I have your phone! Do you KNOW what I have?

Lots of my friends and colleagues spend more time staring at their new 3g and 4g devices than they do anything else. Playing with the greatest new app, updating Facebook with that embarrassing photo, texting dinner reservations, getting directions to the dinner reservations, checking to make sure there's money in the account for that dinner reservation...

Now, a lot of people enter the recovery process with very little to their name -- no phone, no car, no home, no family, no dog... But, it seems that no matter what the actual situation, the first purchase most people make when they can purchase anything besides a place to sleep and enough food to fill their belly is a cell phone.

In some ways it's a natural outgrowth of our always on, always connected society. A old timer friend noted the other day how much easier it is today to stay in touch with his sponsees and with his own sponsor. (I wonder how many of my friends remember sitting in a stuffy booth dropping coins into the slot to make a call?)

Anyway, digressions aside, how much do you know about that neat iPhone, Android, Blackberry, or Evo? The iPhone has come under intense scrutiny in the computer forensics/security community because it creates and stores a ton of information and chances are you have no idea it's doing it. For example:

• That photo you just took and posted to Facebook? It probably contains not only the GPS coordinates where you took it, but also the serial number of your device;
• Do you like the mapping app? Every time it closes out it takes a screenshot and stores it;
• Other apps, like email, also have a screenshot taken when they close out;
• What about the ability of the iPhone to "learn" from your typing so it can autocorrect your mistakes? All of that typing is stored and can be retrieved -- think login ids and passwords to your bank. (I would have to get a search warrant or at least explicit written permission from a device owner to put a key logger like this on a regular computer!);
• And that stuff you just deleted? It's still there;
• Your phone is, more or less, just a tiny computer and the bad guys are actively writing code to exploit your device for their own purposes.

That's just the tip of the iceberg. The truth is, if I have physical possession of your phone all bets are off. Whether I'm using a tool for forensics recovery that is vetted for use in a legal setting or a much less expensive tool that will simply let me dump data and then analyze it using other free or cheap software, I own your information.

I don't think anyone is going to give up their phone, but I want to make some suggestions:

1. Remember, if the good guys have a tool to retrieve the information, so do the bad guys and they bad guys are probably more likely to go after your phone than the good guys;
2. Do you lock your phone with a good password? I know it's a pain, but it will at least slow the bad guy down;
3. Record your device serial number somewhere outside of the phone and when it is lost or stolen report the serial number with the report;
4. When your device is lost or stolen get yourself to a computer -- fast -- and change all of your passwords;
5. Unless you absolutely feel compelled to do so don't access your bank or any other sensitive site using the phone.
   

Just remember, if I have it I probably have pictures of the login screen to your bank and probably your account number. I also have records of the keystrokes you used to login, including your password and the answers to any "security questions" you are asked. Also, if the phone is stolen and later seized in a criminal case the information on it could be traced back to you. You need to be able to prove when it was stolen or lost. In a pinch with a lost phone ask your insurance company if they will at least take a report of the loss with the serial number in case you need proof later.

This is not supposed to be an exhaustive account and it's not. The details also are specific to the iPhone. I want to point out, however, that similar risks exist, may exist, or will exist on other 3g/4g devices. My intent here is to help my friends be aware of what these risks are so they can better protect themselves. We are still in the early stages of development as far as these micro devices are concerned and the changes are coming at us "fast and furious."

Whether it's a "mini-Mac" operating system, a Linux-based OS or something else running the device we can't live without, we're in Huxley's brave new world and some of the players aren't very nice. Not very nice at all.

Get an attitude, damn it!

A couple of things have given me a lot of food for thought this week. First, a normally quiet, reserved old timer who always has a smile on his face let go in a men's meeting with a no nonsense declaration to anyone waffling on the program. The second occurred in a meeting focusing on newcomers.

In the first, the old timer basically said that if all anyone wants is to sit in a meeting like a namby-pamby and toss out "feel good" comments he's just fooling himself. He said you need to get an attitude!

Hell, I used to have plenty of attitude, with a John Wayne swagger to match. That was my "show the world" persona where the motto was "f*** 'em if they can't take a joke" and "don't let the bastards get you down!"

Sure, I was just hiding the guy I didn't want anyone to know, a guy who didn't trust anyone or anything with what was inside. Hell, my own father hadn't wanted anything to do with me growing up, why would anyone else? And growing up in a family with three generations of women in the house and no other guys around, well, I guess I was fortunate to choose examples of how to be a guy from decent movie characters portrayed by actors like Wayne and Jimmy Stewart! (With a little Cagney thrown in.)

But, it turns out, that attitude wasn't too, terribly far from the attitude the old timer was talking about. He said that when he was still a newcomer an old broad (his words) had come up to him and told him straight up to get an attitude. He asked her what she meant and she said, "Boy, plant your feet, stare 'em in the eyes, spit and shout out 'dammit, I'm going to stay sober!' "

In other words, you've got to want sobriety, to be free, with every fiber of strength and energy you've got. If you don't grasp hold of the solution that's been given you and refuse to let anyone or anything take it away from you then you just won't get it.

I can buy that. When I came to the program before I wanted to want to get sober. I went to meetings, but I refused to take the program and make it mine! I lost.

The second instance happened when we focused a meeting on several newcomers, one of whom was coming back after going back out for a long time after a serious amount of time in recovery. He hurt. You could see it from 10 miles away. I remembered feeling the pain I saw on his face and in every move he made.

One of the other men in the meeting, when it was his turn to share, welcomed him back and said that when he saw the man come in he said a prayer of thanks to God because he had been afraid J. would never make it back. They had originally come to the program pretty close together. One stayed, the other didn't. And my friend shared that when he was still a newcomer the man who was his sponsor for 20 years until his death told him, "T. some of us will die so that the rest of us will know that it's possible." Every hair on my body stood up when he said that, because I knew that he could be talking about me -- yesterday.

Today, I'm not going to be a martyr on the altar of alcohol. I have my damn attitude!