There's an App for That: Digital Forensic Realities for Mobile App Evidence, Security and Privacy


Published on

Attorneys are often shocked at how much deeply probative evidence, both live and deleted, can be data mined from today’s smart phones and tablets. With the surging adoption of mobile apps for communications, commerce, navigation, and other capabilities, new issues with data security and privacy are developing. This session will explore new evidence modalities, relevance, admissibility, and topical issues with mobile apps that impact investigations and litigation.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

There's an App for That: Digital Forensic Realities for Mobile App Evidence, Security and Privacy

  1. 1. Mobile  Forensics  World    June  3,  2013  John  J.  Carney,  Esq.  There’s  an  App  for  That      Digital  Forensic  Reali6es  for  Mobile  App  Evidence,  Security  and  Privacy  
  2. 2.  
  3. 3. Generations of App ComputingWhen Generation Companies Languages1960s Mainframes IBM, Cray Cobol/Fortran1970s Minicomputers DEC, Wang PL/I, C1980s Personal Computers Microsoft, Apple C++, VB1995 Internet Computing Google, Yahoo Java, C#, PHP2005 Mobile Computing Apple, Google Obj-C, Ruby
  4. 4. Mobile App Evidence Realities■  “There’s An App for That”■  App Platforms■  App Families■  App Privacy■  App Data Security■  App Plug-in Development■  App Futures
  5. 5. “There’s An App for That”“Apps are nuggets of magic”
  6. 6. “There’s An App for That”
  7. 7. “There’s An App for That”■  Small, downloadable chunks of software■  Access to info in neatly packaged format■  Simplicity, cheapness, instant gratification■  Intuitive because rely on phone’s sensors■  Accelerometers, gyroscopes, inbuilt GPS■  Don’t need constant connection to Internet■  Launch faster than PC software■  Top ten are 43% of usage; top fifty are 61%
  8. 8. Mobile App Platforms
  9. 9. Mobile App Platforms
  10. 10. Mobile App Families
  11. 11. Mobile Apps – Families to Watch■  Mobile Messaging■  Mobile Messaging (Retention / Expiration)■  Personal Navigation (GPS)■  Payment■  Social Media■  Photo Sharing■  Document Creation■  Web Mail■  Productivity■  Storage/Backup■  Spyware
  12. 12. Social Media Apps
  13. 13. Smart Phone Apps & App Data
  14. 14. Smart Phone Apps & App Data
  15. 15. Document Creation Apps
  16. 16. Productivity Apps
  17. 17. Smart Phone Apps & App Data
  18. 18. iPhone Personal Navigation Apps■  Garmin StreetPilotOnboard■  MagellanRoadMate■  TomTom App■  NAVIGONMobileNavigator■  Google Maps■  Nokia Maps■  CoPilot Live■  MotionX GPS Drive■  MapQuestNavigator■  TeleNav■  AT&T Navigator
  19. 19. Android Personal Navigation Apps■  Google Maps■  Nokia Maps■  NAVIGON MobileNavigator■  CoPilot Live■  MapQuest Android Nav App■  TeleNav■  Waze – Social GPS■  Sygic GPS Navigation■  iGO My Way
  20. 20. Web Mail Apps
  21. 21. Smart Phone Apps & App Data
  22. 22. Mobile Messaging Apps
  23. 23. Mobile Messaging Apps•  Make  That  20  Billion  Messages  •  Popular  “SMS  Killers”  •  Use  Internet  and  App  Servers  •  Text  Free  from  Costs  &  Quotas  •  Mul6-­‐plaPorm  for  Many  Devices  •  Global  to  Bypass  Country  Limits  
  24. 24. Mobile Messaging Apps•  Evidence  Recovery  Challenging  •  Unaware  of  Exploding  Use  in  US  •  Subpoena  or  Court  Order  Issues  •  Not  Easily  Data  Mined  by  Expert  •  Advanced  Decoding  &  Tools  Required  to  Recover  &  Produce  
  25. 25. Smart Phone Apps & App Data
  26. 26. Smart Phone Apps & App Data
  27. 27. Smart Phone Apps & App Data
  28. 28. Smart Phone Apps & App Data
  29. 29. Smart Phone Apps & App Data
  30. 30. Smart Phone Apps & App Data
  31. 31. Smart Phone Apps & App Data
  32. 32. Mobile Messaging AppsExpiration / Retention
  33. 33. Mobile Messaging AppsExpiration / Retention
  34. 34. Picture Sharing Apps
  35. 35. Payment Apps
  36. 36. App Privacy“Get It Right From The Start”■  Privacy Recommendations from the FTC■  Build Privacy into Apps■  Practice “Privacy by Design”■  Limit Information Collected■  Securely Store What Held■  Safely Dispose of Information■  Use App Defaults Users Expect■  Do Mobile Apps Get It Right?
  37. 37. App PrivacyPiOS: Detecting Privacy Leaks in iOS Apps■  Academics Published Study Using Novel Analysis Tool■  Tested 1,400 iPhone Apps for Privacy Threats■  825 Free Apps Vetted by Apple and Available through AppStore■  582 Jailbroken Apps from Cydia (not associated with Apple)■  Sensitive Information Sources Giving Rise to Privacy Leaks:
  38. 38. App PrivacyPiOS: Detecting Privacy Leaks in iOS Apps■  Did the 1,400 iOS Apps Get It Right?■  Most Leaks Supply Access to Unique DeviceID Allows Hackers to CreateDetailed Profiles of Users’ App Preferences and Usage Patterns
  39. 39. App Data SecurityCritical Role of Mobile Apps Data SecurityProtection Required:■  Personally Identifiable Information (PII)■  Personal Health Information (PHI) - HIPAA■  Consumer Personal Nonpublic Information – GLBA■  Student Records – FERPA■  Security Credentials■  Trade Secrets■  Confidential Information■  Personal Identity and Reputation“68%  of  mobile  device  owners  who  have  not  adopted      financial  apps  are  holding  back  due  to  security  fears.”  –  Mobile  Banking,  Consumer  Security  PracIces  and  the  Growing  Risks  to        Banks,  Research  Report,  Metaforic,  2012  
  40. 40. App Data SecurityStudy and Findings: Sensitive User Data Stored on Mobile Devices■  100 Popular Consumer Apps Tested■  iPhone and Android Platforms■  Finance, Social Media, Productivity, Retail Apps Segments■  Download, Install, Populate Apps with Marked Data■  Username, Password, Private App Data■  Analyze Mobile Device Forensically for Data Exposure■  Rate Results on Pass/Warn/Fail System■  Expert Judgments Based On:■  Security Best Practices, Likely User Expectations, Quantity and SpecificNature of Data Exposed
  41. 41. App Data SecurityStudy and Findings: Sensitive User Data Stored on Mobile Devices■  Overall Only 17% of Apps Pass
  42. 42. App Data SecurityStudy and Findings: Sensitive User Data Stored on Mobile Devices■  44% of Financial Apps Pass and Are Most Secure■  74% of Social Media Apps Fail and Are Least Secure■  No Social Media Apps Pass App Data Test■  4 Social Media Apps Stored Device Passwords in Clear Text■  Only 3 Productivity Apps Pass■  11 Productivity Apps Failing are E-mail Apps■  No Retail Apps Pass■  OverallResults:
  43. 43. App Plug-in DevelopmentChallenge: Exponential Growth in App Installs
  44. 44. App Plug-in DevelopmentChallenge: High Growth in Apps AvailablePure Oxygen Labs, LLC
  45. 45. App Plug-in DevelopmentSolution: Examiner Developers in the Field
  46. 46. App Plug-in DevelopmentCase Study in App Forensics Development•  App Chosen Is “Burner” – Disposable Phone Numbers•  Family: Mobile Messaging App – Retention / Expiration•  By Ad Hoc Labs, Inc.•  TIME Magazine’s Top 10 Apps of 2012•  Featured in Wired and Engadget
  47. 47. Plug-in Development Environment•  Goals•  Least Intrusive (Phone Handset Experimentation)•  Portable•  Standard•  Cost Effective•  Windows7 VMware Virtual Machine•  Android SDK Emulator Creates Virtual Test Phones•  Supports SMS, Voice, Voice Messages, VOIP•  APK App Downloader for Chrome to Download Apps from Google PlayStore•  Android Debug Bridge (ADB) to Install Apps•  IDE – Vim, Eclipse, Notepad++
  48. 48. Plug-in Decoding and Development•  App Decoding Using•  UFED Physical Analyzer•  UFED Plug-ins – YAFFS2, Android Content, SmartFat, ExtX•  Viewers – SQLite, XML Preference Files, Text•  Diff•  Plug-in Development Using•  Iron Python Shell•  Method Auto-completion•  Browse Loaded Objects•  Iron Python Libraries for Scripting•  UFED Plug-in Packager•  Converts Python Script into Plug-in
  49. 49. Plug-in ExecutionUFED Physical Analyzer•  Physical Memory Acquisition•  File System Reconstruction•  Plug-in Chain Management•  Automated Plug-in Execution•  App Parsing and Object Loading•  Reporting, Analytics, Exports
  50. 50. Plug-in Results•  Only Passwords Are Encrypted•  App Data Stored in SQLite Database Openly & Unprotected•  Until Phone Number Expires and App Data WipedLessons•  Examiners Can Decode Apps•  Examiners Can Author App Plug-ins
  51. 51. Mobile App Futures■ Wearables■  Smart Watches■ Sony SmartWatch – >200 Android Apps Available■ Pebble Watch – Apps Platform■ i’m Watch – Android Apps■ MetaWatch STRATA and FRAME – iOS Apps■ WIMM One – Android Apps■ Apple iWatch – iOS Apps (presumably)
  52. 52. Mobile App Futures■  Wearables■  Google Glass – Apps Platform is “Glassware”■ Facebook■ Twitter■ Tumblr■ Evernote■ Elle Magazine■ CNN■ Ice Breaker
  53. 53. Mobile App Futures■  Quantified Self■  Uses■  Fitness – Exercise / Calories / Weight■  Diagnostics – Sleep / Ultrasound / Heart■  Devices■  Smart Phones – Apps like RunKeeper, EndomondoMy Fitness Pro■  Fitbit■  Nike+ FuelBand■  Jawbone UP■  Zeo, SleepBot – Sleep■  Polar WearLink – Heart■  Mobisante, Fraunhofer – Ultrasound
  54. 54. Mobile App FuturesIt’s All About the Apps – New Vendor Metric?# Device Profiles Supported# Mobile Apps Supported
  55. 55. Questions & AnswersCarney ForensicsCell Phones / Smart PhonesSmart TabletsComputer ForensicsGPS DevicesSocial Media / EmailMobile App Litigation ReadinessSign up for our Newsletter!!