Hi Rolf
Just to let you know I do not recommend this product because I have never used it. I posted just to let you know some of the points you were making are raised by that company's website.
Appreciated to be a trusted source but I really agree with you and your boss - check it out thoroughly.
Hi Greg, you have my respect as a longterm expert in the mobile broadband forensics. The point to think is if something is highly protected from the outside and not breakable, its - as you said - worth thinking about to trust about the inside (blackbox dilemma). Will post my background check here again.
'Trust is not transferable, build it by your own' - hangs on the wall in our lab 😉
I got the order to split the two issues. Due to hard to proof trust of XCell Technologies LLC., and the blackbox dilemma. For a critical mission we will not use XCell as they for good business reasons not fully disclose the inside after getting in touch.
For me somehow remains A blackbox might be the perfect solution to protect you - but can also be the trojan horse.
Unsolvable dilemma.
Hi Rolf, then keep identifying the problem issues and sharing what we know (provided in the sharing we don't undermine a lawful investigation or national security), let's see what can be achieved. We may succeed or we may not, but at least let's try. Never say never.
Hi Greg, you are completely right! The background check and get in touch with XCell Tech. resulted in two ways. The mobiles are forensic bullet-proofed, no doubt. If someone already tested this feature on 'firering-to-the-blackbox' we don't know. Their customers tend to be
Gov and not usual end users, could also be crime, as ordering online and by paypal is possible.
So they don't know 'who' really have their phones - its also not their job ot check customers intensions.
But we as examiners may face one day a XCell device, then remember this post 😉
2nd is a general problem in we call this 'fast-building-trust'. Normally trust grows over time and if not there has to be an ID-card proofing that you are legitimated to do without trust. A fear here come up is the following one Connected to a mobile broadband network which in the core network (elements) runs All-IP may reveals your 'User-Agent-String (UAS)' as webbrowsers do over html/xml. We questioned Do actual mobile OSs or Apps (native, downloaded through Play store or App store) reveal the 'UAS' of your device in the broadband network? If the hardened OS of the XCell device 'shows up' in a mobile broadband network can software agents catch the IMEI's and track them? XCell devices change their IMEI dynamically, to block tracing. But the vulnerability they promise to protect you from (technically correct) may makes you obtrusive by the 'UAS'. XCell actually has no Apps-based devices 😉
Do you win highly protected if your shields (technically) identify you as 'curious'?
Who is more safe, the one highly protected or the one acting so clever 'flying below the radar'? Adaptable also on encryption or simple criss-cross decepted communication routing. We here test MPTCP over multi-webaccess connections (Multi-In-Single-Out MISO).
For our mission we take the 5s with microSD flash.
'User-Agent-String (UAS)'.
Hi Rolf which web browser are you going to use?
Hi Greg, on the iPhone 5s will use HttpWatch Professional, expensive but all http traffic logged, second choice Kaspersky Safe Browser free
Wondering if in iOS 9.3 Beta 4 (13E5214) randomized MAC address of Wi-Fi (on but not connected) is still in the code (iOS 8 annonced). Who from Blackbag Tech with direct Apple ties knows this for sure?