SlideShare a Scribd company logo

Who Watches the Smart Watches

Download as PPTX, PDF
B
BriMorLabs

This document provides an overview of research conducted on the Pebble Time and Microsoft Band 2 smartwatches. It describes the hardware and software used, data storage locations on Android devices, and examples of parsed health and notification data. The document emphasizes that smartwatch data can be valuable for investigations and recommends clearing notifications regularly to help protect privacy. Future research goals include analyzing network traffic and expanding the open source Perl script to parse additional watch data.

Technology
1 of 79
Brian Moran Digital Strategy Consultant - BriMor Labs Millersville, Maryland JUNE 24 2016
A Brief List of Topics • Why use these confounded devices? • Pebble Time – Data on phone • Microsoft Band 2 – Data on phone • Ways to protect your data • Future research goals • Questions/Comments (if time permits) BriMor Labs - 2016
The Introductory Introduction • Hello, my name is Brian Moran – Hi Brian! • 13 years Air Force Active Duty – 10 years mobile exploitation/DFIR experience • Co-winner: Unofficial Forensic 4Cast Awards 2012 -- Best Photoshop of Lee Whitfield • Worked here…. BriMor Labs - 2016
The Introductory Introduction BriMor Labs - 2016
Hardware Used • Samsung Galaxy Note II (SCH-i605) – rooted – Running Android 4.4.2 • Pebble Time – Running 3.10 • Microsoft Band 2 – Running 2.0.4215.0 26R BriMor Labs - 2016
Software Used • ES File Explorer app – Android – Version 4.0.4.5 • Microsoft Health app – Android – Version 1.3.20213.1 • Pebble Time app – Android – Version 3.10.0-976-0c219e8 • SQLite Spy – Version 1.9.6 • Hex Workshop – Version 6.8.0.5419 • Perl/Python BriMor Labs - 2016
iOS data shout out • Special thanks to likely 2017 Forensic 4Cast Awards “Digital Forensic Book of the Year” nominee Heather Mahalik for providing me Pebble related iOS data* – Let’s make this happen! *Only cost me a couple pairs of LuLaRoe leggings BriMor Labs - 2016
BriMor Labs - 2016
What Was NOT Used • Cellebrite – Don’t want to rely on ~$10k worth of equipment • During the course of this research, no lying dormant cyber pathogens were harmed BriMor Labs - 2016
Why not Apple/Samsung/LG/etc? • Wanted to choose smartwatches that can be used regardless of brand of phone or phone operating system • Microsoft Band 2 – Android, iOS, Windows Phone • Pebble – Android, iOS, “unofficial official” Windows Phone BriMor Labs - 2016
Why use smart watches? • Helpful notifications (especially when driving) BriMor Labs - 2016
Why use smart watches? BriMor Labs - 2016
Why use smart watches? BriMor Labs - 2016
Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016
Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Inactive and out of shape
Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Lee Whitfield – “Brotato Chip” version
Why use smart watches? BriMor Labs - 2016Tracking a weekend bike ride
Why use smart watches? BriMor Labs - 2016Tracking a round of golf
Why use smart watches? BriMor Labs - 2016Tracking your run
Why use smart watches? BriMor Labs - 2016Remotely change music from this …
BriMor Labs - 2016… to this
Why use smart watches? BriMor Labs - 2016Tracking your sleep
Pebble Time Specs • Processor: ST Micro STM32F439ZG 180 MHz ARM Cortex-M4-based-MCU (100 MHz, single core) • Storage: Spansion S29VS128R 128MB, 65 nm MirrorBit Flash • Display: 1.25” color e-paper screen (144 x 168 pixels, 182 ppi) • Battery: 150 mAh, (average battery life of 7 days) • Bluetooth: TBD • Source: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382 BriMor Labs - 2016
Pebble Time storage (Android mobile device) • Path: /data/data/com.getpebble.android.basalt – Make sure it is NOT “emulated” BriMor Labs - 2016
BriMor Labs - 2016
• “datadatacom.getpebble.android.basaltdatabase spebble” is primary file of interest – SQLite database (as are most files on mobile devices these days) – Easy to view in any SQLite viewer or parse via scripting languages BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “android_apps” contains a listing of every application and application version installed on the device • Information is obviously needed for notifications sent to Pebble • Useful location if looking for an application/version BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “notifications” contains a listing of every notification that happened on the mobile device • Data is stored by Pebble app regardless of it is sent to the device or not • Can obviously contain INCREDIBLY useful information – NOTE: Database does get cleaned when user chooses to clear all notifications BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “timeline_items” contains a listing notifications actually sent to device • This data is stored as json inside of a SQLite database BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “weather_locations” contains a list of “locations” that the device receives weather updates • Can be useful to determine if an individual was in a certain place at a certain time BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• SMS message notifications are stored under “notifications” table. – The “package_name” is bank, the “SOURCE” is “SMS” • Remember, this can potentially contain messages that were deleted from the phone but stored within this database! BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016 Pebble Time storage (Android mobile device)
• Obligatory Pebble data on iOS devices slides • Main database of interest is named “PBMyPebbleAppDataCoreDataManager.sqlite” BriMor Labs - 2016 Pebble Time storage (iOS mobile device)
BriMor Labs - 2016
Microsoft Band 2 Specs • Processor: ARM Cortex M4 MCU CPU • Storage: 64MB onboard storage • AMOLED Gorilla Glass 3 screen, 12.8mm x 32mm (0.5” x 1.25”), 320 x 128 pixels, 255ppi • Battery: Lithium Polymer battery (average battery life 48 hours) • Bluetooth: Bluetooth 4.0 • GPS • Source: http://www.pcadvisor.co.uk/review/activity-trackers/microsoft-band- vs-band-2-comparison-3626883/#productSpecificationFull BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Path: /data/data/com.microsoft.kapp – Make sure it is NOT “emulated” BriMor Labs - 2016
BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Primary folder of interest is “responseCache” – Found under “com.microsoft.kapp/files” • Folder contains files in json format with GUID type names – Names correlate to entries in SQLite database “cache.sqlite” found under the path “com.microsoft.kapp/databases” – IMPORTANT NOTE: Not all names have an entry, depending on Band usage BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Data in SQLite database notes a file related to “Golf” is stored as “/data/data/com.microsoft.kapp/files/responseCac he/9524a205-d3d6-4d7c-ad31-cbfba2e25840” BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Highlights – Distance is stored in “cm” – Par was 71 – Total score was 85 – Scored par or better on 10 holes (Had a good front nine (+2), but ran into trouble on the back. Not too bad all in all considering I have an exploded hip) BriMor Labs - 2016
Microsoft Health - website BriMor Labs - 2016
Microsoft Health - website BriMor Labs - 2016
Microsoft Health - website • Remember the text data from golfing earlier? • The data viewed in the application or on the web is much easier to understand BriMor Labs - 2016
Microsoft Health BriMor Labs - 2016 Golf data viewed on Microsoft Health website
BriMor Labs - 2016 Golf data viewed on Microsoft Health app Microsoft Health app
Microsoft Health • Same methodology can be applied for all “tracking” aspects – Running – Workouts – Sleep – Calories – Etc. BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Look at database for file associated with “Sleeping” b0d94bd7-4b17-46f9-9733-090aebcbf0ae
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Browse to “com.microsoft.kapp/files/responseCache/b0d94bd7-4b17- 46f9-9733-090aebcbf0ae”
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Raw sleep data on mobile device
Microsoft Health - website BriMor Labs - 2016 Sleep data viewed on Microsoft Health website NOTE: Asleep at 12:04AM
Microsoft Health app BriMor Labs - 2016 Sleep data viewed on Microsoft Health app NOTE: Asleep at 12:05 AM
Important Take Away • Smart watches are essentially content notification devices – Require another device (smart phone) to “fully” work • Most of the interesting data will be stored on the mobile device itself • Connected apps/websites can have even MORE data! BriMor Labs - 2016
Important Take Away • Time(s) are dependent on exact time on device/platform being analyzed – Fell asleep at 12:04AM according to website – Fell asleep at 12:05AM according to app • Trust the raw data, but be prepared for slight time skew • No current method to “secure” most smart watches – It pains me to say this, but it is one thing that Apple got right BriMor Labs - 2016
Important Take Away • If you are going to do something bad, don’t wear a smartwatch/fitness tracker • Additionally, if you are going to lie about something bad happening to you, don’t wear a smartwatch/fitness tracker BriMor Labs - 2016
Protecting your data • Only turn on notifications you want to record – NOTE: iOS will not allow the user to modify some notification settings • Open Pebble app on mobile device – Navigate to “Notifications” – Select “View All Apps” – Change slider from blue (on) to gray (off) accordingly BriMor Labs - 2016
BriMor Labs - 2016
Protecting your data • Clear notifications on a regular basis • On Pebble device, – Navigate to “Notifications” – Select “Clear All” • NOTE: You must have at least one notification on the Pebble device to clear the SQLite table on the mobile device BriMor Labs - 2016
Protecting your data BriMor Labs - 2016
Protecting your data • Don’t sync health care data/records with any applications – If you do, and you lose control of your own PII/PHI, you could theoretically be held liable for losing your own data BriMor Labs - 2016
Protecting your data • Use strong password(s) for your accounts • Don’t reuse passwords – Especially for 2nd/3rd party apps BriMor Labs - 2016 Examples of BAD passwords
Future development (DEPENDENT ON FREE TIME) • allyourpebblearebelongtous.pl – ETA late June 2016 – Wait. That’s now!! • allyourband2arebelongtous.pl – ETA TBD, In progress • Why Perl? – Easier for me – Want Cellebrite to at least do a little work to make money off of open source research  BriMor Labs - 2016
allyourpebblearebelongtous.pl • Give the script a pebble database & output folder and let it run • Tries to figure out if it is iOS or android & parses data accordingly BriMor Labs - 2016 NOW FEATURING IOS PARSING CAPABILITIES!!
allyourpebblearebelongtous.pl BriMor Labs - 2016 Screenshot of script running
allyourpebblearebelongtous.pl • Produces easy to read HTML output for: – Android • Applications • Canned responses • Notifications • Phone numbers – iOS • Notifications BriMor Labs - 2016
Android- Output of parsed notifications BriMor Labs - 2016
iOS- Output of parsed notifications BriMor Labs - 2016
Future development (DEPENDENT ON FREE TIME) • Collect more data and do more experimentation – Capturing traffic to/from smart watches is my next goal – Doing this after hip surgery will help considerably  • Expand to other smart watches (maybe?) BriMor Labs - 2016
Future development (DEPENDENT ON FREE TIME) • Check out a post by b0nb0n on jailbreaking the Microsoft fitness band – http://www.b0n0n.com/2016/04/20/ms- jailbreak/ • NOTE: This was done with the original Microsoft Band, my limited testing has been unsuccessful thus far on the Band 2 BriMor Labs - 2016
Questions? Contact Us! Email: brian@brimorlabs.com Phone: 443.834.8280 Website: www.brimorlabs.com Blog: www.brimorlabsblog.com Twitter: @BriMorLabs (work) @brianjmoran (personal) BriMor Labs - 2016

Recommended

BriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCONBriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCON
BriMorLabs
 
Who Watches The Smart Watches
Who Watches The Smart WatchesWho Watches The Smart Watches
Who Watches The Smart Watches
BriMorLabs
 
BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response Collection
BriMorLabs
 
Live Response Collection Overview
Live Response Collection OverviewLive Response Collection Overview
Live Response Collection Overview
BriMorLabs
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1
Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to be
Michael Gough
 
T3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gateT3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gate
James Lanyon
 
Brush Rabbits
Brush RabbitsBrush Rabbits
Brush Rabbits
jabernethy
 

Recommended

BriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCONBriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCON
BriMorLabs
 
Who Watches The Smart Watches
Who Watches The Smart WatchesWho Watches The Smart Watches
Who Watches The Smart Watches
BriMorLabs
 
BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response Collection
BriMorLabs
 
Live Response Collection Overview
Live Response Collection OverviewLive Response Collection Overview
Live Response Collection Overview
BriMorLabs
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1
Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to be
Michael Gough
 
T3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gateT3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gate
James Lanyon
 
Brush Rabbits
Brush RabbitsBrush Rabbits
Brush Rabbits
jabernethy
 
Diploma Certificate
Diploma CertificateDiploma Certificate
Diploma CertificateBalaMurugan Ramalingam
 
Tics
TicsTics
Ticsguestdd180bdf
 
Darkness
DarknessDarkness
Darknesspeekay30
 
Romantische restaurants
Romantische restaurantsRomantische restaurants
Romantische restaurantsJose Pinto Cardoso
 
certifikat training
certifikat trainingcertifikat training
certifikat trainingIsyaf Syafrudin
 
Kurz práce s informacemi
Kurz práce s informacemiKurz práce s informacemi
Kurz práce s informacemikittttynka
 
Sad Sea Horizons
Sad Sea HorizonsSad Sea Horizons
Sad Sea Horizons
peekay30
 
Meghalaya's Environment
Meghalaya's EnvironmentMeghalaya's Environment
Meghalaya's EnvironmentEFI
 
Cheetahs
CheetahsCheetahs
Cheetahs
jabernethy
 
Nervio Abducens
Nervio AbducensNervio Abducens
Nervio Abducens
Andrea Morales Loyo
 
My food chain story
My food chain storyMy food chain story
My food chain story
jabernethy
 
Equipos dinamicos
Equipos dinamicosEquipos dinamicos
Equipos dinamicos
JoseGLara00
 
Autoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuAutoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuPauloVitro
 
American Robin
American RobinAmerican Robin
American Robin
jabernethy
 
How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015
IsobarUS
 
Apple Watch App Concepts
Apple Watch App ConceptsApple Watch App Concepts
Apple Watch App Concepts
Jose Coronado
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Started
intive
 
A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoring
Michael Dawson
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
Shakacon
 
Turning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesTurning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditches
Ram Fish
 
Mobile App Security: A Review
Mobile App Security: A ReviewMobile App Security: A Review
Mobile App Security: A Review
Umang Singh
 
Let's understand Data Science
Let's understand Data Science Let's understand Data Science
Let's understand Data Science
Sachin Rastogi
 

More Related Content

Viewers also liked

Kurz práce s informacemi
Kurz práce s informacemiKurz práce s informacemi
Kurz práce s informacemikittttynka
 
Sad Sea Horizons
Sad Sea HorizonsSad Sea Horizons
Sad Sea Horizons
peekay30
 
Meghalaya's Environment
Meghalaya's EnvironmentMeghalaya's Environment
Meghalaya's EnvironmentEFI
 
Cheetahs
CheetahsCheetahs
Cheetahs
jabernethy
 
Nervio Abducens
Nervio AbducensNervio Abducens
Nervio Abducens
Andrea Morales Loyo
 
My food chain story
My food chain storyMy food chain story
My food chain story
jabernethy
 
Equipos dinamicos
Equipos dinamicosEquipos dinamicos
Equipos dinamicos
JoseGLara00
 
Autoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuAutoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuPauloVitro
 
American Robin
American RobinAmerican Robin
American Robin
jabernethy
 
How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015
IsobarUS
 
Apple Watch App Concepts
Apple Watch App ConceptsApple Watch App Concepts
Apple Watch App Concepts
Jose Coronado
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Started
intive
 

Viewers also liked (17)

Diploma Certificate
Diploma CertificateDiploma Certificate
Diploma Certificate
 
Tics
TicsTics
Tics
 
Darkness
DarknessDarkness
Darkness
 
Romantische restaurants
Romantische restaurantsRomantische restaurants
Romantische restaurants
 
certifikat training
certifikat trainingcertifikat training
certifikat training
 
Kurz práce s informacemi
Kurz práce s informacemiKurz práce s informacemi
Kurz práce s informacemi
 
Sad Sea Horizons
Sad Sea HorizonsSad Sea Horizons
Sad Sea Horizons
 
Meghalaya's Environment
Meghalaya's EnvironmentMeghalaya's Environment
Meghalaya's Environment
 
Cheetahs
CheetahsCheetahs
Cheetahs
 
Nervio Abducens
Nervio AbducensNervio Abducens
Nervio Abducens
 
My food chain story
My food chain storyMy food chain story
My food chain story
 
Equipos dinamicos
Equipos dinamicosEquipos dinamicos
Equipos dinamicos
 
Autoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuAutoretrato Paulovitro Bataguassu
Autoretrato Paulovitro Bataguassu
 
American Robin
American RobinAmerican Robin
American Robin
 
How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015
 
Apple Watch App Concepts
Apple Watch App ConceptsApple Watch App Concepts
Apple Watch App Concepts
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Started
 

Similar to Who Watches the Smart Watches

A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoring
Michael Dawson
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
Shakacon
 
Turning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesTurning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditches
Ram Fish
 
Mobile App Security: A Review
Mobile App Security: A ReviewMobile App Security: A Review
Mobile App Security: A Review
Umang Singh
 
Let's understand Data Science
Let's understand Data Science Let's understand Data Science
Let's understand Data Science
Sachin Rastogi
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
Cellebrite
 
Silicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDBSilicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDB
Daniel Coupal
 
Building Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine LearningBuilding Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine Learning
David Walker, CSM,CSD,MCP,MCAD,MCSD,MVP
 
Dr Di Liu - BOLD Mirror Setup
Dr Di Liu - BOLD Mirror SetupDr Di Liu - BOLD Mirror Setup
Dr Di Liu - BOLD Mirror Setup
Consortium for the Barcode of Life (CBOL)
 
Use Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data ClustersUse Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data Clusters
Databricks
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
Beyond Tomorrow
Beyond TomorrowBeyond Tomorrow
Beyond Tomorrow
Dotitude
 
Wearable Computing Ecosystem
Wearable Computing EcosystemWearable Computing Ecosystem
Wearable Computing Ecosystem
Amish Gandhi
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?
Ken Tabor
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Advanced monitoring
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overview
Windows Developer
 
Wearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating SystemsWearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating Systems
Gil Bouhnick
 
Simplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your LogsSimplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your Logs
SolarWinds
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 

Similar to Who Watches the Smart Watches (20)

A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoring
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
Turning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesTurning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditches
 
Mobile App Security: A Review
Mobile App Security: A ReviewMobile App Security: A Review
Mobile App Security: A Review
 
Let's understand Data Science
Let's understand Data Science Let's understand Data Science
Let's understand Data Science
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
 
Silicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDBSilicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDB
 
Building Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine LearningBuilding Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine Learning
 
Dr Di Liu - BOLD Mirror Setup
Dr Di Liu - BOLD Mirror SetupDr Di Liu - BOLD Mirror Setup
Dr Di Liu - BOLD Mirror Setup
 
Use Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data ClustersUse Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data Clusters
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
Beyond Tomorrow
Beyond TomorrowBeyond Tomorrow
Beyond Tomorrow
 
Wearable Computing Ecosystem
Wearable Computing EcosystemWearable Computing Ecosystem
Wearable Computing Ecosystem
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overview
 
Wearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating SystemsWearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating Systems
 
Simplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your LogsSimplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your Logs
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Who Watches the Smart Watches

  • 1. Brian Moran Digital Strategy Consultant - BriMor Labs Millersville, Maryland JUNE 24 2016
  • 2. A Brief List of Topics • Why use these confounded devices? • Pebble Time – Data on phone • Microsoft Band 2 – Data on phone • Ways to protect your data • Future research goals • Questions/Comments (if time permits) BriMor Labs - 2016
  • 3. The Introductory Introduction • Hello, my name is Brian Moran – Hi Brian! • 13 years Air Force Active Duty – 10 years mobile exploitation/DFIR experience • Co-winner: Unofficial Forensic 4Cast Awards 2012 -- Best Photoshop of Lee Whitfield • Worked here…. BriMor Labs - 2016
  • 5.
  • 6. Hardware Used • Samsung Galaxy Note II (SCH-i605) – rooted – Running Android 4.4.2 • Pebble Time – Running 3.10 • Microsoft Band 2 – Running 2.0.4215.0 26R BriMor Labs - 2016
  • 7. Software Used • ES File Explorer app – Android – Version 4.0.4.5 • Microsoft Health app – Android – Version 1.3.20213.1 • Pebble Time app – Android – Version 3.10.0-976-0c219e8 • SQLite Spy – Version 1.9.6 • Hex Workshop – Version 6.8.0.5419 • Perl/Python BriMor Labs - 2016
  • 8. iOS data shout out • Special thanks to likely 2017 Forensic 4Cast Awards “Digital Forensic Book of the Year” nominee Heather Mahalik for providing me Pebble related iOS data* – Let’s make this happen! *Only cost me a couple pairs of LuLaRoe leggings BriMor Labs - 2016
  • 10. What Was NOT Used • Cellebrite – Don’t want to rely on ~$10k worth of equipment • During the course of this research, no lying dormant cyber pathogens were harmed BriMor Labs - 2016
  • 11. Why not Apple/Samsung/LG/etc? • Wanted to choose smartwatches that can be used regardless of brand of phone or phone operating system • Microsoft Band 2 – Android, iOS, Windows Phone • Pebble – Android, iOS, “unofficial official” Windows Phone BriMor Labs - 2016
  • 12. Why use smart watches? • Helpful notifications (especially when driving) BriMor Labs - 2016
  • 13. Why use smart watches? BriMor Labs - 2016
  • 14. Why use smart watches? BriMor Labs - 2016
  • 15. Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016
  • 16. Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Inactive and out of shape
  • 17. Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Lee Whitfield – “Brotato Chip” version
  • 18. Why use smart watches? BriMor Labs - 2016Tracking a weekend bike ride
  • 19. Why use smart watches? BriMor Labs - 2016Tracking a round of golf
  • 20. Why use smart watches? BriMor Labs - 2016Tracking your run
  • 21. Why use smart watches? BriMor Labs - 2016Remotely change music from this …
  • 22. BriMor Labs - 2016… to this
  • 23. Why use smart watches? BriMor Labs - 2016Tracking your sleep
  • 24. Pebble Time Specs • Processor: ST Micro STM32F439ZG 180 MHz ARM Cortex-M4-based-MCU (100 MHz, single core) • Storage: Spansion S29VS128R 128MB, 65 nm MirrorBit Flash • Display: 1.25” color e-paper screen (144 x 168 pixels, 182 ppi) • Battery: 150 mAh, (average battery life of 7 days) • Bluetooth: TBD • Source: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382 BriMor Labs - 2016
  • 25. Pebble Time storage (Android mobile device) • Path: /data/data/com.getpebble.android.basalt – Make sure it is NOT “emulated” BriMor Labs - 2016
  • 27. • “datadatacom.getpebble.android.basaltdatabase spebble” is primary file of interest – SQLite database (as are most files on mobile devices these days) – Easy to view in any SQLite viewer or parse via scripting languages BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 29. • Table “android_apps” contains a listing of every application and application version installed on the device • Information is obviously needed for notifications sent to Pebble • Useful location if looking for an application/version BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 31. • Table “notifications” contains a listing of every notification that happened on the mobile device • Data is stored by Pebble app regardless of it is sent to the device or not • Can obviously contain INCREDIBLY useful information – NOTE: Database does get cleaned when user chooses to clear all notifications BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 33. • Table “timeline_items” contains a listing notifications actually sent to device • This data is stored as json inside of a SQLite database BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 35. • Table “weather_locations” contains a list of “locations” that the device receives weather updates • Can be useful to determine if an individual was in a certain place at a certain time BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 37. • SMS message notifications are stored under “notifications” table. – The “package_name” is bank, the “SOURCE” is “SMS” • Remember, this can potentially contain messages that were deleted from the phone but stored within this database! BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 38. BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 39. • Obligatory Pebble data on iOS devices slides • Main database of interest is named “PBMyPebbleAppDataCoreDataManager.sqlite” BriMor Labs - 2016 Pebble Time storage (iOS mobile device)
  • 41. Microsoft Band 2 Specs • Processor: ARM Cortex M4 MCU CPU • Storage: 64MB onboard storage • AMOLED Gorilla Glass 3 screen, 12.8mm x 32mm (0.5” x 1.25”), 320 x 128 pixels, 255ppi • Battery: Lithium Polymer battery (average battery life 48 hours) • Bluetooth: Bluetooth 4.0 • GPS • Source: http://www.pcadvisor.co.uk/review/activity-trackers/microsoft-band- vs-band-2-comparison-3626883/#productSpecificationFull BriMor Labs - 2016
  • 42. Microsoft Band 2 storage (Android mobile device) • Path: /data/data/com.microsoft.kapp – Make sure it is NOT “emulated” BriMor Labs - 2016
  • 44. Microsoft Band 2 storage (Android mobile device) • Primary folder of interest is “responseCache” – Found under “com.microsoft.kapp/files” • Folder contains files in json format with GUID type names – Names correlate to entries in SQLite database “cache.sqlite” found under the path “com.microsoft.kapp/databases” – IMPORTANT NOTE: Not all names have an entry, depending on Band usage BriMor Labs - 2016
  • 45. Microsoft Band 2 storage (Android mobile device) • Data in SQLite database notes a file related to “Golf” is stored as “/data/data/com.microsoft.kapp/files/responseCac he/9524a205-d3d6-4d7c-ad31-cbfba2e25840” BriMor Labs - 2016
  • 46. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
  • 47. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
  • 48. Microsoft Band 2 storage (Android mobile device) • Highlights – Distance is stored in “cm” – Par was 71 – Total score was 85 – Scored par or better on 10 holes (Had a good front nine (+2), but ran into trouble on the back. Not too bad all in all considering I have an exploded hip) BriMor Labs - 2016
  • 49. Microsoft Health - website BriMor Labs - 2016
  • 50. Microsoft Health - website BriMor Labs - 2016
  • 51. Microsoft Health - website • Remember the text data from golfing earlier? • The data viewed in the application or on the web is much easier to understand BriMor Labs - 2016
  • 52. Microsoft Health BriMor Labs - 2016 Golf data viewed on Microsoft Health website
  • 53. BriMor Labs - 2016 Golf data viewed on Microsoft Health app Microsoft Health app
  • 54. Microsoft Health • Same methodology can be applied for all “tracking” aspects – Running – Workouts – Sleep – Calories – Etc. BriMor Labs - 2016
  • 55. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Look at database for file associated with “Sleeping” b0d94bd7-4b17-46f9-9733-090aebcbf0ae
  • 56. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Browse to “com.microsoft.kapp/files/responseCache/b0d94bd7-4b17- 46f9-9733-090aebcbf0ae”
  • 57. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Raw sleep data on mobile device
  • 58. Microsoft Health - website BriMor Labs - 2016 Sleep data viewed on Microsoft Health website NOTE: Asleep at 12:04AM
  • 59. Microsoft Health app BriMor Labs - 2016 Sleep data viewed on Microsoft Health app NOTE: Asleep at 12:05 AM
  • 60. Important Take Away • Smart watches are essentially content notification devices – Require another device (smart phone) to “fully” work • Most of the interesting data will be stored on the mobile device itself • Connected apps/websites can have even MORE data! BriMor Labs - 2016
  • 61. Important Take Away • Time(s) are dependent on exact time on device/platform being analyzed – Fell asleep at 12:04AM according to website – Fell asleep at 12:05AM according to app • Trust the raw data, but be prepared for slight time skew • No current method to “secure” most smart watches – It pains me to say this, but it is one thing that Apple got right BriMor Labs - 2016
  • 62. Important Take Away • If you are going to do something bad, don’t wear a smartwatch/fitness tracker • Additionally, if you are going to lie about something bad happening to you, don’t wear a smartwatch/fitness tracker BriMor Labs - 2016
  • 63.
  • 64.
  • 65. Protecting your data • Only turn on notifications you want to record – NOTE: iOS will not allow the user to modify some notification settings • Open Pebble app on mobile device – Navigate to “Notifications” – Select “View All Apps” – Change slider from blue (on) to gray (off) accordingly BriMor Labs - 2016
  • 67. Protecting your data • Clear notifications on a regular basis • On Pebble device, – Navigate to “Notifications” – Select “Clear All” • NOTE: You must have at least one notification on the Pebble device to clear the SQLite table on the mobile device BriMor Labs - 2016
  • 69. Protecting your data • Don’t sync health care data/records with any applications – If you do, and you lose control of your own PII/PHI, you could theoretically be held liable for losing your own data BriMor Labs - 2016
  • 70. Protecting your data • Use strong password(s) for your accounts • Don’t reuse passwords – Especially for 2nd/3rd party apps BriMor Labs - 2016 Examples of BAD passwords
  • 71. Future development (DEPENDENT ON FREE TIME) • allyourpebblearebelongtous.pl – ETA late June 2016 – Wait. That’s now!! • allyourband2arebelongtous.pl – ETA TBD, In progress • Why Perl? – Easier for me – Want Cellebrite to at least do a little work to make money off of open source research  BriMor Labs - 2016
  • 72. allyourpebblearebelongtous.pl • Give the script a pebble database & output folder and let it run • Tries to figure out if it is iOS or android & parses data accordingly BriMor Labs - 2016 NOW FEATURING IOS PARSING CAPABILITIES!!
  • 73. allyourpebblearebelongtous.pl BriMor Labs - 2016 Screenshot of script running
  • 74. allyourpebblearebelongtous.pl • Produces easy to read HTML output for: – Android • Applications • Canned responses • Notifications • Phone numbers – iOS • Notifications BriMor Labs - 2016
  • 75. Android- Output of parsed notifications BriMor Labs - 2016
  • 76. iOS- Output of parsed notifications BriMor Labs - 2016
  • 77. Future development (DEPENDENT ON FREE TIME) • Collect more data and do more experimentation – Capturing traffic to/from smart watches is my next goal – Doing this after hip surgery will help considerably  • Expand to other smart watches (maybe?) BriMor Labs - 2016
  • 78. Future development (DEPENDENT ON FREE TIME) • Check out a post by b0nb0n on jailbreaking the Microsoft fitness band – http://www.b0n0n.com/2016/04/20/ms- jailbreak/ • NOTE: This was done with the original Microsoft Band, my limited testing has been unsuccessful thus far on the Band 2 BriMor Labs - 2016
  • 79. Questions? Contact Us! Email: brian@brimorlabs.com Phone: 443.834.8280 Website: www.brimorlabs.com Blog: www.brimorlabsblog.com Twitter: @BriMorLabs (work) @brianjmoran (personal) BriMor Labs - 2016