 |
|
| November 29th, 2018 by Vladimir Katalov |
Health data is among the most important bits of information about a person. Health information is just as sensitive as the person’s passwords – and might be even more sensitive. It is only natural that health information is treated accordingly. Medical facilities are strictly regulated and take every possible security measure to restrict access to your medical records.
Since several versions of iOS, your health information is also stored in Apple smartphones, Apple cloud and various other devices. In theory, this information is accessible to you only. It’s supposedly stored securely and uses strong encryption. But is that really so? What if Apple uploads this data to the cloud? Is it still secure? If not, can we extract it? Let’s try to find out.
Read the rest of this entry »
Tags: Apple Health, iCloud, iOS
Posted in Cryptography, Did you know that...?, Elcom-News | Comments Off on Apple Health Is the Next Big Thing: Health, Cloud and Security
 |
|
| November 29th, 2018 by Oleg Afonin |
Heartrate, sleeping habits, workouts, steps and walking routines are just a few things that come to mind when we speak of Apple Health. Introduced in September 2014 with iOS 8, the Apple Health app is pre-installed on all iPhones. The app makes use of low-energy sensors, constantly collecting information about the user’s physical activities. With optional extra hardware (e.g. Apple Watch), Apple Health can collect significantly more information. In this article we’ll talk about the types of evidence collected by Apple Health, how they are stored and how to extract the data. Read the rest of this entry »
Tags: Apple Health, Elcomsoft Phone Breaker, Elcomsoft Phone Viewer, iCloud, iOS
Posted in Did you know that...?, Elcom-News, Industry News, Tips & Tricks | Comments Off on Extracting Apple Health Data from iCloud
|
|
| November 15th, 2018 by Oleg Afonin |
In today’s usage scenarios, messaging are not entirely about the text. Users exchange pictures and short videos, voice recordings and their current locations. These types of data are an important part of conversation histories; they can be just as valuable evidence as the text content of the chat.
Apple ecosystem offers a built-in messenger, allowing users to exchange iMessages between Apple devices. This built-in messenger is extremely popular among Apple users. Back in 2016, Apple’s Senior VP announced that more than 200,000 iMessages are sent every second.
All current versions of iOS are offering seamless iCloud synchronization for many categories of data. Starting with iOS 11.4, Apple devices can synchronize messages via iCloud. iMessages and text messages can be now stored in the user’s iCloud account and synchronized across all of the user’s devices sharing the same Apple ID. This synchronization works in a similar manner to call logs, iCloud Photo Library or iCloud contacts sync (albeit with somewhat longer delays). However, Apple will not provide neither the messages themselves nor their attachments when fulfilling LE requests or GDPR pullouts. Why is this happening, how to extract messages from iCloud accounts and what kind of evidence we can find in attachments? Read along to find out.
Read the rest of this entry »
Tags: GDPR, iCloud, iMessage, iOS, Messages
Posted in Elcom-News, Tips & Tricks | Comments Off on Messages in iCloud: How to Extract Full Content Including Media Files, Locations and Documents
|
|
| November 15th, 2018 by Vladimir Katalov |
iMessage is undoubtedly one of the most popular instant messaging platforms for an obvious reason: it’s built in to iOS and ships with every iPhone by default. iMessage does not require complex setup, so the number of iMessage users is closely matching the number of iPhone users. Apple sells about 200 million iPhones every year, and the total number of iPhones sold is more than a billion. Unless you absolutely must chat with someone outside of Apple’s ecosystem (like those poor Android folks), you won’t need Skype, WhatsApp or Telegram. It’s also comforting to know that iMessage works everywhere around the world while most other messengers are oppressed in one or more countries.
But what about iMessage security? Is it safe to use if you’re concerned about your privacy? Is there a reason why countries such as China, Iran or Russia block other messengers but keep iMessage going? Is it safe from hackers? What about Law Enforcement? And what about Apple itself? It must have access to your messages to target the ads, right? Is it OK to send those private snapshots or share your location via iMessage?
There is no simple answer, but we’ll do our best to shed some light on that.
Read the rest of this entry »
Tags: iCloud, iMessage
Posted in Did you know that...?, Elcom-News, Security, Tips & Tricks | Comments Off on iMessage Security, Encryption and Attachments
|
|
| November 12th, 2018 by Oleg Afonin |
An update to Google Play Services enables manual Google Drive backup option on many Android handsets. Since Android 6.0, Android has had an online backup solution, allowing Android users back up and restore their device settings and app data from their Google Drive account. Android backups were running on top of Google Play Services; in other words, they were always part of Google Android as opposed to being part of Android Open Source. Unlike iOS with predictable iCloud backups and the manual “Backup now” option, Google’s backup solution behaved inconsistently at best. In our (extensive) tests, we discovered that the first backup would be only made automatically on the second day, while data for most applications would be backed up days, if not weeks after the initial backup. The ability to manually initiate a backup was sorely missing. Read the rest of this entry »
Tags: Android, backup, Google Drive
Posted in General | Comments Off on Google Enables Manual Google Drive Backups on Android Devices
|
|
| October 30th, 2018 by Oleg Afonin |
The iPhone Xs employs a revised version of the OLED panel we’ve seen in last year’s iPhone X. The iPhone Xs Max uses a larger, higher-resolution version of the panel. Both panels feature higher peak brightness compared to the OLED panel Apple used in the iPhone X. While OLED displays are thinner and more power-efficient compared to their IPS counterparts, most OLED displays (including those installed in the iPhone Xs and Xs max) will flicker at lower brightness levels. The screen flickering is particularly visible in low ambient brightness conditions, and may cause eyestrain with sensitive users. The OLED flickering issue is still mostly unheard of by most consumers. In this article we will demystify OLED display flickering and provide a step by step instruction on how to conveniently disable (and re-enable) PWM flickering on iPhone Xs and Xs Max displays to reduce eyestrain. Read the rest of this entry »
Tags: brightness, flickering, iOS 12, iPhone Xs, iPhone Xs Max, PWM
Posted in Did you know that...?, Hardware, Tips & Tricks | Comments Off on iPhone Xs PWM Demystified: How to Reduce Eyestrain by Disabling iPhone Xs and Xs Max Display Flicker
|
|
| October 29th, 2018 by Oleg Afonin |
If you are involved with iOS forensics, you have probably used at least one of these modes. Both DFU and Recovery modes are intended for recovering iPhone and iPad devices from issues if the device becomes unusable, does not boot or has a problem installing an update.
iOS Recovery Mode
In iOS, Recovery mode is a failsafe method allowing users to recover their devices if they become unresponsive. The Recovery mode, also known as “second-stage loader”, boots the device in iBoot (bootloader) mode. iBoot can be used to flash the device with a new OS. iBoot responds to a limited number of commands, and can return some limited information about the device. As iBoot does not load iOS, it also does not carry many iOS restrictions. In particular, iBoot/Recovery mode allows connecting the device to the computer even if USB Restricted Mode was engaged on the device. Read the rest of this entry »
Tags: DFU, iOS Recovery mode
Posted in General | Comments Off on Everything about iOS DFU and Recovery Modes
|
|
| October 4th, 2018 by Oleg Afonin |
Working in a mobile forensic company developing tools for iCloud forensics, logical and physical extraction of iPhone devices, we don’t live another day without being asked if (or “how”) we can help remove iCloud lock from a given iPhone. Without throwing a definite “yes” or “no” (or “just buy this tool”), we’ve decided to gather everything we know about bypassing, resetting and disabling iCloud activation lock on recent Apple devices.
What Is Activation Lock (iCloud Lock)?
Activation Lock, or iCloud Lock, is a feature of Find My iPhone, Apple’s proprietary implementation of a much wider protection system generally referred as Factory Reset Protection (FRP). Factory Reset Protection, or “kill switch”, is regulated in the US via the Smartphone Theft Prevention Act of 2015. The Act requires device manufacturers to feature a so-called “kill switch” allowing legitimate users to remotely wipe and lock devices. The purpose of the kill switch was to discourage smartphone theft by dramatically reducing resale value of stolen devices.
According to Apple, “Activation Lock is a feature that’s designed to prevent anyone else from using your iPhone, iPad, iPod touch, or Apple Watch if it’s ever lost or stolen. Activation Lock is enabled automatically when you turn on Find My iPhone. … Even if you erase your device remotely, Activation Lock can continue to deter anyone from reactivating your device without your permission. All you need to do is keep Find My iPhone turned on, and remember your Apple ID and password.” Read the rest of this entry »
Tags: Activation Lock, iCloud lock, iOS, iPhone Activation Lock, remove iCloud lock, remove iPhone activation lock
Posted in Did you know that...?, General, Security, Tips & Tricks | Comments Off on Everything You Wanted to Know about Activation Lock and iCloud Lock
|
|
| October 1st, 2018 by Oleg Afonin |
There’s still time to register for the upcoming ElcomSoft training program in Vienna! Held in partnership with T3K-Forensics, this three-day training program will cover everything about iOS forensics. Law enforcement and forensic specialists are welcome to sign up! We’ll cover all the bases from seizing and transporting mobile devices to iOS extraction and analysis. We’ll talk about the acquisition workflow and have participants perform logical, physical and cloud extraction of iOS devices. Expect live demonstrations and fully guided hands-on experience obtaining evidence from iOS devices, pulling data from locked iPhones and accessing iCloud for even more evidence.
In this training:
- Mobile acquisition workflow
- Seizing, storing and transporting wireless capable mobile devices
- The challenge of USB Restricted Mode in iOS 11 and iOS 12
- Full-disk encryption, passcode and biometric authentication
- Logical acquisition: extracting encrypted and unencrypted backups; shared files; photos and videos; crash logs; accessing stored passwords
- Logical acquisition of locked devices: locating, extracting and using lockdown records
- Physical acquisition: jailbreaking, imaging the file system, extracting passwords and decrypting the keychain
- Cloud acquisition: synced data; backups; messages; iCloud Keychain (Safari passwords)
Where: Vienna, Austria
Language: English
Dates: 17-19 Oct, 2018
Read the rest of this entry »
Posted in General | Comments Off on iOS Forensics Training in Vienna: 17-19 Oct 2018
|
|
| September 20th, 2018 by Oleg Afonin |
The release of iOS 11.4.1 back in July 2018 introduced USB Restricted Mode, a feature designed to defer passcode cracking tools such as those developed by Cellerbrite and Grayshift. As a reminder, iOS 11.4.1 automatically switches off data connectivity of the Lightning port after one hour since the device was last unlocked, or one hour since the device has been disconnected from a USB accessory or computer. In addition, users could manually disable the USB port by following the S.O.S. mode routine.
iOS 12 takes USB restrictions one step further. According to the new iOS Security guide published by Apple after the release of iOS 12, USB connections are disabled immediately after the device locks if more than three days have passed since the last USB connection, or if the device is in a state when it requires a passcode.
“In addition, on iOS 12 if it’s been more than three days since a USB connection has been established, the device will disallow new USB connections immediately after it locks. This is to increase protection for users that don’t often make use of such connections. USB connections are also disabled whenever the device is in a state where it requires a passcode to re-enable biometric authentication.”
Source: Apple iOS Security, September 2018 Read the rest of this entry »
Tags: Apple, iOS, iOS 12, iPhone, USB Restricted Mode
Posted in Security | Comments Off on iOS 12 Enhances USB Restricted Mode
