Posts Tagged ‘Android’

iOS vs. Android: Physical Data Extraction and Data Protection Compared

Friday, October 20th, 2017

Today’s mobile devices are getting increasingly more resistant to physical imaging, mostly due to the use of full-disk encryption. Full-disk encryption makes useless some low-level acquisition techniques of yesterday, which includes JTAG and chip-off.

iOS was using full-disk encryption since the days of iOS 4 released back in 2011, while Android only started enforcing encryption in devices manufactured with Android 6 and newer on board. Today, pretty much any smartphone you can buy new comes with full-disk encryption out of the box. Does this mean that Android smartphones are just resistant to physical imaging as their Apple counterparts, or is Android still a big security mess? Let’s have a look at some protection mechanisms implemented in modern versions of Android that are to prevent unauthorized access to user data, and how these mechanisms may become completely useless in the right circumstances. (more…)

Android 8.0 Oreo: Your Text Messages Are in the Cloud Now

Thursday, September 21st, 2017

In each major Android update, Google improves security on the one hand, and moves a few more things to the cloud on the other. The recently finalized and finally released Android 8.0 Oreo adds one important thing to all devices running the newest build of Google’s OS: the ability to back up SMS text messages into the user’s Google Account.

If you follow our blog, you may recall we’ve already talked about the issue a few months ago. Back in April, we were excited to introduce a new feature to Elcomsoft Cloud Explorer, enabling cloud acquisition of text messages from Google Account. Back then, the feature was limited strictly to Google Pixel and Pixel XL devices running Android 7 Nougat.

The release of Android 8.0 Oreo has finally brought the feature to all devices regardless of make and model, allowing any device to back up and restore SMS text message via the user’s Google Account.

We updated Elcomsoft Cloud Explorer accordingly, enabling support for cloud-based SMS extraction for devices running Android 8. There aren’t many of those yet aside of Google Pixel and Pixel XL devices, but many users of Nexus 5x and 6p have already received the update. More devices will follow. Let’s have a look at how this new feature works. Before we begin, let us first clear the confusion that arises between Android data sync and data backups. (more…)

Android Encryption Demystified

Tuesday, May 23rd, 2017

How many Android handsets are encrypted, and how much protection does Android encryption actually provide? With Android Nougat accounting for roughly 7% of the market, the chance of not being adequately protected is still high for an average Android user.

Android Central published an article titled More Android phones are using encryption and lock screen security than ever before. The author, Andrew Martonik, says: “For devices running Android Nougat, roughly 80% of users are running them fully encrypted. At the same time, about 70% of Nougat devices are using a secure lock screen of some form.”

This information is available directly from Google who shared some security metrics at Google I/O 2017.

“That 80% encryption number isn’t amazingly surprising when you remember that Nougat has full-device encryption turned on by default”, continues Andrew Martonik, “but that number also includes devices that were upgraded from Marshmallow, which didn’t have default encryption. Devices running on Marshmallow have a device encryption rate of just 25%, though, so this is a massive improvement. And the best part about Google’s insistence on default encryption is that eventually older devices will be replaced by those running Nougat or later out of the box, meaning this encryption rate could get very close to 100%.”

So how many Android handsets out there are actually encrypted? Assuming that 0.25 (25%) of Android 6 handsets use encryption, and 0.8 (80%) of Android 7 phones are encrypted, it will be possible to calculate the number of encrypted handsets out of the total number of Android devices.

Let’s have a look at the current Android version distribution chart:

  • Android 5.1.1 and earlier versions: ~62% market share
  • Android 6: 31 (31% market share) * 0.25 = 0.078
  • Android 7: 0.07 (7% market share) * 0.80 = 0.056

(more…)

Extracting WhatsApp Conversations from Android Smartphones

Thursday, February 2nd, 2017

As you may already know, we’ve added Android support to our WhatsApp acquisition tool, Elcomsoft Explorer for WhatsApp. While the updated tool can now extract WhatsApp communication histories directly from Android smartphones with or without root access, how do you actually use it, and how does it work? In this blog post we’ll be looking into the technical detail and learn how to use the tool.

(more…)

Fingerprint Readers in pre-Android 6 Smartphones: A Call for Disaster

Thursday, January 19th, 2017

Back in 2013, Apple has added a fingerprint reader to its then new iPhone 5s. Around that time, OEMs manufacturing Android devices have also started equipping their devices with fingerprint sensors. It turned out that Apple and Android OEMs came to severely different results. In this article, we’ll have a look at fingerprint reader implementations in pre-Marshmallow Android devices and see why they were a terrible idea. (more…)

Our First Book is Officially Out

Monday, October 10th, 2016

Today we are super excited: our first book on mobile forensics just got published! The book is called “Mobile Forensics – Advanced Investigative Strategies”, and is about everything you need to successfully acquire evidence from the widest range of mobile devices. Unlike most other books on this subject, we don’t just throw file names or hex dumps at your face. Instead, we discuss the issues of seizing mobile devices and preserving digital evidence before it reaches the lab; talk about acquisition options available in every case, and help you choose the correct acquisition path to extract evidence with least time and minimal risk.

cover

We used our years of expertise in researching and building forensic tools to help our readers better understand the acquisition process. We aimed our book at specialists with beginner to intermediate knowledge of mobile forensics. We did our best to make it a perfect learning and reference tool.
This book is about strategies and tools. We do believe in tools, but we also believe that even the best tool is useless if you don’t have clear understanding on what you are doing, and why. It’s not just about ElcomSoft products: we talk about a wide range of forensic tools covering most mobile devices.

The book is officially out. You are welcome to get your copy by ordering from PACKT Publishing or Amazon.

Fingerprint Unlock Security: iOS vs. Google Android (Part II)

Monday, June 20th, 2016

Fingerprint Unlock Security: Google Android and Microsoft Hello

Using one’s fingerprint to unlock a mobile device with a touch is fast and convenient. But does it provide sufficient security? More importantly, does biometric unlock provide a level of security comparable to that of the more traditional PIN or passcode? As we found in the first article, Apple has managed to develop a comprehensive fingerprint unlock system that provides just enough security while offering a much greater convenience compared to traditional unlock methods. What’s up with that in the other camp?

01finger

Google Android 4.x through 5.1.1: No Fingerprint API

There is no lack of Android smartphones (but no tablets) that come with integrated fingerprint scanners. Samsung Galaxy S5, S6, S7, Motorola Moto Z, SONY Xperia Z5, LG G5, Huawei Ascend Mate 7 and newer flagships, Meizu Pro 5 and a plethora of other devices are using fingerprint scanners without proper support on the native API level.

(more…)

Fingerprint Unlock Security: iOS vs. Google Android (Part I)

Monday, June 6th, 2016

Biometric approach to unlocking portable electronics has been on the rise since late 2013 when Apple released iPhone 5S. Ever since, manufacturers started adding fingerprint scanners to their devices. In the world of Android, this was frequently done without paying much (if any) attention to actual security. So how do these systems compare?

Apple iOS: Individually Matched Touch ID, Secure Enclave at Work

Apple invented Touch ID to increase the average user security. The idea behind fingerprint unlock is for users who had no passcode at all to use Touch ID. Fingerprint data is stored on the Secure Enclave, and is never transferred to Apple servers or iCloud.

(more…)

Forensic Acquisition: Android

Friday, January 29th, 2016

While here at ElcomSoft we offer a limited range of tools for acquiring Android devices that’s pretty much limited to over-the-air acquisition, we are still often approached with questions when one should use cloud extraction, and when other acquisition methods should be used. In this article, we decided to sum up our experience in acquiring the various Android devices, explaining why we decided to go for a cloud acquisition tool instead of implementing the many physical and logical extraction methods. This article is a general summary of available acquisition methods for the various makes, models, chipsets and OS versions of Android smartphones. The article is not intended to be a technical guide; instead, it’s supposed to give you a heads-up on approaching Android acquisition.

(more…)