Hacker 10 – Security Hacker

Category: Mobile Phone

Mobile phone security

  • Hide it Pro hides photos and videos in Android and iPhone

    Hide it Pro hides photos and videos in Android and iPhone

    Hide it Pro is a free app for Android and iPhone to hide pictures, videos, audio files and others. The app is disguised as a functional audio manager, anyone playing with your phone will not realise you have a privacy app installed, the icon looks like a music sound logo, tapping it will launch a menu to adjust the phone ring tone volume.

    When you run the app for the first time you will be asked to enter a numeric pin code or password to lock your screen, an email address can be linked to your account to reset your password if you forget it, it is not compulsory you do that. Using Hide it Pro interface you can select the files you would like to hide vanishing them from gallery view, encrypting the data with AES256-bit and password protecting everything, you can email files from inside the app or view a custom photo slideshow without having to move the photos outside the encrypted folder.

    Hide it Pro hides Android&iPhone photos
    Hide it Pro hides Android&iPhone photos

    Hide it Pro can set up a second escape password, leading the user to a different encrypted container that you can show to people if anyone discovers that you own encrypted data and are forced to reveal the password under threats, the escape password works like Truecrypt hidden container feature but I don’t know how safe this is from a thorough investigation, you just have to trust the developer did everything right.

    If you share your mobile phone with family members or work colleagues Hide it Pro will prevent them from discovering private images stored in your mobile phone, the app is self-explanatory, it can also be used to hide and lock other apps.

    Android Hide it Pro in Google Play

    iPhone Hide it Pro in iTunes

  • iPhone anonymous Internet with the Onion Browser

    iPhone anonymous Internet with the Onion Browser

    The Onion Browser is an iPhone only browser for anonymous Internet browsing using your smartphone relying on  the untraceable tor proxy network to hide your real IP from websites you visit. The tor network can be slow at times due to the number of nodes relaying traffic and overall network load, for browsing without file downloads or video streaming speed should be sufficient, the Onion Browser also gets around firewalls if you are using a public Wifi access point that filters traffic and blocks websites and since communications in tor are encrypted with SSL any packet sniffers deployed by the Wifi network administrator will not be able to see what websites you visit, only that you are connected to tor.

    The app options include “Enable UA Spoofing” to fake the HTTP User Agent header sent to the websites you visit, it can be changed to iOS Safari to improve mobile website compatibility, or to a Windows 7 and Firefox string so that it will look like you are browsing using a desktop computer, “Cookies” can be set to Allow All / Block Third Party / Block All, a “New Identity” button will clears all cookies, history and cache requesting a new IP with a single tap, there is a way to set up bridges, unpublished tor proxy relays for those living in countries like China where tor is blocked by the ISP, setting up a bridge on this app takes some work, best if you can avoid having to apply them.

    iPhone Onion Broswer tor proxy
    iPhone Onion Broswer tor proxy

    I found the app lacked bookmarking but the startup page contains a list of well-known .onion sites that will take you where you want to go. For anyone concerned about built-in backdoors the Onion Browser source code can be downloaded from the open source platform GitHub along with technical details, the app will work in the iPad too.

    Note: The iPhone Onion Browser costs $1.50

    Visit iPhone Onion browser in iTunes

  • Android Truecrypt compatible app EDS Lite

    Android Truecrypt compatible app EDS Lite

    Encrypted Data Store Lite is an Android app that allows you to save files inside an encrypted container using AES256bit, it can also mount any Truecrypt compatible container from your phone, but to do that you will have to make sure that Truecrypt settings when creating a container are set to Encryption algorithm: AES256, Hash algorithm:SHA-512 and File system:FAT, these are not Truecrypt default settings which are set to Hash algorithm RIPEMD-160, if you use a different algorithms to create a Truecrypt container then EDS Lite will not be able to mount it.

    The app comes with a simple built-in image viewer  that can show pictures and thumbnails, files with the extension .edc, EDS own format, and .tc, Truecrypt file extension, can be associated with the app for easy opening, other options allow the app to prevent your phone or tablet from going into sleep mode to make sure that an encrypted container will not be left open unattended by mistake, EDS Lite can write to an external Secure Digital storage card modifying and deleting files stored inside.

    Android Encrypted Data Storage Lite
    Android Encrypted Data Storage Lite

    A “send to” link can quickly encrypt photos or videos from the gallery, but remember that anything you leave behind if it has not been securely wiped it could still be recovered, while the encryption can not be cracked, when you view a document stored inside the container there will be temporary traces left in the external reader you used, a compromising file name and perhaps a full copy of the confidential document might have been created outside the container by a third party viewer. A full paid for version of the EDS app allows you to play media files inside the container, not leaving temporary data behind, it comes with a search index to find files inside the encrypted container, it can synchronize data with Dropbox and allows for container security using a hand-drawn pattern in succession with a password.

    It is refreshing to see attempts to port Truecrypt compatible encryption to mobile devices, having a standard is very important for long term storage and data transmission, there is nothing more annoying than being forced to download multiple programs to do the same thing and not knowing if it will work in a different platform, I hope other developers come up with similar programs.

    Visit EDS Lite in Google Play

  • Run a SSH server in Android

    Run a SSH server in Android

    SSH Server is a complete Secure Shell daemon, Secure FTP,  Secure Copy and Telnet server Android app that doesn’t need rooting the device. After installing the app you will be able to enter an SSH server hostname and port, with optional public key encryption authentication instead of password and allowing X11 forwarding, a way to grant graphical information to pass through firewalls, giving you a graphical interface if the Unix server you are connecting to supports it.

    Logging is very detailed, in verbose mode it includes filters and email logs, to save space it can be set to only record errors leaving connection logs out, the server is accessible from the Internet and you can whitelist IP addresses blocking everyone else.

    Android SSH server app
    Android SSH server app

    The free version of SSH Server only allows for one server, it should be enough for most people, to connect to the server just use SSH command line from shell like you would do in Linux, in the form of:

    ssh -v -l USERNAME ADDRESS -p PORT

    With -v being for verbose -l for login and -p indicating the port, the server address should be the IP, the app supports dynamic DNS setting a permanent custom hostname that you can access, remaining always the same even if your device IP changes, companies like DynDNS can provide this service. There are other Android apps like Dropbear providing SSH capabilities to your phone but it requires root, and there is the connectbot app too but this SSH Server from Icecoldapps is the most complete, it comes with SFTP combined with SSH.

    Visit SSH server in Google Play

  • Access Truecrypt and EncFS volumes in Android with Cryptonite

    Access Truecrypt and EncFS volumes in Android with Cryptonite

    Cryptonite is an Android app that brings the FUSE based cryptographic filesystem EncFS and TrueCrypt to Android, you can link it to your Dropbox account with a single tap, after that you will be able to read and write on Dropbox EncFS volumes, exporting, viewing or uploading new files. Dropbox claims to keep data already encrypted in their servers but if anyone finds out your password account they will be able to read the files, encrypting them with Cryptonite you are placing a second security layer on top and block Dropbox built-in backdoor to your data.

    To access your files offline sync them to a local folder with an app providing online storage synchronization, e.g. FolderSync. EncFS has a front end interface but Truecrypt is only available as a command line version, rooted phones that support the FUSE kernel, e.g. CyanogenMod, can mount an EncFS or Truecrypt volume, there is a Truecrypt work around to avoid having to use a rooted file browser, by typing “truecrypt –fs-options=”uid=1000,gid=1000,umask=0002″ volume.tc /sdcard/tc“. EncFS will use the encryption ciphers found in the system encryption libraries, Cryptonite allows you to select the encryption method, from a “Quick” Blowfish 128bit up to a “Paranoia” AES256bit with filename block encoding, other preferences include saving temporary files on an external SD card, setting up the mount storage point, clearing the cache and the “Chuck Norris mode” for experienced users that do not want to receive any security warning from the app.

    Android Truecrypt compatible encryption Cryptonite
    Android Truecrypt compatible encryption Cryptonite

    You can browse, export and open encrypted EncFS directories and files on your Dropbox and to your phone, when you open a file from a decrypted EncFS volume Cryptonite will produce a temporary copy in “/data/data/csh.cryptonite/app_open/path_to_your_file”, anyone with access to your phone could recover those files, the app includes a text viewer that works in memory and does not save any temporary copy, there are plans to add an image viewer in the future but right now there isn’t one and if you open an image a temporary copy could be made on the phone outside the encrypted container.

    Note: App still in development and intended for advanced users.

    Visit Cryptonite Android in Google Play

  • Mobile phone password manager WISeID

    Mobile phone password manager WISeID

    WISeID is a password manager available for Android, iPhone/iPad, Windows Mobile and BlackBerry, it has been designed to locally encrypt data in your phone using AES256, a very secure uncrackable algorithm that is a US government standard. You will be asked to enter a master password after installing the app, to unlock the database you can use a combination of face recognition or dot pattern together with the passphrase.

    Inside the app everything can be categorized into passwords, bank accounts, social network logins, credit cards, email accounts and others, data can be searched and optionally synced across devices using a Dropbox account.

    WiseID smartphone password manager
    WiseID smartphone password manager

    After storing the username and password for a website inside WISeID you can launch the URL to automatically log in, saving you time. The encrypted data is kept in the mobile device at all times, unlike Lastpass, there is no central server where accreditations are communicated. WISeID is open to the choice of registering with them and get a free X.509 digital certificate called WISeKey’s Personal ID or eID that can be used to encrypt and digitally sign email messages.

    There is no way to recover your data if you lose your master password, no backdoor built in. At the moment of writing WISeID is free, if this changes you might want to look into KeePass mobile password manager instead.

    Visit WiseID homepage

  • iPhone & iPad steganography app Spy Pix

    iPhone & iPad steganography app Spy Pix

    Spy Pix is an steganographic tool to hide images inside others, the advantage over encryption is that while encrypted data indicates something of value being protected, by hiding data in plain sight an attacker would have to know first what he is looking for. This tool can be used to send secret messages to your friends, they will need to have SpyPix installed to reveal the hidden message.

    The images are saved as .png (Portable Network Graphics), they could be uploaded to flickr or photobucket and your contact download it from anywhere in the world to decode it, the  hidden image can contain a written message with instructions. This system avoids compromising your contacts, if your iPhone is seized by hostile authorities they could work out who you have been emailing with and follow the trail, uploading the image to a public website with thousands of visitors needs some guess work to find out who the receiver is.

    iPhone steganography app SpyPix
    iPhone steganography app SpyPix

    Supporting for the built-in camera Spy Pix can use photographs you take as a carrier to hide other images, use a photo from your album or copy an image from another app, the photos can be easily blended using a slider that allows you to control end image quality, you can send them by email using a single button, the options aren’t amazing but they do everything you need and keeping it simple makes operating this app easy.

    Spy Pix could be greatly improved if encryption was used and a password was asked to decipher the hidden image/message.

    Note: This app is not free, priced at $1.

    Visit Spy Pix homepage