Posts Tagged ‘iCloud’

The Screen Time passcode is an optional feature of iOS 12 and 13 that can be used to secure the Content & Privacy Restrictions. Once the password is set, iOS will prompt for the Screen Time passcode if an expert attempts to reset the device backup password (iTunes backup password) in addition to the screen lock passcode. As a result, experts will require two passcodes in order to reset the backup password: the device screen lock passcode and the Screen Time passcode. Since the 4-digit Screen Time passcode is separate to the device lock passcode (the one that is used when locking and unlocking the device), it becomes an extra security layer effectively blocking logical acquisition attempts.

In iOS forensics, cloud extraction is a viable alternative when physical acquisition is not possible. The upcoming release of iOS 13 brings additional security measures that will undoubtedly make physical access even more difficult. While the ability to download iCloud backups has been around for years, the need to supply the user’s login and password followed by two-factor authentication was always a roadblock.

iOS 13 is on the way. While the new mobile OS is still in beta, so far we have not discovered many revolutionary changes in the security department. At the same time, there are quite a few things forensic specialists will need to know about the new iteration of Apple’s mobile operating system. In this article, we’ll be discussing the changes and their meaning for the mobile forensics.

We all know how much important data is stored in modern smartphones, making them an excellent source of evidence. However, data preservation and acquisition are not as easy as they sound. There is no silver bullet or “fire and forget” solutions to solve cases or extract evidence on your behalf. In this article, which is loosely based on our three-day training program, we will describe the proper steps in the proper order to retain and extract as much data from the iPhone as theoretically possible.

If you are familiar with breaking passwords, you already know that different tools and file formats require a very different amount of efforts to break. Breaking a password protecting a RAR archive can take ten times as long as breaking a password to a ZIP archive with the same content, while breaking a Word document saved in Office 2016 can take ten times as long as breaking an Office 2010 document. With solutions for over 300 file formats and encryption algorithms, we still find iTunes backups amazing, and their passwords to be very different from the rest of the crop in some interesting ways. In this article we tried to gather everything we know about iTunes backup passwords to help you break (or reset) their passwords in the most efficient way.

Today’s smartphones and wearable devices collect overwhelming amounts of data about the user’s health. Health information including the user’s daily activities, workouts, medical conditions, body measurements and many other types of information is undoubtedly one of the most sensitive types of data. Yet, smartphone users are lenient to trust this highly sensitive information to other parties. In this research, we’ll figure out how Apple and Google as two major mobile OS manufacturers collect, store, process and secure health data. We’ll analyze Apple Health and Google Fit, research what information they store in the cloud, learn how to extract the data. We’ll also analyze how both companies secure health information and how much of that data is available to third parties.

In Apple’s world, the keychain is one of the core and most secure components of macOS, iOS and its derivatives such as watchOS and tvOS. The keychain is intended to keep the user’s most valuable secrets securely protected. This includes protection for authentication tokens, encryption keys, credit card data and a lot more. End users are mostly familiar with one particular feature of the keychain: the ability to store all kinds of passwords. This includes passwords to Web sites (Safari and third-party Web browsers), mail accounts, social networks, instant messengers, bank accounts and just about everything else. Some records (such as Wi-Fi passwords) are “system-wide”, while other records can be only accessed by their respective apps. iOS 12 further develops password auto-fill, allowing users to utilize passwords they stored in Safari in many third-party apps.

Health data is among the most important bits of information about a person. Health information is just as sensitive as the person’s passwords – and might be even more sensitive. It is only natural that health information is treated accordingly. Medical facilities are strictly regulated and take every possible security measure to restrict access to your medical records.

Heartrate, sleeping habits, workouts, steps and walking routines are just a few things that come to mind when we speak of Apple Health. Introduced in September 2014 with iOS 8, the Apple Health app is pre-installed on all iPhones. The app makes use of low-energy sensors, constantly collecting information about the user’s physical activities. With optional extra hardware (e.g. Apple Watch), Apple Health can collect significantly more information. In this article we’ll talk about the types of evidence collected by Apple Health, how they are stored and how to extract the data. (more…)

In today’s usage scenarios, messaging are not entirely about the text. Users exchange pictures and short videos, voice recordings and their current locations. These types of data are an important part of conversation histories; they can be just as valuable evidence as the text content of the chat.