This document provides an overview of Brian Moran's presentation on analyzing data from smart watches and fitness trackers. It discusses the Pebble Time, Under Armour Band, data storage locations, parsing scripts, and protecting privacy. Key points include that smart watches store useful notifications and health data, most interesting data is on linked mobile devices, and timestamps may have minor variations due to device settings. The document also provides specifications for the Pebble Time, Under Armour Band, and scripts for parsing their data stores.
BriMor Labs Live Response Collection - OSDFCONBriMorLabs
Presentation by Brian Moran of BriMor Labs on the Live Response Collection given during the Basis Technology Open Source Digital Forensics Conference (OSDFCON) on October 28, 2015
Silicon Valley Code Camp 2014 - Advanced MongoDBDaniel Coupal
MongoDB presentation from Silicon Valley Code Camp 2014.
Walkthrough developing, deploying and operating a MongoDB application, avoiding the most common pitfalls.
BriMor Labs Live Response Collection - OSDFCONBriMorLabs
Presentation by Brian Moran of BriMor Labs on the Live Response Collection given during the Basis Technology Open Source Digital Forensics Conference (OSDFCON) on October 28, 2015
Silicon Valley Code Camp 2014 - Advanced MongoDBDaniel Coupal
MongoDB presentation from Silicon Valley Code Camp 2014.
Walkthrough developing, deploying and operating a MongoDB application, avoiding the most common pitfalls.
Wrangle 2016: Seeing Behaviors as Humans Do: Uncovering Hidden Patterns in Ti...WrangleConf
By Mohammad Saffar, Arimo
Time-series (longitudinal) data occurs in nearly every aspect of our lives; including customer activity on a website, financial transactions, sensor/IoT data. Just like in written text, specific events in a sequence of events are affected by the past and affect events in the future, and this can reveal a lot of hidden structure in the source of the events. Yet, today's predictive techniques largely rely on demographic (cross-sectional) data and do not take into account the sequences of events as they occur. In this session, Mohammad will discuss techniques for taking time-series data from a variety of domains and sources and grouping entities based on temporal behavior, using RNNs. These clusters of time-series sequences can either be visualized or used for campaign targeting in the case of user clickstream behavior or understanding stock symbols that behave similarly based on their trading behavior.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Cross Device Optimisation - Google Analytics ShortcutsCraig Sullivan
In this session, we explain how to mine GA for broken device experiences, flows, funnel blocks and more... Using a new grid tool we've developed, you can pull multi-dimensional segmented funnel and metric data from Google Analytics - we explain how it works, why you need it and what problems it solves. Find where your site is leaking money through data
In this attempt, we have reviewed & focused on the concern of security which is an important factor in today's scenario.We need to keep ourself updated by taking growth of technology into an account..
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsPriyanka Aash
"The global market for Bring Your Own Device (BYOD) and enterprise mobility is expected to quadruple in size over the next four years, hitting $284 billion by 2019. BYOD software is used by some of the largest organizations and governments around the world. Barclays, Walmart, AT&T, Vodafone, United States Department of Homeland Security, United States Army, Australian Department of Environment and numerous other organizations, big and small, all over the world. Enterprise Mobile Security (EMS) is a component of BYOD solutions that promises data, device and communications security for enterprises. Amongst others, it aims to solve Data Loss, Network Privacy and jailbreaking/rooting of devices.
Using the Good Technology EMS suite as an example, my talk will show that EMS solutions are largely ineffective and in some cases can even expose an organization to unexpected risks. I will show attacks against EMS protected apps on jailbroken and non-jailbroken devices, putting to rest the rebuttal that CxOs and solution vendors often give penetration testers, ""We do not support jailbroken devices."" I will also introduce a groundbreaking tool, Swizzler, to help penetration testers confronted with apps wrapped into EMS protections. The tool conveniently automates a large amount of attacks that allows pen-testers to bypass each of the protections that Good and similar solutions implement. In a live demonstration of Swizzler I will show how to disable tampering detection mechanisms and application locks, intercept & decrypt encrypted data, and route ""secure"" HTTP requests through BURP into established Good VPN tunnels to attack servers on an organization's internal network. Swizzler will be released to the world along with my talk at Blackhat USA. Whether you are a CxO, administrator or user, you can't afford not to understand the risks associated with BYOD."
(Source: Black Hat USA 2016, Las Vegas)
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
Attorneys are often shocked at how much deeply probative evidence, both live and deleted, can be data mined from today’s smart phones and tablets. With the surging adoption of mobile apps for communications, commerce, navigation, and other capabilities, new issues with data security and privacy are developing. This session will explore new evidence modalities, relevance, admissibility, and topical issues with mobile apps that impact investigations and litigation.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Wrangle 2016: Seeing Behaviors as Humans Do: Uncovering Hidden Patterns in Ti...WrangleConf
By Mohammad Saffar, Arimo
Time-series (longitudinal) data occurs in nearly every aspect of our lives; including customer activity on a website, financial transactions, sensor/IoT data. Just like in written text, specific events in a sequence of events are affected by the past and affect events in the future, and this can reveal a lot of hidden structure in the source of the events. Yet, today's predictive techniques largely rely on demographic (cross-sectional) data and do not take into account the sequences of events as they occur. In this session, Mohammad will discuss techniques for taking time-series data from a variety of domains and sources and grouping entities based on temporal behavior, using RNNs. These clusters of time-series sequences can either be visualized or used for campaign targeting in the case of user clickstream behavior or understanding stock symbols that behave similarly based on their trading behavior.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Cross Device Optimisation - Google Analytics ShortcutsCraig Sullivan
In this session, we explain how to mine GA for broken device experiences, flows, funnel blocks and more... Using a new grid tool we've developed, you can pull multi-dimensional segmented funnel and metric data from Google Analytics - we explain how it works, why you need it and what problems it solves. Find where your site is leaking money through data
In this attempt, we have reviewed & focused on the concern of security which is an important factor in today's scenario.We need to keep ourself updated by taking growth of technology into an account..
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsPriyanka Aash
"The global market for Bring Your Own Device (BYOD) and enterprise mobility is expected to quadruple in size over the next four years, hitting $284 billion by 2019. BYOD software is used by some of the largest organizations and governments around the world. Barclays, Walmart, AT&T, Vodafone, United States Department of Homeland Security, United States Army, Australian Department of Environment and numerous other organizations, big and small, all over the world. Enterprise Mobile Security (EMS) is a component of BYOD solutions that promises data, device and communications security for enterprises. Amongst others, it aims to solve Data Loss, Network Privacy and jailbreaking/rooting of devices.
Using the Good Technology EMS suite as an example, my talk will show that EMS solutions are largely ineffective and in some cases can even expose an organization to unexpected risks. I will show attacks against EMS protected apps on jailbroken and non-jailbroken devices, putting to rest the rebuttal that CxOs and solution vendors often give penetration testers, ""We do not support jailbroken devices."" I will also introduce a groundbreaking tool, Swizzler, to help penetration testers confronted with apps wrapped into EMS protections. The tool conveniently automates a large amount of attacks that allows pen-testers to bypass each of the protections that Good and similar solutions implement. In a live demonstration of Swizzler I will show how to disable tampering detection mechanisms and application locks, intercept & decrypt encrypted data, and route ""secure"" HTTP requests through BURP into established Good VPN tunnels to attack servers on an organization's internal network. Swizzler will be released to the world along with my talk at Blackhat USA. Whether you are a CxO, administrator or user, you can't afford not to understand the risks associated with BYOD."
(Source: Black Hat USA 2016, Las Vegas)
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
Attorneys are often shocked at how much deeply probative evidence, both live and deleted, can be data mined from today’s smart phones and tablets. With the surging adoption of mobile apps for communications, commerce, navigation, and other capabilities, new issues with data security and privacy are developing. This session will explore new evidence modalities, relevance, admissibility, and topical issues with mobile apps that impact investigations and litigation.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. A Brief List of Topics
• Why use these confounded devices?
• Pebble Time
• UA Band
• Ways to protect your data
• Future research goals
• Q & A
BriMor Labs - 2016
3. The Introductory Introduction
• Hello, my name is Brian Moran
– Hi Brian!
• 13 years Air Force Active Duty
– 10 years mobile exploitation/DFIR experience
• Worked here….
BriMor Labs - 2016
7. Sad day on October 3, 2016
• Microsoft announced it was ending sales of the Band 2
– SDK also removed
– “No current plans for Band 3”
• Rather than cover a portion of my talk on (now) legacy
hardware, purchased a UA Band to research same information
– Only had a few weeks of data & research, there is
definitely more to come!
BriMor Labs - 2016
8. But some good news for you
• The offline version of this presentation will
also include the Band 2 slides
– In case you encounter a Band 2 or were curious
about it
• This presentation, however, will NOT cover the
Band 2 at all
BriMor Labs - 2016
9. Software Used
• ES File Explorer app – Android
– Version 4.0.4.5
• Pebble Time app – Android
– Version 3.10.0-976-0c219e8
• UA Record app – Android
– Version 3.9.0.1
• SQLite Spy
– Version 1.9.6
• Hex Workshop
– Version 6.8.0.5419
• Perl/Python
BriMor Labs - 2016
10. iOS data shout out
• Special thanks to likely 2017 Forensic 4Cast Awards
“Digital Forensic Book of the Year” nominee Heather
Mahalik for providing me Pebble related iOS data*
– Let’s make this happen!
*Only cost me a couple pairs of LuLaRoe leggings & some Middleswarth chips
BriMor Labs - 2016
12. What Was NOT Used
• Cellebrite (This is the Open Source Digital Forensics
Conference)
• During the course of this research, no lying
dormant cyber pathogens were harmed
BriMor Labs - 2016
13. Why not Apple/Samsung/LG/etc.?
• Wanted to choose smartwatches that can be
used regardless of brand of phone or phone
operating system
• Pebble – Android, iOS, “unofficial official”
Windows Phone
• UA Band – Android, iOS
BriMor Labs - 2016
14. Why use smart watches?
• Helpful notifications (especially when driving)
BriMor Labs - 2016
29. • “datadatacom.getpebble.android.basaltdatabase
spebble” is primary file of interest
– SQLite database (as are most files on mobile devices
these days)
– Easy to view in any SQLite viewer or parse via scripting
languages
BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
31. • Table “android_apps” contains a listing of every
application and application version installed on the
device
• Information is obviously needed for notifications
sent to Pebble
• Useful location if looking for an application/version
BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
33. • Table “notifications” contains a listing of every
notification that happened on the mobile device
• Data is stored by Pebble app regardless of it being sent
• Can contain INCREDIBLY useful information
– NOTE: Database does get cleaned when user chooses to
clear all notifications BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
35. • Table “timeline_items” contains a listing
notifications actually sent to device
• This data is stored as json inside of a SQLite
database
BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
37. • Table “weather_locations” contains a list of
“locations” that the device receives weather
updates
• Can be useful to determine if an individual was in a
certain place at a certain time
BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
39. • SMS message notifications are stored under
“notifications” table.
– The “package_name” is bank, the “SOURCE” is “SMS”
Remember, this can potentially contain messages that
were deleted from the phone, cannot be recovered
through any other tool/mechanism but ARE stored
within this database! BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
40. BriMor Labs - 2016
Pebble Time storage
(Android mobile device)
41. • Obligatory Pebble data on iOS devices slides
• Main database of interest is named
“PBMyPebbleAppDataCoreDataManager.sqlite”
• “f97bcd6b4a35ff9054977f0f62d141cb6580737b”
– iOS Backup file name (iOS 9 & earlier)
BriMor Labs - 2016
Pebble Time storage
(iOS devices)
46. • Primary folder of interest is “databases”
• Folder contains several SQLite databases with kind
of easy to decipher names
– Kind of
BriMor Labs - 2016
UA Band storage
(Android mobile device)
48. • SQLite databases of particular interest (to date):
– commonCache.db
– mmdk_user
– usadk_workout
• As more research is done, it is likely more
information will be found!
BriMor Labs - 2016
UA Band storage
(Android mobile device)
49. BriMor Labs - 2016
• commonCache.db contains the following tables of
primary interest
– Data Point
• Can record notes about meals, entirely dependent on user
– MfpDailyEnergy
• Can contain detailed calorie information bout meals
UA Band storage
(Android mobile device)
51. BriMor Labs - 2016
• mmdk_user
– Database contains information on the primary user
associated with the UA Record account on mobile device
– Also includes information on any “friends” of the user
• Thanks Jessica!!
UA Band storage
(Android mobile device)
53. BriMor Labs - 2016
• usadk_workout
– Contain information on workouts performed by user
associated with the UA Record account on device
– Also contains information on workouts performed by
“friends”
– DOES NOT include comments left on workout posts
• That I have found thus far
UA Band storage
(Android mobile device)
55. UA Record - website
• Limited information is available via the website
• Most of the functionality is in the app on the
mobile device
BriMor Labs - 2016
56. UA Record - website
BriMor Labs - 2016
Entry viewed on UA Record app
NOTE: Average pace is 12:29
57. UA Record
(Android app)
• Much more functionality
– Many more options to do many more things
• One important note: “My Feed” does not appear to
store any data on the device. So every time you
want to see the feed, EVERYTHING gets
downloaded again
BriMor Labs - 2016
59. • Almost all app data is stored in metric increments
– Joules
– Meters
– Meters/second
– And more
• This means things like pace/distance/weight/etc. can
vary depending on how “ROUND” is computed on
various platforms. BriMor Labs - 2016
UA Record
(Android app)
60. Important Take Away(s)
• Smart watches are essentially content notification
devices
– Require another device (mobile device) to “fully” work
• Most of the interesting data will be stored on the
mobile device itself
• Connected apps/websites can have even MORE data!
BriMor Labs - 2016
61. Important Take Away(s)
• Timestamps are dependent on exact time on
device/platform being analyzed & unit conversion(s)
• Trust the raw data, but be prepared for slight time
skew
• No current method to “secure” most smart watches
– It pains me to say this, but it is one thing that Apple got
right
BriMor Labs - 2016
62. Important Take Away(s)
• If you are going to do something bad, don’t
wear a smartwatch/fitness tracker
• Additionally, if you are going to lie about
something bad happening to you, don’t wear
a smartwatch/fitness tracker
BriMor Labs - 2016
63.
64.
65. Protecting your data
• Only turn on notifications you want to record
– NOTE: iOS will not allow the user to modify some
notification settings
• Open Pebble app on mobile device
– Navigate to “Notifications”
– Select “View All Apps”
– Change slider from blue (on) to gray (off) accordingly
BriMor Labs - 2016
67. Protecting your data
• Clear notifications on a regular basis
• On Pebble device,
– Navigate to “Notifications”
– Select “Clear All”
• NOTE: You must have at least one notification on the
Pebble device to clear the SQLite table on the mobile
device
BriMor Labs - 2016
69. Protecting your data
• Use strong password(s) for your accounts
• Don’t reuse passwords - Especially for 2nd/3rd
party apps
BriMor Labs - 2016
Examples of BAD
passwords
70. Data parsing scripts
• https://github.com/brimorlabs
– allyourpebblearebelongtous.pl
• Released June 2016
– allyouruarecordarebelongtous.pl
• Released October 2016
• Why Perl?
– Easier (for me)
– Want companies (Cellebrite) to at least do a little work to make
money off of open source research
BriMor Labs - 2016
71. allyourpebblearebelongtous.pl
• Give the script a pebble database & output
folder and let it run
• Tries to figure out if it is iOS or android &
parses data accordingly
BriMor Labs - 2016
NOW FEATURING IOS PARSING
CAPABILITIES!!
84. Future development
(DEPENDENT ON FREE TIME)
• Collect more data and do more experimentation
– Capturing traffic to/from smart watches is <STILL> my
next goal
• Expand to other smart watches & fitness
trackers(maybe?)
– Fitbit & Garmin are intriguing
BriMor Labs - 2016
89. BriMor Labs - 2016
Golf data viewed on Microsoft Health app
Microsoft Health Android
app
90. Microsoft Health
• Same methodology can be applied for all “tracking”
aspects
– Running
– Workouts
– Sleep
– Calories
– Etc.
BriMor Labs - 2016
91. Microsoft Band 2 storage
(Android mobile device)
BriMor Labs - 2016
Look at database for file associated with “Sleeping”
b0d94bd7-4b17-46f9-9733-090aebcbf0ae
92. BriMor Labs - 2016
Browse to “com.microsoft.kapp/files/responseCache/b0d94bd7-
4b17-46f9-9733-090aebcbf0ae”
Microsoft Band 2 storage
(Android mobile device)
93. BriMor Labs - 2016
Raw sleep data from app mobile device
94. Microsoft Health - website
BriMor Labs - 2016
Sleep data viewed on Microsoft Health website
NOTE: Asleep at 12:04AM
99. • Primary folder of interest is “responseCache”
– Found under “com.microsoft.kapp/files”
• Folder contains files in json format with GUID type
names
– Names correlate to entries in SQLite database “cache.sqlite”
found under the path “com.microsoft.kapp/databases”
– IMPORTANT NOTE: Not all names have an entry, depending
on Band usage BriMor Labs - 2016
Microsoft Band 2 storage
(Android mobile device)
100. • Data in SQLite database notes a file related to
“Golf” is stored as
“/data/data/com.microsoft.kapp/files/responseCac
he/9524a205-d3d6-4d7c-ad31-cbfba2e25840”
BriMor Labs - 2016
Microsoft Band 2 storage
(Android mobile device)
101. BriMor Labs - 2016
Microsoft Band 2 storage
(Android mobile device)
103. • Highlights
– Distance is stored in “cm”
– Par was 71
– Total score was 85
– Scored par or better on 10 holes
(Had a good front nine (+2), but ran into trouble on the
back. Not too bad all in all considering I had a torn labrum
in my hip) BriMor Labs - 2016
Microsoft Band 2 storage
(Android mobile device)
106. Microsoft Health - website
• Remember the text data from golfing earlier?
• The data viewed in the application or on the web is
much easier to understand
BriMor Labs - 2016
108. BriMor Labs - 2016
Golf data viewed on Microsoft Health app
Microsoft Health
app
109. Microsoft Health
• Same methodology can be applied for all “tracking”
aspects
– Running
– Workouts
– Sleep
– Calories
– Etc.
BriMor Labs - 2016
110. BriMor Labs - 2016
Look at database for file associated with “Sleeping”
b0d94bd7-4b17-46f9-9733-090aebcbf0ae
Microsoft Band 2 storage
(Android mobile device)
111. Microsoft Band 2 storage
(Android mobile device)
BriMor Labs - 2016
Browse to “com.microsoft.kapp/files/responseCache/b0d94bd7-
4b17-46f9-9733-090aebcbf0ae”
115. Future development
(DEPENDENT ON FREE TIME)
• Check out a post by b0nb0n on jailbreaking the
Microsoft fitness band
– http://www.b0n0n.com/2016/04/20/ms-jailbreak/
• NOTE: This was done with the original Microsoft Band,
my limited testing has been unsuccessful thus far on the
Band 2
BriMor Labs - 2016