Saturday, September 29, 2018

What Information Can Be Pulled Off A Mobile Device SIM Card?

I recently taught a mobile forensics course and asked my students to identify what kind of information that can be retrieved from a mobile device SIM card.  Here’s a list of some of the retrievable information students listed:

 Integrated Circuit Card Identifier (ICCID) – this is the number that is printed on the SIM card itself.  It is nineteen or twenty digits long.

International Mobile Subscriber Identity (IMSI) – this is the number that identifies a SIM card user on a GSM network.  It is stored in the EF(IMSI).  It is a fifteen-digit number.  Three components that make up the IMSI are:
  • Mobile Country Code (MCC) – the first three digits identify the country.
  • Mobile Network Code (MNC) – the next two digits identifies the cell provider mobile unit in a GSM network.
  • Mobile Subscriber Identity Number (MSIN) – the next nine digits identifies the mobile unit in a GSM network.
Service Provider Name (SPN) – the mobile provider’s name.  This can be found from the ICCID.

Mobile Station International Subscriber Directory Number (MSISDN) – basically, the SIM card’s telephone number.  This number can vary from fifteen to sixteen digits long.  The MSISDN is stored in EF(MSISDN).  It is made up of three components:
  • Country Code (CC) – up to three digits
  • National Destination Code (NDC) – two or three digits
  • Subscriber Number (SN) – up to a max. of ten digits
Abbreviated Dialing Numbers (AND) – These numbers are shortcuts on the phone of the most frequently dialed phone numbers.  These are generated by the subscriber.  They are stored in the EF(AND) file.

Last Number Dialed (LND) – This is a listing of the most recent calls and can be found in the EF(LND).

Short Message Service (SMS) – Short messages sent to other phones with a maximum length of either 160 or 70 characters.  These messages can be found in the EF(SMS) file.  These messages show not only the message but also the time the message was sent, the sender and receiver’s phone number, etc.

Language Preference (LP) – the preferred language of the subscriber.

Card Holder Verification (CHV1 and CHV2) – allows access to files after the user’s verification of PIN 1(CHV1) or PIN 2(CHV2).

Ciphering Key (Kc) – a 64-bit ciphering key used for encryption and decryption of data on an over-the-air channel.  It is generated by the Mobile Station from a random challenge by the GSM network.

Fixed Dialing Numbers (FDN) – phone numbers added to a list and the SIM restricts outgoing calls only to those numbers listed.

Location Area Identity (LAI) – The LAI will be stored on the SIM card so that a phone knows what location it is in and able to receive service.  If a phone changes areas, then the new LAI is stored in the SIM.  This is great for investigators to be able to read a list of where the SIM card has been geographically.

Temporary Mobile Subscriber Identity (TMSI) – the SIM is assigned a TMSI by the Mobile Switching Center (MSC) whenever a phone is in the vicinity of a new MSC.  Information about the phone is stored in the Visitor Location Register (VLR) and the phone is given a TMSI which allows the subscriber to be uniquely identified.

Service Dialing Numbers (SDN) – Numbers that are installed by the service provider which cannot be changed or deleted by the user.  The SDNs are usually hidden.

Thanks to my Mobile Forensics class students!



Sunday, September 16, 2018

Online Ladder Logic Simulations

Some of you know how much I’m loving being back in the classroom as a Visiting Assistant Professor at the University of Hartford College of Engineering, Technology and Architecture (CETA). I started in January for the spring semester and am fortunate to have been invited back for the fall semester. CETA offers both BS Engineering Technology and BS Engineering degrees with students having the following options:

  • Engineering, with its emphasis on theory, analysis, and design, 
  • Technology, which teaches engineering technology, with an emphasis on hands-on application of theory; or
  • Architecture, with its emphasis on a combination of design and application of theory.
I’ve had the opportunity to teach both Engineering Technology and Engineering courses. In the spring I taught the second half of a digital electronics course. In that course we spent considerable time working with Quartus, an Intel CAD system used to design digital circuits. 

Over the summer I had some time and experimented a bit with PLC Fiddle - a really nice
https://bit.ly/2xsAElk
online ladder logic simulator for testing, training, and code sharing. Using PLC Fiddle I’ve put together a set of logic gate simulations linked hereUsing the simulations the user can turn inputs on and off for various logic gates (AND, OR, NAND, NOR, EXOR and NEXOR) and observe the outputs. Here’s a screen shot of the simulations. 

If you follow the link below the screen shot you'll go to the simluation website where you can turn Input 1 and Input 2 ON and OFF (OFF = Logic 0, ON = Logic 1) by clicking the boxes next to Input 1 and Input 2 in the left hand column. As you change the Inputs, watch how the Output changes for each gate type. 

I’m not teaching a digital course this semester but if you are - feel free to share and use the simulations in your classes. And - if you are a faculty person, current student, former student, already have your AS or AAS degree and want to continue, etc, etc and are interested in an excellent Engineering, Engineering Technology or Architecture BS degree program - I can help connect you with the right people at the University of Hartford. My Hartford email address is gosnyder@hartford.edu You can contact me any time!

Thursday, May 24, 2018

Effective Decision Making


Brian Armstrong, Co-Founder and CEO at Coinbase has a really good post over on Medium titled How we make decisions at Coinbase

In the post, Brian shares a framework developed at Coinbase to make decisions more effectively. I'm impressed with how the organization and operationalization of decisions are built around the company's core values - these include clear communication and efficient execution. I'm not going to lift Brian's entire post but found this chart very interesting.


He then gets into the framework details including setting the parameters, deliberation, and making the decision. His post finishes with a list of failure modes. 

A bad "big" decision will always have long lasting impact on any organization. Letting things fester and trying to cover up makes things even worse - just look at Michigan State as an example. Following the Coinbase framework is one way to try and avoid making them. Be sure to read Brian's full post here.

Wednesday, May 9, 2018

Will Java Survive?


We've been hearing for years about Java's pending demise but...... it lives on. That may be changing though. A couple weeks ago Oracle announced the upcoming end of Java 8 updates. Details:
  • After January 19 public updates for Java SE 8 will not be available for business, commercial, or production use without a commercial license. 
  • However, public updates for Java SE 8 will be available for individual, personal use through at least the end of 2020. 
Previously, Oracle had extended public updates for JDK 8, the development kit for Java SE 8, until at least January 2019, after having originally planned to end them in September. 2018. 

Confused? Here's a little more timeline info:
What does this mean? Software Developer Marc van Woerkom has some interesting questions in a post over on Quora titled Is Java dying soon or not?
  • Will this lead to the end of corporate freeloading and speed up of Java development under the guide of Oracle?
  • Will companies band together and fund development for some free to use for all Java versions?
  • Will the open source crowd pick up development stronger than it does now?
  • Or will some other language benefit? (C#? JavaScript? Elixir? ..)
How about the classroom? In the academic world we've seen growing introductory Computer Science and Computer Engineering course use of high-level scripting languages. These include Python (my favorite right now), JavaScript (different than Java) and RubyArguably, JavaScript probably makes the greatest sense of the three when it comes to employment. Most developers are using JavaScript  along with other languages in their day-to-day work. JavaScript is pretty versatile and works well for front-end web development and is increasingly used for back-end development. It is also being used for game development and Internet of Things (IoT) applications. 

According to a Philip Guo survey taken way back in 2014, Python has overtaken Java as the most popular introductory language of instruction at top US Computer Science programs. That said - Java remains an excellent first year/introductory language for Computer Science and Computer Engineering students. I've always believed that first course depends more on the quality of instruction and not the language de jour...... not going any further there though - that's for another post!

You can download Java SE from the Oracle Technology network.

Sunday, April 29, 2018

New iPad 9.7" with Pencil So Far

Last weekend I picked up one of the new A10 Fusion chip Retina display  9.7" iPads with Apple Pencil support. I was able to get the Apple academic discount ~ educators and students can purchase this iPad starting at $299 (US) and an Apple Pencil for $89 (US). I also picked up a Logitech Slim Folio Bluetooth keyboard and a Hermit Shell pencil case

I've been doing a lot of sample problem video and audio recordings this semester for an AC electronics course. The example videos are best described as applied mathematics problem solutions -  I write and talk through the problems while recording and post them on the web for students to access. Up until last week these recordings were being made using a 10 year old Tablet PC. The Tablet PC worked but the process was a little clunky - Apple adding Pencil support was my initial justification for the purchase. 

Video recording on the new iPad has been a breeze. I'm using the built in recording app on the iPad along with the GoodNotes app - simple and slick. I don't do any editing by choice. My recordings go automatically into Photos on the iPad as mp4's and I just upload them to Google Drive for student access. 

I'm also teaching an Engineering Design course this semester. Students in this class are proposing and building some really cool Arduino based projects. They do a lot of writing in this course and are required to electronically submit all work. Up until last week I was using Word on my MacBook to make document review edits and add comments. Once completed I email the edited document files back to the students. A few days ago I started using the iPad and Pencil to make handwritten edits and add comments to the student Word documents. Once saved I also send these documents back to the students. So far so good.

I purchased a first generation iPad years ago and it got very limited use. The new one has been a completely different experience so far. 

Could an iPad replace my four year old 15 inch MacBook? Not yet but...... substitution is getting closer.

Tuesday, April 24, 2018

20 Gbps - In Your Home - In Your Car - In Your Pocket

Fixed wireless is a term used to define wireless services to the home, often used to provide residential broadband service where fixed broadband service (cable, DSL, etc) is not available. It's just a fancy term for cellular data service to a residence.
Currently LTE (download speeds between 5 and 12 Mbps [Megabits per second] and upload speeds between 2 and 5 Mbps, with peak download speeds approaching 50 Mbps) is used by providers offering fixed wireless service. Some nice bandwidth when you have a good connection...... 
Recently, Verizon announced  the launch of next-generation 5G wireless residential broadband services in three to five U.S. markets in 2018. The first commercial launch is now scheduled in Sacramento, CA, in the second half of 2018. 5G will be  a significant upgrade to LTE services, supporting a theoretical speed up to 20 Gbps with a latency of ~1 ms, enabling providers like Verizon to offer superior broadband access without running fiber-optic cables to the sides of homes. 
The days of fiber to the home (FTTH) products like FiOS are numbered. Full phase 5G rollouts by all major providers should be across the U.S. by 2020. Don't give up on fiber though. Additional backhaul capacity will require lots more fiber. That fiber won't be running directly to homes but will be running to cell towers - both large and small.
5G is coming and going to come quickly. ABI Research, a market-foresight advisory firm providing strategic guidance on the most compelling transformative technologies, forecasts that the global fixed wireless broadband market will grow 30% in 2018 and will generate US$18 billion in service revenue. As 5G fixed wireless broadband access is set to be launched in North America in 2018, it is set to expand and provide consumers with better quality service in the years to come. 
What could you do with 20Gbps in your home, your car, your pocket.....??

Saturday, January 27, 2018

Apple Pay – How Printed Store Receipts are Handled


Diane and I had an interesting couple of transactions. Around the holidays, Diane and I went to one of the big box retail stores and bought her Mom a couple of boxes of disposable heating pads for a sore shoulder. I used the Apple Pay app on my watch to pay for the pads. Last week her Mom let us know she did not need the second box so Diane brought that box back today with the original receipt.

There was some confusion at the store about the credit card number on the original receipt because it did not match either of the two cards Diane and I have. We were concerned the original transaction may have gone on someone else’s card and, with us returning the heating pads and getting credit on one of our cards, we may have gotten ourselves in some kind of trouble.

When Diane got home we looked at our credit card detail and sure enough – the $77.85 we spent on December 27 was listed. So, why was the last four unknown (to us) digits wrong on the original receipt? A little more digging found similar receipts with the same unknown four digit number for Apple Pay purchases.

With a little investigating, we were able to figure out what happened.  When you use Apple pay the card number on the receipt reflects your device ID, not the last 4 digits of your credit card. There is also no name on the receipt – it will be listed as “Contactless”. This way if you drop a receipt and someone picks it up there is no way you can be identified. It has no personal information on it. If you use Apple Pay check it out the next time you buy something using it.

Not having to take may card out of my wallet, no Personally Identifiable Information (PII) on the receipt...... added privacy and security – good stuff!