there's an app for that: digital forensic realities for mobile app evidence, security and...
DESCRIPTION
Attorneys are often shocked at how much deeply probative evidence, both live and deleted, can be data mined from today’s smart phones and tablets. With the surging adoption of mobile apps for communications, commerce, navigation, and other capabilities, new issues with data security and privacy are developing. This session will explore new evidence modalities, relevance, admissibility, and topical issues with mobile apps that impact investigations and litigation.TRANSCRIPT
Mobile Forensics World June 3, 2013
John J. Carney, Esq.
There’s an App for That Digital Forensic Reali6es for Mobile App Evidence,
Security and Privacy
www.youtube.com/watch?v=cdWmIoeLyfc
Generations of App Computing When Generation Companies Languages 1960s Mainframes IBM, Cray Cobol/Fortran 1970s Minicomputers DEC, Wang PL/I, C 1980s Personal Computers Microsoft, Apple C++, VB 1995 Internet Computing Google, Yahoo Java, C#, PHP 2005 Mobile Computing Apple, Google Obj-C, Ruby
Mobile App Evidence Realities ■ “There’s An App for That” ■ App Platforms ■ App Families ■ App Privacy ■ App Data Security ■ App Plug-in Development ■ App Futures
“There’s An App for That”
“Apps are nuggets of magic”
“There’s An App for That”
“There’s An App for That” ■ Small, downloadable chunks of software ■ Access to info in neatly packaged format ■ Simplicity, cheapness, instant gratification ■ Intuitive because rely on phone’s sensors ■ Accelerometers, gyroscopes, inbuilt GPS
■ Don’t need constant connection to Internet ■ Launch faster than PC software ■ Top ten are 43% of usage; top fifty are 61%
Mobile App Platforms
Mobile App Platforms
Mobile App Families
Mobile Apps – Families to Watch ■ Mobile Messaging ■ Mobile Messaging (Retention / Expiration) ■ Personal Navigation (GPS) ■ Payment ■ Social Media ■ Photo Sharing ■ Document Creation ■ Web Mail ■ Productivity ■ Storage/Backup ■ Spyware
Social Media Apps
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Document Creation Apps
Productivity Apps
Smart Phone Apps & App Data
iPhone Personal Navigation Apps
■ Garmin StreetPilot Onboard
■ Magellan RoadMate
■ TomTom App ■ NAVIGON
MobileNavigator ■ Google Maps
■ Nokia Maps ■ CoPilot Live ■ MotionX GPS Drive ■ MapQuest
Navigator ■ TeleNav ■ AT&T Navigator
Android Personal Navigation Apps ■ Google Maps ■ Nokia Maps ■ NAVIGON MobileNavigator ■ CoPilot Live ■ MapQuest Android Nav App ■ TeleNav ■ Waze – Social GPS ■ Sygic GPS Navigation ■ iGO My Way
Web Mail Apps
Smart Phone Apps & App Data
Mobile Messaging Apps
Mobile Messaging Apps • Make That 20 Billion Messages • Popular “SMS Killers” • Use Internet and App Servers • Text Free from Costs & Quotas • Mul6-‐plaPorm for Many Devices • Global to Bypass Country Limits
Mobile Messaging Apps • Evidence Recovery Challenging • Unaware of Exploding Use in US • Subpoena or Court Order Issues • Not Easily Data Mined by Expert • Advanced Decoding & Tools Required to Recover & Produce
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Smart Phone Apps & App Data
Mobile Messaging Apps Expiration / Retention
Mobile Messaging Apps Expiration / Retention
Picture Sharing Apps
Payment Apps
App Privacy “Get It Right From The Start” ■ Privacy Recommendations from the FTC ■ Build Privacy into Apps ■ Practice “Privacy by Design”
■ Limit Information Collected ■ Securely Store What Held ■ Safely Dispose of Information ■ Use App Defaults Users Expect
■ Do Mobile Apps Get It Right?
App Privacy PiOS: Detecting Privacy Leaks in iOS Apps ■ Academics Published Study Using Novel Analysis Tool ■ Tested 1,400 iPhone Apps for Privacy Threats
■ 825 Free Apps Vetted by Apple and Available through AppStore ■ 582 Jailbroken Apps from Cydia (not associated with Apple)
■ Sensitive Information Sources Giving Rise to Privacy Leaks:
App Privacy PiOS: Detecting Privacy Leaks in iOS Apps ■ Did the 1,400 iOS Apps Get It Right?
■ Most Leaks Supply Access to Unique DeviceID Allows Hackers to Create Detailed Profiles of Users’ App Preferences and Usage Patterns
App Data Security Critical Role of Mobile Apps Data Security Protection Required: ■ Personally Identifiable Information (PII) ■ Personal Health Information (PHI) - HIPAA ■ Consumer Personal Nonpublic Information – GLBA ■ Student Records – FERPA ■ Security Credentials ■ Trade Secrets ■ Confidential Information ■ Personal Identity and Reputation
“68% of mobile device owners who have not adopted financial apps are holding back due
to security fears.” – Mobile Banking, Consumer Security PracIces and the Growing Risks to Banks, Research Report, Metaforic, 2012
App Data Security Study and Findings: Sensitive User Data Stored on Mobile Devices ■ 100 Popular Consumer Apps Tested ■ iPhone and Android Platforms ■ Finance, Social Media, Productivity, Retail Apps Segments ■ Download, Install, Populate Apps with Marked Data
■ Username, Password, Private App Data ■ Analyze Mobile Device Forensically for Data Exposure ■ Rate Results on Pass/Warn/Fail System ■ Expert Judgments Based On:
■ Security Best Practices, Likely User Expectations, Quantity and Specific Nature of Data Exposed
App Data Security Study and Findings: Sensitive User Data Stored on Mobile Devices ■ Overall Only 17% of Apps Pass
App Data Security Study and Findings: Sensitive User Data Stored on Mobile Devices ■ 44% of Financial Apps Pass and Are Most Secure ■ 74% of Social Media Apps Fail and Are Least Secure ■ No Social Media Apps Pass App Data Test ■ 4 Social Media Apps Stored Device Passwords in Clear Text ■ Only 3 Productivity Apps Pass ■ 11 Productivity Apps Failing are E-mail Apps ■ No Retail Apps Pass ■ Overall Results:
App Plug-in Development Challenge: Exponential Growth in App Installs
App Plug-in Development Challenge: High Growth in Apps Available
Pure Oxygen Labs, LLC
App Plug-in Development Solution: Examiner Developers in the Field
App Plug-in Development Case Study in App Forensics Development • App Chosen Is “Burner” – Disposable Phone Numbers • Family: Mobile Messaging App – Retention / Expiration • By Ad Hoc Labs, Inc. • TIME Magazine’s Top 10 Apps of 2012 • Featured in Wired and Engadget
Plug-in Development Environment • Goals
• Least Intrusive (Phone Handset Experimentation) • Portable • Standard • Cost Effective
• Windows7 VMware Virtual Machine • Android SDK Emulator Creates Virtual Test Phones
• Supports SMS, Voice, Voice Messages, VOIP • APK App Downloader for Chrome to Download Apps from Google Play
Store • Android Debug Bridge (ADB) to Install Apps • IDE – Vim, Eclipse, Notepad++
Plug-in Decoding and Development • App Decoding Using
• UFED Physical Analyzer • UFED Plug-ins – YAFFS2, Android Content, SmartFat, ExtX • Viewers – SQLite, XML Preference Files, Text • Diff
• Plug-in Development Using • Iron Python Shell
• Method Auto-completion • Browse Loaded Objects
• Iron Python Libraries for Scripting • UFED Plug-in Packager
• Converts Python Script into Plug-in
Plug-in Execution
UFED Physical Analyzer • Physical Memory Acquisition • File System Reconstruction • Plug-in Chain Management
• Automated Plug-in Execution • App Parsing and Object Loading • Reporting, Analytics, Exports
Plug-in Results • Only Passwords Are Encrypted • App Data Stored in SQLite Database Openly & Unprotected • Until Phone Number Expires and App Data Wiped
Lessons • Examiners Can Decode Apps • Examiners Can Author App Plug-ins
Mobile App Futures ■ Wearables ■ Smart Watches
■ Sony SmartWatch – >200 Android Apps Available ■ Pebble Watch – Apps Platform ■ i’m Watch – Android Apps ■ MetaWatch STRATA and FRAME – iOS Apps ■ WIMM One – Android Apps ■ Apple iWatch – iOS Apps (presumably)
Mobile App Futures ■ Wearables ■ Google Glass – Apps Platform is “Glassware”
■ Facebook ■ Twitter ■ Tumblr ■ Evernote ■ Elle Magazine ■ CNN ■ Ice Breaker
Mobile App Futures ■ Quantified Self
■ Uses ■ Fitness – Exercise / Calories / Weight ■ Diagnostics – Sleep / Ultrasound / Heart
■ Devices ■ Smart Phones – Apps like RunKeeper, Endomondo
My Fitness Pro ■ Fitbit ■ Nike+ FuelBand ■ Jawbone UP ■ Zeo, SleepBot – Sleep ■ Polar WearLink – Heart ■ Mobisante, Fraunhofer – Ultrasound
Mobile App Futures It’s All About the Apps – New Vendor Metric?
# Device Profiles Supported # Mobile Apps Supported
Questions & Answers Carney Forensics Cell Phones / Smart Phones
Smart Tablets Computer Forensics
GPS Devices Social Media / Email
Mobile App Litigation Readiness
Sign up for our Newsletter!! www.carneyforensics.com