Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
1. Mobile, IoT, Clouds…
It’s time to hire a Risk Manager!
YURY CHEMERKIN
MULTI-SKILLED SECURITY EXPERT
CJSC ADVANCED MONITORING
2. YURY CHEMERKIN
I have ten+ years of experience in information
security. I‘m a multi-skilled security expert on
security & compliance and mainly focused on
privacy and leakage showdown. Key activity
fields are EMM and Mobile &, Cloud
Computing, IAM, Forensics & Compliance.
I published many papers on mobile and cloud
security, regularly appears at conferences such
as CyberCrimeForum, HackerHalted, DefCamp,
NullCon, OWASP, CONFidence, Hacktivity,
Hackfest, DeepSec Intelligence, HackMiami,
NotaCon, BalcCon, Intelligence-Sec, InfoSec
NetSysAdmins, etc.
LINKEDIN:
HTTPS://WWW.LINKEDIN.COM/IN/YURYCHEMERKIN
TWITTER: @YURYCHEMERKIN
EMAIL: YURY.S@CHEMERKIN.COM
13. APPLE WATCH
MITM
The Apple Watch Series communicates via Bluetooth with the owner’s iPhone. If
this is not available via Bluetooth, Wi-Fi is used for synchronization to Apple
servers and the iPhone.
Online communication (over Wi-Fi)
[iPhone apps iCloud] – prevents MITM, SSL Pinning
[Apple Watch iCloud] – prevents MITM , SSL Pinning
No way to install SSL to Apple Watch
14. APPLE WATCH
BREAKING THE LOCKSCREEN
Remove the Passcode Using Your iPhone
Go to a “Settings->General->Reset”
“Erase Apple Watch Content & Settings”
“Keep Plan” if iWatch has a Cellular Plan
Otherwise just “Erase All Content & Settings”
Pair it again
15. APPLE WATCH
BREAKING THE LOCKSCREEN
Removing Your Passcode Without an iPhone
Power Menu Press & hold the side button
Instead of sliding "Power Off", press on it
Tap "Erase all content and settings,"
Tap the green checkmark to confirm
Pair it again
16. APPLE WATCH
BREAKING THE LOCKSCREEN
Unpair iWatch via Apple Watch app & Apple Password
Keep your Apple Watch and iPhone close together.
Open the Apple Watch app on iPhone
Tap “My Watch tab”, “iWatch name”, “Unpair Apple Watch”
Press “Keep Plan” for a cellular iWatches
Enter your Apple ID password and tap confirm
17. APPLE WATCH
JAILBREAKS
Jailbreaks for USB
Apple Watch series 1- 4 & watchOS 5 – no jailbreak
watchOS 4.0 - 4.1
v0rtex jailbreak for developers only
https://github.com/tihmstar/jelbrekTime
Apple Watch series 1- 2 & watchOS 3.0 – 3.2.3
OverCl0ck jailbreak – still in development
https://github.com/PsychoTea/OverCl0ck
Jail & Bluetooth Connection over SSH
https://speakerdeck.com/mbazaliy/jailbreaking-apple-watch
18. APPLE WATCH - BACKUP
/mobile/Library/DeviceRegistry.state
/properties.bin
Binary Plist File – Contains Paired Apple
Watch Specifics incl: Watch Name, Make,
Model, OS, GUID
Synced Data Path with GUID, date, local
Serial Number, UDID, WiFi MAC, SEID
(Secure Element ID), Bluetooth MAC
19. APPLE WATCH - BACKUP
Plist contained installed apps on Apple
Watch (2 places)
/mobile/Library/DeviceRegistry/<GUID>/Na
noPreferencesSync/NanoDomains/com.apple.C
arousel
/mobile/Library/DeviceRegistry/<GUID>
Example:
/mobile/Library/DeviceRegistry/<GUID>/
AddressBook/
20. APPLE WATCH
BACKUP
Email -
/mobile/Library/DeviceRegistry/<
GUID>/NanoMail/registry.sqlite
Voicemails -
/mobile/Library/DeviceRegistry/<
GUID>/PreferencesSync/NanoDo
mains/com.apple.mobilephone
Records containing Phone
Numbers and paths to synced
voicemail files
22. APPLE WATCH – BACKUP
APPLE HEALTH
Encrypted (.hfd) in password-protected
/ encrypted backups only
No data out of non-encrypted backup
Export in raw/plaintext
But take a time, we will back to Health
app soon
25. APPLE WATCH
SUMMARY
Apple Watch communicates via Bluetooth or Wi-Fi if BT is not available
Online communication (over Wi-Fi)
[iPhone apps iCloud] – prevents MITM, SSL Pinning
[Apple Watch iCloud] – prevents MITM , SSL Pinning
No way to install SSL to Apple Watch
Local data
Not many but jailbreaks are available
Backup still works to access the data
Wallet contains booking, card and other info
Apple Health app
Contains a lot of medical user data
Encrypted if backup is password-protected and out of backup otherwise
Contains non-encrypted basic medical user data and list of app-sources
29. ANDROID WATCH
IMAGING A SMARTWATCH DEVICE
The ADB tool should be used to image and explore the Android
smartwatch.
The dd command, dd if=/dev/block/mmcblk0p12
of=/sdcard/tmp.image can be used to copy the entire device to an
inserted SD card.
If time is a factor, investigators can copy specific directories by utilizing
the following commands:
DD if = /dev/block/mmcblk0p12/data of = /storage/extSdCard/data.dd
DD if = /dev/block/mmcblk0p8/cache of = /storage/extSdCard/cache.dd
DD if = /dev/block/mmcblk0p3/efs of = /storage/extSdCard/efs.dd
DD if = /dev/block/mmcblk0p09/system of = /storage/extSdCard/system.dd
30. ANDROID WATCH
BREACHING A LOCK SCREEN
Google account credentials is known remote unlock of connected watches via Google’s
Android Device Manager
Deleting / altering the gesture.key & settings.db files to remove the lock screen entirely
adb.exe shell; cd /data/system; rm gesture.key
The “settings.db” file contains system settings and can cause system wide changes if modified
update system set value =0
Flashing a modified ROM / a reboot in safe mode - to leverage a third-party lock screen
Utilize adbkey and adbkey.pub files from other computers that have been previously
synchronized with the examined device to create a trust relationship with a new device
/.android/<ADB keys> - those files are an SSH key-pair that allow me to mark my
computer as "trusted" to my phone.
Copy of ADB keys stored on synchronized devices in users/<user name>/.android
folders
32. ANDROID WATCH
WEAR OS
Tizen OS - Samsung
Android Wear OS
Asus Zenwatch, Huawei Watch, LG
Watch and many other
Many root tools & images for
Android Wear up to 2.0
Lack of tools for 2.1 and beyond
Wear app to access data
Android Wear Version Android base version Release date
4.4W1 4.4 June 2014
4.4W2 4.4 October 2014
1.0 5.0.1 December 2014
1.1 5.1.1 May 2015
1.3 5.1.1 August 2015
1.4 6.0.1 February 2016
1.5 6.0.1 June 2016
2.0 7.1.1 Feb 2017
2.6 7.1.1 Nov 2017
2.6 7.1.1/8.0.0 Dec 2017
2.7 7.1.1/8.0.0 Dec 2017
2.8 7.1.1/8.0.0 Jan 2018
2.9 7.1.1/8.0.0 Feb 2018
Wear OS Version Android base version Release date
1.0 7.1.1/8.0.0 Mar 2018
1.1 7.1.1/8.0.0 April 2018
1.2 7.1.1/8.0.0 May 2018
1.3 7.1.1/8.0.0 June 2018
1.4 7.1.1/8.0.0 July 2018
1.5 7.1.1/8.0.0 August 2018
1.6 7.1.1/8.0.0 September 2018
1.7 7.1.1/8.0.0 October 2018
2.0 7.1.1/8.0.0 August 2018
2.1 7.1.1/9.0.0 September 2018
33. ANDROID WATCHES
SAMSUNG GEAR – ALL OF THEM (TIZEN)
Tizen OS, Bluetooth, USB, No Wi-Fi, Optional Password
Protection
#1 Gain root:
turn on SDB ‘Smart Development Bridge‘,
find a ROM, uses Odin,
reboot to ‘download’ mode – hold down the main button through the
turn off prompt
Sdb shell, sdb root
34. ANDROID WATCHES
SAMSUNG GEAR – ALL OF THEM
#2 Get Data as an image:
Requires root (see step #1)
Use anything to image the watches, like a Toybox http://landley.net/toybox/
adb push toybox /sdcard/download
adb shell; su
mv /sdcard/download/toybox /dev/
chown root:root toybox;
chmod 755 toybox
cd /dev/block/platform/msm_sdcc; ls -al by-name
/* image partition with dd and pipe to netcat, -L puts netcat in listening mode */
dd if=/dev/block/mmcblk0p21 | ./toybox nc -L
/* Port number being listened to on the watch displayed for user */
44477 port displayed
adb forward tcp:44867 tcp:44867
/* Send request to watch on port number 44867 and send it to image file */
nc 127.0.0.1 44867 > Samsung.IMG
Here is a user partition
35. ANDROID WATCHES
SAMSUNG GEAR – ALL OF THEM
#3 Results:
Messages - apps.com.samsung.message.data.dbspace/msg-
consumer-server.db
Health/Fitness Data - apps.com.samsung.shealth/shealth.db
Email - apps.com.samsung.wemail.data.dbspace/wemail.db
Contacts/Address book - dbspace/contacts-svc.db
36. ANDROID WATCHES
LG WATCH – ALL OF THEM
Android Wear, USB, Bluetooth, No Wi-Fi
#1. Gain Root: Turn on ADB, use LG G Watch Restore Tools, reboot to
bootloader & unlock it, and push image
adb reboot-bootloader
fastboot oem unlock
adb push <SuperSU>.zip /sdcard/download
adb reboot-bootloader
fastboot boot <twrp>.img
Install <SuperSu>.zip, wait for reboot
37. ANDROID WATCHES
LG WATCH – ALL OF THEM
#2 Get Data as an image:
Requires root (see step #1)
Use anything to image the watches, like a Toybox http://landley.net/toybox/
adb push toybox /sdcard/download
adb shell; su
mv /sdcard/download/toybox /dev/
chown root:root toybox;
chmod 755 toybox
cd /dev/block/platform/msm_sdcc; ls -al by-name
/* image partition with dd and pipe to netcat, -L puts netcat in listening mode */
dd if=/dev/block/mmcblk0p21 | ./toybox nc -L
/* Port number being listened to on the watch displayed for user */
44477 port displayed
adb forward tcp:44867 tcp:44867
/* Send request to watch on port number 44867 and send it to image file */
nc 127.0.0.1 44867 > LG.img
Here is a user partition
38. ANDROID WATCHES
LG WATCH – ALL OF THEM
Results:
Events/Notifications -
data.com.android.providers.calendar.databases/calendar.db
Contacts/Address book -
data.com.android.providers.contacts.databases/contacts2.db
Health/Fitness Data -
data.com.google.android.apps.fitness.databases/pedometer.db
39. ANDROID WATCHES
ANDROID WEAR
Mobile device paired with all watches in this app
/com.samsung.android.app.watchmanager
/auto_update.xml - a timestamp of the day the Samsung Gear was last
updated.
/com.samsung.android.app.watchmanagerstub/shared
preferences/hmonlinehelppref.xml
/data/com.google.android.wearable.app/databases/devices.db
list of devices using Android wear which listed the LG G Watch.
42. ANDROID WATCH
SUMMARY
Forensics
No forensics tools are NOT available for devices, such as Elcomsoft, Cellebrite
Forensics techniques are still available for devices
Forensics of wear-apps works too but no many useful data
Known techniques of breaking Android screenlock works
OS
Tizen OS - Samsung
Android Wear OS - Asus Zenwatch, Huawei Watch, LG Watch and many other
Root & Recovery
Many root tools & images for Android Wear up to 2.0
Lack of tools for 2.1 and beyond
SDB, ADB, Fastbook, OEM Unlock
Data
Contacts, Fitness, Health, Email – in the device
43.
44. HUAWEI WEAR & HONOR BAND 3-9C7
• Фотки браслета и приложения (ссылки на магазины)
• Картинки на списки в круглые формы вставить??
45. FITNESS TRACKERS
HUAWEI WEAR. HONOR BAND 3-9C7
Device Mac Address & Crash log: DevInfo, debug info - /Documents/hms/oclog/<crash>,<log>
Last Wear’s values: sleep (many params), wakeup (many params), distance (steps, ride, climb,…), heart rate,
calories
Firmware: Path to locally stored firmware, URL to download firmware (HTTP !!! ), Change log, Options
Geo: Speed, Timestamp, Longitude, Latitude, Distance, Course, Duration, Altitude
User Info: Picture, Name, Birthday, Height, Weight, Gender, Age
Account Details: UDID, Security Token, UserID, SessionID
Bluetooth Keys
48. HUAWEI WEAR: FIRMWARE
/DOCUMENTS/<*.ARCHIVER> FILES
<string>
{"fireWareMd5":"33E44F1B02292C8B9D00A5DEB91B72AB","firmwareDownloadFilePath":
"Nyx_1.5.35.bin.apk","identify":"38:37:8B:B8:C9:C7","firmWareSize":1410023,"deviceTyp
e":13,"workMode":2,"forceUpdateFlag":false,"netFirwareVersion":"1.5.35",
"firmwareLocalPath":"/var/mobile/Containers/Data/Application/9B666199-342F-4897-
9577-59B68F5CF40F/Documents/DownloadData/dfu_image_OTA.dfu_Nyx",
"changeLogContent":"[Optimizations]nOptimizes calorie counting accuracy while
swimming.nFixes an issue where exercise sessions would suddenly exit due to accidental
touches.nFixes an issue where fitness data would be occasionally cleared.nOptimizes the
TrusleepTM data syncing speed on IOS.n[Notes]n1. New features require that Huawei
Health APP is updated to version 8.0.1.302 or later for IOS, and 8.0.2.327 or later for
Android.n2. Before updating, make sure the band is charged to at least 20%.n","status":1,
"baseURL":"http://update.hicloud.com:8180/TDS/data/files/p7/s131/G3533/g3039/v1
55123/f1/"}
</string>
52. HUAWEI WEAR: PERSONAL DETAILS
/DOCUMENTS/<WEAR*.DB> FILES
User goals
Device details
User measures
m_7_DataSourceTable_temp_user
m_7_FitnessMergedDataTable_temp_user
m_14_FineSleepDayMergeTable_temp_user
m_7_MotionGoalTable_temp_user
53. HUAWEI WEAR: PERSONAL DETAILS
/DOCUMENTS/<WEAR*.DB> FILES
User measures
m_14_HeartRateByDay_temp_user
m_14_SportDataByDay_temp_user
m_133_MotionPathDetail_temp_user
m_7_MotionGoalTable_temp_user
54. HUAWEI WEAR: PERSONAL DETAILS
/DOCUMENTS/<WEAR*.DB> FILES
User measures
m_133_SingleMovementStatistic_temp_user
m_133_SingleMovement_temp_user
55. HUAWEI HONOR
SUMMARY
Local data
Credentials is protected
Personal and medical info – plaintext / as it
Communication
Local – encrypted
Online – SSL Pinning for all possible connections, registration,
login and synchronization
56.
57. XIAOMI MI BAND 2 & MI FIT
Online communication
AWS storages in Ireland (EU) mainly, secondary US
TLS 1.2, No SSL Pinning
Local data
Action Log with details incl. URLs
https://api-mifit.huawei.com/v1/user/manualData.json?r=f8a9d00c3433&t=1512648130831
https://api-
mifit.huawei.com/users/70000054661/heartRate?r=f8a9d00c3433&t=1512648130848
https://api-mifit.huawei.com/v1/data/band_data.json?r=f8a9d00c3433&t=1512648130805
62. FITNESS TRACKERS
SUMMARY AMONG TRACKERS & APPS
Local data
Credentials is usually protected
Personal and medical info – plaintext / as it
Communication
Local – encrypted
Online – SSL Pinning for all possible connections
66. HEALTHCARE
APPLE HEALTH
Valuable data encrypted and no public cracks is known
Small amount of data not encrypted in backup
List of app-sources (look here for non-encrypted original data)
However, secure built-in app-aggregator does not mean other app is a
secure in the same way ofc not
67. APPLE HEALTH
WHERE TO FIND DATA?
HealthDomainMedicalIDMedicalIDData.archive
HealthDomainHealthhealthdb.sqlite
HealthDomainHealthhealthdb_secure.sqlite
HealthDomainHealthhealthdb_secure.hfd
Exported Raw Data – any place chosen by user
68. APPLE HEALTH
DATA IN DETAILS
Name, User Pic, height (in cm), and mass (in kg)
Geo Tracking (Mainland/City), iOS version
Device Info: UDID, Name, Last connection time
Date of birth, sex, blood group, skin type, height (in cm), and mass (in kg)
Medical implants
72. APPLE HEALTH
RAW EXPORT
Recorded by the any Apple Devices & accessed through the Health App.
Detailed activity log with timestamps
Data can be exported in .xml file format without encryption (!) and
even without encrypting of zip file
Extracted data can be stored anywhere
73. APPLE HEALTH - RAW EXPORT
PERSONAL, FITNESS, MEDICAL INFO
Date of birth, sex, blood group, skin type, height (in cm), and mass (in kg)
Heart rate data (in count/min) or beats-per-minute (BPM)
Steps, distance covered (in km), active energy burned (in kJ), and exercise time (in mins)
Blood Pressure Diastolic, Systolic
The exact activity log time (creationDate), and activity start and end times (startDate, endDate)
XML Parser (Free): https://github.com/tdda/applehealthdata
77. HEALTHCARE
SUMMARY
Apple Health App is good protected
Basic info - Date of birth, sex, blood group, skin type,
height (in cm), and mass (in kg)
Exported data is not protected at all
List of app sources & these app’s data is not
protected well
78. PICOOC MINI (BT) –
BODY COMPOSITION SMART SCALE
• Vertical fat index, body fat
Fat indexes
• Body weight, bone mass, muscle, skeletal muscle
Mass
• BMR, body water, protein, Metabolic Age
Productivity
• Tracking changes, charts, reports
Delta
79. PICOOC MINI (BT) –
BODY COMPOSITION SMART SCALE
BT Logs: Peripheral Info of nearby devices, and mac of itself (picooc scaler)
Body scale values: body, muscles, productivity, date & time, device mac
Dev Info: Mac, model name, user ID, Device Picture
Friends info: name, account_id, user_id, phone_id, sex (have to have them as PICOOC users)
User Info: nick name , userID, height, age, sex, race, type
Sensor values: time, age, OS, race, type, screen size, mobile device info model, environment, language
Preferences: Local Password, Unlocking method, last active day
81. PICOOC BT LOGS
PICOOCDOCUMENTSBLUETOOTHLOG.TEXT
04-14 13:31:36:003 .扫描到设备 name:Peripheral Info:Name: [TV] Samsung 6
Series (49) RSSI: -85 UUID: 592ABA7A-F4A4-D687-7E2A-45F9DDB731D6 ----
Connect a Galaxy S7 to your Samsung TV with Bluetooth to have a fun and
spread your content
TV with enabled Bluetooth & Samsung Galaxy S7
Open the notification pane on your handset.
Select Quick Connect and then Scan for nearby devices
Select Register TV, Tap the new icon with a TV and an arrow
Tap the Share button and then Smart View to play any media you play
on your phone on the TV
83. PICOOC
DEVICE AND PREFERENCES
Dev Info - picoocdocumentspicooc.sqlite
Preferences - picoocLibraryPreferences com.picooc.international.plist
<key>PasswordLockType</key>
<integer>2</integer>
<key>PasswordNumherLockContnet</key>
<string>7124</string>
<key>currendDay</key>
<string>20180922</string>
<key>kStartupUserIdKey</key>
<integer>4611483</integer>
84. USER BASIC INFO – MAIN USER
PICOOCDOCUMENTSPLISTFILEUSERINFO.PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>nickName</key>
<string>Yury Chemerkin</string>
</dict>
</plist>
85. USER EXTENDED INFO – LAST ADDED USER ONLY
PICOOCLIBRARYSENSORSANALYTICS-
SUPER_PROPERTIES.PLIST
current_age_characteristic
current_role_is_athlete
current_role_height
current_language
current_role_age
current_role_sex
app_type
time_zone
current_role_race
current_role_type
3
false
178
英语
58
男
PICOOC国际版
Europe/Moscow
白
使用者
As is
As is
As is
English
As is
Man
PICOOC Worldwide
Version
As is
White
User
92. PICOOC
SUMMARY
Body indexes and changes day-by-day
Fat indexes, Mass
Productivity, Delta
Dev Info, Friends results, User data
Network
Data stored on Alibaba servers
Profile, Device Info, Credentials, additionally passw on pass-change tab
Bonus: Bluetooth scanner of near located devices
Preferences: Local Password, Unlocking method, last active day
93.
94. ~30 mHEALTH APPS
Google Fit
MyFitnessPal
RunKeeper - GPS
Nike+ Running
WebMD
Blood Pressure (BP) Watch
Water Your Body
Instant Heart Rate
Drugs.com Medication Guide
Runtastic Pedometer
Noom Walk Pedometer: Fitness
Strava Running and Cycling GPS
Bleep Fitness Test
Fitness Buddy: 300+ Exercises
BodySpace- Social Fitness
Walk with Map My Walk
Endomondo Running Cycling Walking
FitNotes – gym Workout Log
Period Calendar
Period Tracker
My Pregnancy Today
My Baby Today
Calorie Counter by FatSecret
MyNetDiary Calorie Counter PRO
My Diet Diary Calorie Counter
Calories! Basic – cal counter
Calorie Counter
Lifesum- Calorie Counter
User credentials and pins
Personal details of users
User activities
User location
Activity timestamps
Images
95. ~30 mHEALTH APPS
MYFITNESSPAL
User profile Pics com.myfitnesspal.android/cache/Picasso-cache
User profile Pics /sdcard/
/data/data/com.myfitnesspal.android/databases/myfitnesspal.db
User details including time zone, gender, date of birth and email
- in tables <user_properties, users> - see a pic
User profile pictures - in table <images>
User personal notes - in table <diary_notes>
User records of exercises, food habits and personal measurements - in tables
<exercise_entries; exercises; food_entries; foods; measurement_types;
measurements>
User last synched items with the server - in table <last_sync_pointers>
User food search history - in table <search_history>
96. ~30 mHEALTH APPS
RUNKEEPER
User profile Pics / fitnesskeeper.runkeeper.pro /cache/Picasso-cache
/ fitnesskeeper.runkeeper.pro /databases/RunKeeper.sqlite
User details including activities, trips
Trips deleted by user - in table <deleted_trips>
Activities posted by user - in table <feed>
List of user’s friends - in table <friends>
Images uploaded during trips by user - in table <status_updates>
User settings for each trip - in table <trip_settings>
Places visited during all the trips - in table <points>
Information about each trip - in table <trips>
More tables
The points table is to locate the map coordinates of a user’s route
97. ~30 mHEALTH APPS
PERIOD CALENDAR
• Personal info –/data/data/ fitnesskeeper.runkeeper.pro
/databases/PC.db. Tables
• User - List of the users with passwords (Plaintext passwords, secret questions
and answers )
• Period - Period start time and length of users
• Note - Diary notes inserted by users
• Personal info –/data/data/ fitnesskeeper.runkeeper.pro
/databases/PC_PILL.db. Tables
• pill - Pills used by users including date and time
• pill_record - Details about the pills
98. ~30 MEDICAL/FITNESS/HEALTH APPS
User credentials: Apps may require users to login using their user credentials (e.g. username and
password, PIN, and authentication tokens) in order to use the apps. Therefore, user credentials should be
an artefact that forensic investigators seek to locate during the app forensic process (e.g. determine
whether the credentials are stored in and can be recovered from the app’s databases).
User personal details: User personal details include name, gender, date of birth, email address, height,
weight and other personal data would be helpful for forensic investigators to positively identify the app
or device users.
User activities: The mHealth apps require users to enter their day-to-day food habit, health conditions,
activity or exercise details, diagnosis details, medication details and symptom details, etc.
User location: Fitness apps allow users to keep track of their exercise, running, jogging, cycling and other
activities. These apps generally store the geographical coordinates of the user location during these
activities which can provide useful evidence to the investigators.
Activity timestamps: Another important artefact is the timestamp of the user activity. For example, linking
activity timestamps with corresponding user locations (e.g. geographical coordinates) and other relevant
information (e.g. CCTV feeds) would provide useful information in an investigation.
Images: This artefact includes profile images, and images taken and posted from a location.
99. ~30 MEDICAL/FITNESS/HEALTH APPS
App Name / Data
User credentials
and pins
Personal details
of users
User
activities
User
location
Activity
timestamps
Images
Google Fit N N P N F N
MyFitnessPal P F F N F F
RunKeeper - GPS N N F F F N
Nike+ Running N F F N F F
WebMD N N P N N N
Blood Pressure (BP) Watch N P F N F N
Water Your Body N N F N N N
Instant Heart Rate N N N N N N
Drugs.com Medication
Guide
N F N N P N
Runtastic Pedometer N N F N F N
100. ~30 MEDICAL/FITNESS/HEALTH APPS
App Name / Data
User credentials
and pins
Personal details
of users
User
activities
User
location
Activity
timestamps
Images
Noom Walk Pedometer:
Fitness
N N F N F F
Strava Running and Cycling
GPS
N F F F F N
Bleep Fitness Test N F F N P N
Fitness Buddy: 300+
Exercises
N N F N F N
BodySpace- Social Fitness N F F N P F
Walk with Map My Walk N F F F F P
Endomondo Running Cycling
Walking
N N F F F F
FitNotes – gym Workout
Log
N N F N P N
Period Calendar F F F N P N
Period Tracker N N F N P N
My Pregnancy Today P N N N N F
My Baby Today N F N N P N
101. ~30 MEDICAL/FITNESS/HEALTH APPS
App Name / Data
User credentials
and pins
Personal details
of users
User
activities
User
location
Activity
timestamps
Images
Calorie Counter by
FatSecret
N N F N P N
MyNetDiary Calorie
Counter PRO
N N N N N F
My Diet Diary Calorie
Counter
N P F N F N
Calories! Basic – cal counter N N P N F N
Calorie Counter N F F N F N
Lifesum- Calorie Counter N P F N F F
102. ~30 MEDICAL/FITNESS/HEALTH APPS
THE VALUE IS HIGHER, THE MORE DATA STORED LOCALLY)
3
9
6
8
1
5
2
0
3
4
6
8
5
4
7
9
8
3
7
3 3 3 3
2
5
3
6
7
0
1
2
3
4
5
6
7
8
9
10
Average Issue Index
104. HEALTHCARE
SUMMARY
Native Health App is good protected, however not a basic information
Basic info - Date of birth, sex, blood group, skin type, height (in cm), and mass (in kg)
Exported data is not protected at all
Source apps (medical, fitness, health, …)
Data contains everything with GPS, timestamp and lot of day-by-day changes
Usually stores data locally, but basic activity over network is intercepted and
credentials gained
Pseudo health apps – usually requires user to handle all data by himself
Friend list, Credentials, secret questions & answers
Body values, timestamp, visited places & geo
Medical periods, schedule, pills and so on
Preferences, searches
108. APPLE TV – FIVES GENERATIONS
MacOS X, iOS, tvOS
Common ways to break into
Jailbreak tools
Password management
USB Acquisition
Backup
Jailbroken acquisition
Profiling
109. APPLE TV – I GENERATION
EASILY TO BREAK
First edition of TV, Mac OS X & HDD makes breaking much easier
All possible ways to break into the first Apple TV 8 years ago:
“Hacking the Apple TV and Where Your Forensic Data Lives”, Kevin Estis and
Randy Robbins, Def Con 2009
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-
kevin_estis-apple_tv.pdf
https://www.youtube.com/watch?v=z-WCy3Bdzkc
110. APPLE TV – II-V GENERATION
EASILY TO BREAK TOO
Perform breaks in the same way like any other Apple Mobile device (iPhone, iPad)
Backup contains valuable data (forensics tool works too)
Find a jailbreak to obtain the whole OS
Look for user content: Netflix, iTunes, NHL, NBA, Vimeo, YouTube
Get access to App’s data and reveal credentials, card – depend on application
Why Apple TV can be jailbroken (why men jail it)?
Outdated compromised TV 2 with OpenSSH and default password
https://www.tvaddons.co/appletv2-jailbreak-threat/
Direct access to filesystem and file management beyond the backups & cloud
Stream media from devices beyond AirPlay or iOS devices
Sideloading 3rd party tools
Kodi, Hulu, LastFM, XBMC, Nito TV, , Pandora Radio, and other apps.
Don’t pay $100 for dev license and get access to hundreds, of music, TV, movies
111. APPLE TV
DATA EXAMINATION & FORENSICS
Apple TV jailbreak support https://pangu8.com/appletv.html
Apple TV 1 – scripts, ssh, HD extraction and other way
Apple TV 2 – Seas0npass jail for TV running tvOS 4.3 - tvOS 5.3 (untethered) & tvOS 6.1.2
(tethered)
Apple TV 3 – No jailbreak, many scams, probably Snow3rd jail works for TV running 5.0, 5.0.1,
and not beyond 5.0.2
Apple TV 4
Pangu9 jail for TV running tvOS 9.0 - tvOS 9.0.1
LiberTV jail for TV running tvOS 9.1 - tvOS 10.1
GreenG0blin jail for TV running tvOS 10.2.2
Apple TV 4 / 5
LiberTV jail for TV running tvOS 11.0 and 11.1
Apple TV 4 / 5 – Electra jail for TV running tvOS 11.2 - tvOS 11.3
112. APPLE TV
DATA EXAMINATION & FORENSICS
USB port is reserved for “service and support” purpose
Vanished since Apple 5th Gen (4k)
No password management – we trust you, breakers
Seriously, No Password or Passcode protection at all ! Restrictions instead:
Use Restrictions on your Apple TV https://support.apple.com/en-md/HT200198
Allow all by default
Restrict blocks by passcode purchases, apps, content, settings and remote pairing
(no one blocks pairing usually)
Account-Password requires for purchases in a way like any Apple device
(https://support.apple.com/en-us/HT204030)
113. APPLE TV – 2TH – 4TH GEN
USB ACQUISITION (USB, MICRO, USB-C)
5TH GEN IS OUT OF SCOPE (NO USB)
AFC (Apple File Conduit) service works here
/private/var/mobile/Media
USB Acquisition gives:
Basic device information
Real Time Log (Syslog), Crash Logs
Part of the file system (“Media” folder)
Device information
MAC – WiFi, Bluetooth, Ethernet
Name, Timezone, Serial ID, Model
Ideviceinfo, idevicesyslog http://www.libimobiledevice.org/
114. APPLE TV
BACKUP
Real Time Log
Crash Log
MediaLibrary.sqlitedb
iCloud Account Name
iCloud ID
Wi-Fi networks
Device usage timeline
Shopping database
115. APPLE TV – 2TH – 5TH GEN
JAILBREAK
Timezone
/private/var/db/timezone/localtime
Network tcp/ip lease
/private/var/db/dhcpclient/leases/
Network wi-fi history
/private/var/preferences/com.apple.wifi.plist
116. APPLE TV – 2TH – 5TH GEN
JAILBREAK
Keyboard dictionary
/private/var/mobile/library/keyboard/dynamic-
text.dat
Accounts
/private/var/mobile/library/accounts/
/private/var/mobile/library/preferences/com.apple.ids
.service.com
User email
User info: email + phone
yury.chemerkin@icloud.com
+79851719122
Network
117. APPLE TV – 2TH – 5TH GEN
JAILBREAK
iCloud synced preferences
/var/mobile/Library/SyncedPreferences/
Wi-Fi Access Points
com.apple.wifid.plist
Weather Cities
com.apple.nanoweatherprefsd.plist
Moskva, Lianozovo Dictrict
55.800149, 37.565483
118. APPLE TV – 2TH – 5TH GEN
JAILBREAK
Headboard
/private/var/mobile/library/com.apple.headboard
/apporder.plist
/private/var/mobile/library/caches/com.apple.tvic
onscache/com.apple.headboard
/private/var/mobile/library/caches/com.apple.hea
dboard/fscacheddata
119. APPLE TV – 2TH – 5TH GEN
JAILBREAK
App snapshots
/private/var/mobile/library/caches/com.app
le.pineboard/assetlibrary/snapshots/
Cached video
/private/var/mobile/library/caches/appletv
/video/
120. APPLE TV – 2TH – 5TH GEN
JAILBREAK
Installed applications
/private/var/db/lsd/com.apple.lsdidentifiers.plist
Installed applications
/private/var/mobile/containers/bundle/
Installed applications
/private/var/mobile/containers/data/application/
121. APPLE TV – 2TH – 5TH GEN
JAILBREAK
Country, last activity
App snapshots
Youtube
122. APPLE TV – ANY GEN
PROFILING AS A KIND OF PROTECTION
TV Remote Payload
The TV Remote payload is designated by specifying com.apple.tvremote as the
PayloadType value. If not present, or the list is empty, any device will be allowed
to connect.
Availability: Available in tvOS 11.3 and iOS 11.3 and later
AllowedRemotes
AllowedTVs
RemoteDeviceID
TVDeviceID
https://developer.apple.com/enterprise/documentation/Configuration-
Profile-Reference.pdf
124. APPLE TV
SUMMARY
Lot of jailbreaks
Except Apple TV 3
Apple TV 1 is based on Mac OS X, so breaking is the same way like Mac
Password management
No password
No restrictions by default
Restrictions handle the content only
Apple TV 2 – 5
Apple TV 2 – 4 equipped with USB that gives dev info, timelog, crashlog, media folder
Apple TV 5 does not have USB ports
Jailbroken TV
Timezone, Network Info & History, Keyboard & Account Info
iCloud preferences, Wi-Fi Accent Point, Weather cities (list) easy to remap geo
TVs - Headboard, App snapshots, Cached video
App List, App Data, App Snapshots
125.
126. AMAZON TV: PREREQUISITE
Amazon Fire TV Stick
Amazon account plus other accounts per app
MITM is out of scope, but wait for Amazon Dot
Forensics tools (no support atm)
Known ways to break into
Root
Data acquisition (streaming, photo, app, sideloaded Android app)
127. AMAZON TV
BREAK OPPORTUNITIES
No support of Forensics tools
Sideloading is allowed, ADB exists and is off by default
Rooting
many root-apps (like KingRoot) is around of outdated FireOS
such as 5.0.5 but not limited it
The rooting requires a keyboard, no support for TV remote
devices
Use dd command to obtain an image of Fire TV
128. AMAZON TV
ROOT, BOOTLOADER, SIDELOADING
Non-root things
Sideloading is allowed without root like on Android
Bootloader: 51.1.x.x – non-locked, 5.x.x.x – locked but 5.0.x are unlockable (no info about
older versions)
Downgrading might be possible
Roots
Fire TV 1 – rootable for 51.1.0.0 - 51.1.6.3, 5.0.3, 5.0.5, and no root for 5.0.5.1, 5.2.1.0 -
5.2.6.3
Fire TV 2 – rootable for 5.0.0 – 5.2.1.1, no root for 5.2.4.0 – 5.2.6.3
Fire TV 2 – 5.2.6.6 – pre-rooted ROM (http://www.aftvnews.com/pre-rooted-5-2-6-6-rom-
is-now-available-for-the-fire-tv-2/)
Fire TV 3, Fire TV Cube – no root or pre-rooted ROM
Fire TV Stick 1 – rootable for 5.0.0 - 5.2.1.1 and no root 54.1.2.3 and older, 5.2.1.2 -
5.2.6.3
Fire TV Stick 2 – no root, except hardware rooting to direct access to the device eMMC
storage (http://www.aftvnews.com/amazon-fire-tv-hardware-root-demonstrated/)
Fire TV Edition television – rootable for 5.2.5.0 and no root for 5.2.5.1 - 5.2.6.3
129. AMAZON TV
ROOTED TV
browser.db – Browser History & navigating to websites using
Mozilla Firefox
[root]/data/com.amazon.bueller.photos/files/cmsimages – Pictures
from Amazon cloud drive but formatted for better viewing up to
Fire TV Stick
[root]/data/com.amazon.device.controllermanager/
databases/devices – Bluetooth Devices and their names, MAC
paired with Fire TV (such as, keyboard mouse, Amazon Fire TV
remote)
[root]/data/com.amazon.device.logmanager/files – Amazon Logs
including Log.amazonmain
130. AMAZON TV
ROOTED TV
/data/data/ = All application data is stored in this directory
com.amazon.venezia/ = Amazon appstore data
/cache/ = thumbnails & previews for appstore apps
/databases/ = sqlite files in each folder
/contentProvider = Table "Apps" contains app-names("key") with relation
thumbnails("thumbnailUri"), Preview("previewUri") found in ../cache directory
/locker = workflow, orders, wishlist, applications, cache, content tokens.
/logging = logs for appstore application
com.android.cloud9/ = Amazon browser data
/cache/webviewcache/ = any cache data
/databases/ = sqlite files in each folder
/webview.db = webview cookies & form data.
/webviewCache.db = association of files in ../cache/webviewcache/ directory to urls.
/browser.db = history & bookmarks also have path to page previews and thumbnails stored in ../files
/files/ = page previews & thumbnails stored as JPEG (crosslink to ‘browser.db’ above)
/shared_prefs = preferences for a cross-access
com.amazon.provid ers.contacts/databases/conta cts2.db = All contacts
133. AMAZON TV: SUMMARY
Several older firmwares are affected by rooting tools
Rooting requires BT-keyboard that’s is not a big deal for TV
Sideloading is allowed without root
ADB is possible
Downgrading the Fire TV Stick software/firmware might possible
Personal data is revealed
Credentials of streaming services is found
Netflix, NHL, NBA, Vimeo, … Kodi to get access to hundreds, of music, TV, movies
No way to restrict connection and bind TV and device to themselves only
FireOS ver 5.x is based on Android 5.1.1 Lollipop, ver 6.x is based on
Android 7.1 Nougat
136. AMAZON ECHO DOT
LOCAL ACCESS, LACK OF ROOT
Alexa doesn’t have ADB, but have a MTK
bus 001 Device 010: ID 0ed8d:2000 MediaTek Inc. MT65xx Preloader
However a SP Flash Tool does not work atm
Bootloader – press and keep ‘Uber’ while it is loading, but bootloader is locked
and no unlocking key is available
Bus 001 Device 019: ID 0bb4:0c01 HTC (High Tech Computer Corp.) Dream / ADP1 / G1 /
Magic / Tattoo
# fastboot devices
fastboot
# fastboot getvar all
lk_build_desc: c1…..
prod: 1
unlock_status: false
serialno: […..]
product: BISCUIT
version-preloader: 0.1.00
version: 0.5
137. AMAZON ECHO DOT
MITM. WHAT ABOUT SSL?
Self signed certificates is allowed on Alexa for devs
https://developer.amazon.com/docs/custom-
skills/configure-web-service-self-signed-certificate.html
https://www.amazon.com/gp/help/customer/display.ht
ml?nodeId=201589180
Change endpoint configuration and region
Make your Alexa installs a SSL from Intercepting tools
No lack, Alexa Echo Dot as a device prevents this shit
Try with Alex app that comes installed by default on the
Kindle Fire Tablets, or download for Android or iOS
devices even (!)
138. AMAZON ECHO DOT
MITM. FIRST TIME SETUP
Navigate via browser https://alexa.amazon.com
Up to end of 2017 a redirect to Alexa setup was a http
URL (!)
Expected credentials stolen in plaintext & expiring in
2036 like before, but no lack
before
POST
/ap/signin?ie=UTF8&pf_rd_r=yyyyyyy&pf_rd_m=xxxxxx&
pf_rd_t=6301&pf_rd_i=amzn_dp_project_dee&pf_rd_p=x
xxxx&pf_rd_s=signin-slot HTTP/1.1
Host: www.amazon.com
Content-Length: 1349
“name”: “Set-Cookie”,
“value”: “session-token=”xx/y//zz==”; Version=1;
Domain=.amazon.com; Max-Age=630720000; Expires=Sat,
01-Nov-2036 22:39:37 GMT; Path=/”
Now
HTTPS, prevents MITM attack
Certificate expires every 2 years
139. AMAZON ECHO DOT
MITM. FIRMWARE
Intercepting firmware updates is possible
Here is a bin-firware http request
GET /obfuscated-otav3-9/…/update-kindle-full_biscuit-XXXX_user_[XXXXXXXXX].bin
HTTP/1.1
Host: amzdigitaldownloads.edgesuite.net
Connection: close
User-Agent: AndroidDownloadManager/5.1.1 (Linux; U; Android 5.1.1; AEOBC
Build/LVY48F)
Firmware contains build.prop = designed as a Android & have .APKs
ro.build.version.fireos=5.5.0.3
ro.build.version.fireos.sdk=4
Non-Encrypted bin-firmware
-rw-r--r-- boot.img; file_contexts
drwxr-xr-x images; META-INF
-rw-r--r-- ota.prop
drwxr-xr-x system
-rw-r--r-- system.new.dat; system.patch.dat; system.transfer.list
140. AMAZON ALEXA APP
Alexa app has a good a solid protection
No sensitive data stored locally
Well encrypted communication (online, internal) and used the TLS 1.2
However, MITM is possible, because no SSL Pinning used
Credentials and all communication compromised
141. AMAZON ECHO DOT
ALEXA APP – MITM, NOT PINNED
Credentials
{"Credentials":{"AccessKeyId":"ASIAXHE6EPSWNVIGFBVP","Expiration":1.538588872E9,"SecretKey":"+8gS
x7/H.....U="},"IdentityId":"us-east-1:503e25f6-2302-4dcd-8cb2-64a0e888f76b"}
Email, Password from POST action ‘https://www.amazon.com/ap/signin’
Device Info plus token
Metrics - https://device-metrics-us-2.amazon.com/metricsBatch
HTTP_USER_AGENTDAMZN(SmartPhone/iPhone/A2IVLV5VM2W81,iOS/12.0,Alexa//2.2.233205,DCM)"
CountryCode RU"
Profile
Name, Billing Address, Shipping Address
Device IDs, types, Account ID, Device capabilities
First answer in .mp3 (https://tinytts.amazon.com/) stored for a long time (at least couple months)
142. AMAZON ALEXA APP
LOCAL
LibraryApplication Supportdevice.sqlite – device list with
ID, serials
LibraryMETRICS_NORMAL* - Logs &
MetricsHTTP_USER_AGENT(SmartPhone/iPhone/A2IVLV5VM
2W81,iOS/12.0,Alexa//2.2.233205,DCM)
LibraryPreferencescom.amazon.echo.plist – Account Info
DocumentsLocalData.sqlite – settings of devices
143. AMAZON ECHO DOT
ALEXA APP
Alexa and Echo allow many users to manage devices
Echo has no voice differentiation capabilities nor protection against non-human or repeated speech
Each device locks by 4 digit PIN
The Set of PINs is ~10k values
Two attempts and have to restart but no limit the number of total attempts
Bruteforce it for 2 days
How to break
1. Computer says “wake word” followed by the command to order an Amazon Echo Dot
2. Alexa responds with top Amazon search for and asks if user wants to place the order
3. Computer confirms order
4. Alexa asks for 4-digit PIN
5. Computer guesses next PIN in numerical order
6. Alexa accepts or rejects PIN
7. Computer guesses next PIN in numerical order
Repeat until you break it take up to 48h max
145. AMAZON ECHO DOT & ALEXA APP
SUMMARY
Intercepting firmware updates is possible
Alexa allows to use self-signed SSLs but not accepts Burp/Charles certificate?
True for Alexa Echo Dot
Alexa app that relies on TLS 1.2 but affected to MITM attack with self signed cert
Not everything is HTTPS
FireOS is based on Android - https://en.wikipedia.org/wiki/Fire_OS
ver 5.x – Android 5.1.1 Lollipop. Alexa is still on 5.x
ver 6.x – Android 7.1 Nougat
Even hardware root is possible
https://vanderpot.com/Clinton_Cook_Paper.pdf
158. LIGHTIFY
Lightify is the IoT platform with a simplest integration of wireless lighting.
Need to have an Lightify-account
Online communication uses QUIC-protocol with encryption over UDP
Wireshark does not support QUIC decryption at the moment. The drafts
at tools.ietf.org/wg/quic are also not really detailed on the ciphers.
Lightify Gateway communicates over TCP completely unencrypted locally,
but via a binary protocol https://github.com/noctarius/lightify-binary-
protocol#basics-about-the-protocol and here a plugin to manage the
light https://github.com/tfriedel/python-lightify
Credentials stored in a local folder – shared preferences
159. IKEA TRADFRI
Smart lightning and assistant to control it
No online communications except firmware requests in plaintext
GET http://fw.ota.homesmart.ikea.net/feed/version_info.json
User-Agent: HertzClient/1.0
Host: fm.ota.homesmart.ikea.net
Connection: close
Response : No response
Local communication is DTLS (SSL over UDP)
Pairing via QR code
(Serial Number = Mac Address, Security Code/ pre-shared key)
QR code can be revealed for further decryption
Locally stored data
Encrypted QR-code and store in keystore – need root to get an access
Keystore doesn’t work for outdated Android (< 4.3)
AES encryption alg for outdated Android and built APK with encryption key “Bar12345Bar12345” as a resource in “key_file.txt”
The Issue here is a patched APK file with a removed strong encryption
160. PHILIPS HUE
HUE light, lamps and other with a smart assistant and bridge to works over Philips servers
The list of paired Apps and services with timestamp sent across Hue apps
Online communication
[BridgeServers] works over HTTP with additional layer of AES-encryption. Guess they store secret key somewhere
but no lack to find it
[AppServers] works over HTTPS with SSL Pinning
Local communication works over HTTP
PUT http://192.168.1.38/api/Ds7KfNjjYtC8uN
mU8azGBiOSj-uacXI0q0JKaTs/groups/1/action
Host http://192.168.1.38
Accept *.*
Content-Type: application-json
Content-Length: 11
Json {“on:true”}
Loading malicious firmware over-the-air http://iotworm.eyalro.net/
In 2016, researchers hacked Hue lights via ZigBee over a distance of more than 200 meters
http://iotworm.eyalro.net/iotworm.pdf
162. LIGHTNING
SUMMARY
IoT platforms: Lightify, IFTTT
One account to access all tokens & credentials to manage services, devices
and data
Communication
Online – usually encrypted, MITM sometimes possible
Local – non-protected, custom protocols & encryption – usually analyzed
Firmware – plaintext usually, malicious attacks are possible
Local
Credentials, log, data
163. CONNECTED HOME
SUMMARY
Jailbreaks & roots
Available for popular devices
Sideloading apps are possible
New in-house manager devices, such as Alexa Dot doesn’t have root tools
Backup & Data
Works for many devices
Works for synchronizing apps, like Alexa
In-house smart manageable things works over app-manager that, in turn
Allow itself to be manageable by any devices BT, Wi-Fi, e.g. cast video or other content
Doesn’t have a good protection and available over Internet
Has a firmware issues with malicious over-air-attacks
Locally stored lot of data in app installed on the mobile device
Moved in an user’s pocket everywhere
165. IoT
HOW TO SECURE
Risk Management
Device Profiling – divide your devices according to a critical info & risk score
Use cases – define where and what for are you going to use devices
Compatibility - use devices that are compatible with existing technology stack, and security equipment and
software
Lost of smartphones – avoid devices to be lost or left unattended
In-home Secured Network
Obscure name – NOT for vendor & model names or revealing user identity e.g. personal
Encryption – use up-to-date devices with the latest & strongest encryption schemes
Guest network – setup it if you’re sure but better to Disable guest network access entirely
Two or more different Wi-Fi networks (logically or physically) – one for typical activities (networking,
messaging, etc.), second for IoT, third for critical banking, shopping
Firewall - a stand-alone software or shipped with the router, allow traffic on those specific ports & no others
Limit of public network usage – avoid pairing device or using device apps over public network due to lack
of encryption of data
Password Management
Default credentials – change it for router’s , IoT devices’ password
Unique passwords - use unique, complex passwords made up of letters, numbers, and symbols
166. IoT
HOW TO SECURE
Software Management
Settings – change it to default privacy policies & security settings
Features – disable features you don’t need, such as a remote access
Apps – avoid use apps that don’t encrypt data locally or while it’s transferring
Patches – keep all devices & software up-to-date
VPN – stand alone software or shipped with router to protect connections of IoT device that working over Internet
Multifactor & Hubs – use all security settings that require additional actions before it’s being easily hacked
Data
Data Analysis - analyzing data generated by IoT devices to understand what data might be monetized
Activity Analysis – identifying unusual activity of IoT devices to understand what data might be leaked
Breaking tools
Risky app – avoid apps out of store, junk apps from app store
Broken - don’t break any device in a chain of devices, rely on supported vendor ROMs
Flashed – flash clean & secure ROMs to remove unwanted apps but rely on well-known supported ROMs
Cloud & third party tools
IoT clouds – audit it before using for your personal/business need
Third party services – there are many automation tools to manage IoT devices. Use secured and audited and be
informed
167. MOBILE, IoT, CLOUDS…
IT’S TIME TO HIRE A RISK MANAGER!
HOW TO CONTACT ME ?
ADD ME IN LINKEDIN:
HTTPS://WWW.LINKEDIN.COM/IN/YURYCHEMERKIN
YURY CHEMERKIN
SEND A MAIL TO: YURY.S@CHEMERKIN.COM