I have chosen wireless attacks and iPhone forensics as my topic for the project paper, because I am very interested in securing against wireless attacks and performing forensics analysis on a mobile phone.
A wireless network is any type of computer network that is comprised of wireless data connections for connecting network nodes. An example of this would be a modem connected to the Internet that uses a wireless router to connect computers, laptops, smartphones, tablets, T.V.’s, or any other wireless devices by way of a Wi-Fi connection found in an average person’s home.
Wireless Networks such as Wi-Fi would not exist today if it were not for the decision of the Federal Communications Commission (FCC) to open several bands of wireless spectrum, and allowing them to be used without the need of a government license.
The most common types of wireless technologies include Bluetooth, Infrared, Wi-Fi, and Wireless USB.
Wireless Attacks can occur anywhere a wireless connection is being used. This could range from a person’s home, a corporate business, schools and universities, an internet café, or even a local pizza shop.
The three methods used by hackers to perform a wireless attack are Wardriving, Warflying, and Warchalking. Wardriving is the act of searching for Wi-Fi networks to exploit in a moving vehicle through the use of a laptop, smartphone, tablet, or PDA. Warflying is performing the same action as Wardiving, with the only difference being that an airplane or even a drone is used rather than a car.
Warchalking is the use of chalk marks on outdoor surfaces to let others know the existence of an open wireless network connection. Open networks make for easy targets and are at a high risk of an attack.
There are many different wireless attacks that fall under two categories, passive and active. Passive attack examples would be eavesdropping, traffic analysis, and traffic monitoring, and are used to find vulnerabilities that can be exploited to perform an active attack or to obtain sensitive information.
Active attacks are used for several reasons depending on the type of attack. For instance denial-of-service and flooding attack’s are used to make the network unavailable to the user.
A man-in-the-middle attack allows the attacker the ability to monitor and inject messages into a communication between two users. They do so by impersonating one user to trick the other to believing the message is authentic. This could cause the victim to give valuable information such as an encryption key.
Some of the best practices that should be implemented to safeguard against wireless attacks include the following: creating a wireless security policy, securing the Wireless LAN, Securing the Ethernet network, Securing business laptops when employees are using them outside of the workplace, and ensuring that all employees are educated on company the wireless policy.
Wireless Forensics is much like a typical forensic investigation in that the main concepts remain. A warrant must be obtained, the scene must be “taped off”, then document everything at the scene, and all while following the chain of custody.
The difference here is that all wireless devices must be identified including the rogue access point which allowed the attack to occur.
Once all that information is acquired there are several more steps to take. Using a program such as Microsoft Visio, investigators can prepare a map of the wireless zones and hot spots that were used. Connecting to the network can be done directly to the WAP or by sniffing traffic between the access point and its associated devices.
Once all data is acquired and analyzed it needs to be written in a report.
The iPhone has a vast amount of evidence that is stored on it that can be recover even if deleted.
An iPhone’s that is acquired and has a secure password can be broken using a forensic tool that allow the investigator to obtain the pass code. The evidence acquired falls into the following DeviceInfo file and SysInfo file. DeviceInfo is things like the name given to the device and username logged into the computer, while SysInfo gives information about the iPhone itself such as model number, serial number, etc.
There are many things that can be recovered including: network informaiton, photos, contacts, calendar events, call logs, messages and e-mails, etc.
Once the information is gather it must be analyzed using forensic tools.
There are many different tools that can be used in analyzing the iPhone. One method is by jailbreaking it. This means that the phone is unlocked so that third-party applications can be installed and it will allow the investigator to open the file system of the iPhone so it may be accessed from a computer.
Some of the more popular forensic tools for the iPhone are listed here such as EnCase, DiskInternals Music Recovery, Elcomsoft Phone Password Breaker, Cellebrite UFED, and Katana Forensics Lantern. Some of these are tools that will help to recover even deleted data (Encase and Cellebrite UFED for instance).
WIRELESS ATTACKS & IPHONE
By John Intindolo
ISSC456 Digital Forensics: InvestigatingWireless Networks and Devices
(Iphone forensics, n.d.)(Wireless web, n.d.)
What is aWireless Network?
Overview ofWireless Networks
(Wireless network advantages, n.d.)