TrewMTE Mobile & Technology Exploration: encryption

Saturday, March 26, 2016

iMessage shown to have encryption flaw

Discussion article here: https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html

Apparently, the research has found:

"It took a few months, but they succeeded, targeting phones that were not using the latest operating system on iMessage, which launched in 2011.

"To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.

"Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.

“And we kept doing that,” Green said, “until we had the key.

"With the key, the team was able to retrieve the photo from Apple’s server. If it had been a true attack, the user would not have known.

"To prevent the attack from working, users should update their devices to iOS 9.3. Otherwise, their phones and laptops could still be vulnerable, Green said."

The research report is here: https://isi.jhu.edu/~mgreen/imessage.pdf

Sunday, March 20, 2016

eMMC

Download software here http://www.up48.com/english/download.htm

Frequently data recovery work undertaken is on eMMC (embedded MultiMediaCard) found in a large number of the smartphones and memory sticks etc. on the market. I was asked what tool I would use for working with e.g. eMMC. One tool that is most frequently turned to is Up-n-Up UP828P Ultra Programmer ('P' is the latest version).

The hardware reader which can be found here http://www.up48.com/english/product.htm. It supports the newest types of FLASH, NAND FLASH, SERIAL FLASH, MoviNAND, iNAND , eMMC etc., in addition, the BOOT area of iNAND, eMMC and MoviNAND can be read and written

Also required are the chip adaptors http://www.up48.com/english/adapter.htm.

And if you want to try your hand with iPhone there are adaptors for them too.

Of course, once an image has been acquired soft tools are still needed to read and interpret the data. Chip removal from iPhone (depending upon version involved A6, A8) would be problematical where data are encrypted.

Evidentially, do not experiment with exhibits (seized items) to avoid contaminating or corrupting data on the chip. Instead take the common path to chip exploration and obtain second-hand devices to gain your experience.

The above does not include additional hardware and tools used for the actual chip removals.

Hope this helps.

Mobile Phone Forensic Examination

Greg Smith has over 30 years (1985 to 2016) experience in handling digital and mobile telephone evidence in criminal and civil investigations and providing services to blue-chip clients in the UK. Our unit the DEEU conducts acquisition and harvesting of data from:

SIM/USIM/MMC Cards
Mobile/Smart Phones/Tablets
Satellite/WiFi
Computer Forensics/network

Forensically recovering saved and deleted data using a range of hardware and software tools to obtain or image physical data or download logical data.

Cell Site Analysis investigations and evidence since 1988.

Contact:
The DEEU
Email: trewmte@gmail.com