips above to get it running, then factory reset it.

If you can’t do that, consider destroying it!

And where do most old phones end up? Shipped off to other countries. Do you really want your personal photos and text messages going off around the world?