Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wearable Device Forensics


Published on

Presentation at CEIC 2014, Las Vegas, Nevada - Finding Data on Wearable Computing Devices. Forensics on Google Glass, Samsung Galaxy Gear, Jawbone Up, and Omate Truesmart.

Published in: Engineering

Wearable Device Forensics

  1. 1. Finding Data on Wearable Computing Devices Steve Watson PUBLIC Presented 20 May 2014 At CEIC 2014
  3. 3. Disclaimer The opinions expressed and materials shared in this presentation are my own and may not reflect the opinions, policies, nor procedures of my employer.
  4. 4. D i g i t a l C r i m e s c e n e o f t h e f u t u r e EMERGING CLOUD LEGACY
  5. 5. What is a Wearable computing device?
  6. 6. 6 Video: First Bank – Get Back to the Real World WAMCoPdl
  7. 7. Why are we talking about this?
  8. 8. Database of wearable devices
  9. 9. Use Cases Multiple players:  Quantified Self ▫ Fitness ▫ Health  Technology extension/accessory First glimpses:  Lifelogging  Authentication
  10. 10. Form Factors Current:  Head mounted  Wrist mounted  Body mounted  Jewelry Future:  Ingestable  Implantable
  11. 11. Photo Credits (clockwise): Google, Google Glass Recon Instruments, Recon Jet LaForge Optical, Icis model Innovega, iOptik Google, smart contact lens
  12. 12. Photo Credits (clockwise): Fin Cubit Cellini, CSR prototype Sign Language Ring
  13. 13. Photo Credits (clockwise): KGPS, hereO Omate Truesmart FiLip Nike FuelBand Jawbone UP Samsung Galaxy Gear
  14. 14. Photo Credits (clockwise): Proteus MC10, Biostamp QardioArm, QuardioCore
  15. 15. Connectivity Network accessible  Standalone network capability  Tethered to another device for connectivity Non-network accessible  Tethered to another device to provide data real-time  Local storage
  16. 16. Connectivity network accessible “smart” device Direct connection to internet via mobile modem or WiFi Standalone, independent device Internet Example: Omate Truesmart Mobile WiFi
  17. 17. Connectivity network accessible “Tethered” device Tethered connection to internet via Bluetooth or WiFi Tethered to another device for connectivity Application parses data to/from device Internet Example: Samsung Galaxy Gear Bluetooth Mobile WiFi
  18. 18. Connectivity non-network accessible device Fitness and health devices Data fed to application on device Data capture continues when device is disconnected Example: Jawbone UP USB Bluetooth
  19. 19. Common features among Wearables Operating system differences Simple, low power microprocessors Early entries to market –  Local storage or tethered to another device for connectivity Expect –  More smart devices with independent network access abilities
  20. 20. Four devices overview DEVICES FORM FACTOR OS STORAGE CONNECTION Google Glass head-mounted Android local, phone, cloud WiFi, Bluetooth Omate Truesmart wrist-mounted Android local 3G, WiFi, Bluetooth Samsung Galaxy Gear wrist-mounted Android local, phone Bluetooth Jawbone UP wrist-mounted proprietary local, phone, cloud physical
  21. 21. Four devices Connectivity DEVICES CONNECTIVITY MODEL Google Glass network accessible tethered device Omate Truesmart network accessible smart device Samsung Galaxy Gear network accessible tethered device Jawbone Up non-network accessible device
  22. 22. Where to start Where does the device store data? What is the operating system? How does the device connect for setup, configuration or connection? Is there any protection to access the data on the device?
  23. 23. Google Glass
  24. 24. Specifications – Google glass OPERATING SYSTEM Android 4.0.4 DISPLAY 640 x 360 pixel PROCESSOR OMAP 4430 SoC, dual-core RAM 1GB RAM INTERNAL STORAGE 16GB (12GB useable) EXTERNAL STORAGE - SIM - NETWORK tethered and standalone (WiFi) CONNECTIVITY Bluetooth, WiFi, USB
  25. 25. Teardown Photos 16GB storage onboard Photo Credit, Additional Information: Catwig
  26. 26. Where Can The Data Go Google Glass Local storage Tethered mobile device Google Account Other cloud locations
  27. 27. Cloud Account
  28. 28. Mobile Application “MyGlass” Data location: /userdata/data/ companion Application: /userdata/app/ ompanion-1.apk On iOS, “MyGlass for iOS” (iOS)
  29. 29. How to Access the Data None of the mobile vendors have a bootloader yet. But…it’s Android… Enable USB debug - Link to detail instructions
  30. 30. File Structure Google Glass In your favorite mobile forensics tool, Find the options for: Android 4.x Android Smart Phone Android FS extraction or use Google ADB backup.
  31. 31. Omate truesmart
  32. 32. Specifications – OMATE TRUESMART OPERATING SYSTEM Android 4.2, Omate UI 1.0 DISPLAY 240 x 240 pixel PROCESSOR Dual core ARM Cortex-A7, 1.0 or 1.3Ghz RAM 512MB or 1024MB RAM (Extreme Edition) INTERNAL STORAGE 4GB or 8GB RAM (Extreme Edition) EXTERNAL STORAGE microSD SIM Micro SIM NETWORK 2G Quad Band: 900/1800/ 850/1900 GSM, GPRS, EDGE 3G Mono band: 2 versions 2100 (Europe) or 1900 (US) UMTS, HSDPA, HSUPA, HSPA, HSPA+ CONNECTIVITY Bluetooth, WiFi, USB
  33. 33. Teardown Photo
  34. 34. Where Can The Data Go Omate Truesmart Local storage micro SD Full mobile capabilities
  35. 35. How to Access the Data Omate truesmart Enable USB debug - Link to detail instructions Notes for the techies: Very sensitive to the micro-USB cable. Significant driver issues with adb backup. Cellebrite and XRY both collect successfully
  36. 36. Samsung galaxy gear
  37. 37. Specifications – Samsung galaxy gear OPERATING SYSTEM Android DISPLAY 320x 320 pixel PROCESSOR Single-core 800 Mhz ARM RAM 512MB RAM INTERNAL STORAGE 4GB EXTERNAL STORAGE - SIM - NETWORK tethered CONNECTIVITY Bluetooth, USB
  38. 38. Teardown Photos
  39. 39. Where Can The Data Go Samsung Galaxy gear Local storage Tethered mobile device Other cloud locations
  40. 40. Mobile Application Gear Manager Application App: /Root/app/ atchmanager-1.apk App data: /Root/data/ atchmanager/ Photos: /Root/media/0/DCIM/Camera/Galaxy_G ear/20140312_220623.jpg
  41. 41. How to Access the Data Samsung galaxy gear Enable USB debug - Link to detail instructions Notes for the techies: Find the charging dock!
  42. 42. Jawbone up
  43. 43. Specifications and Teardown Jawbone UP
  44. 44. Where Can The Data Go Jawbone up Local storage Tethered mobile device Cloud account
  45. 45. Application Controlling Device Jawbone up
  46. 46. Cloud Account Jawbone up 1. Login to account at 2. Click the profile 3. Click the devices
  47. 47. Mobile application Jawbone up iOS application: com.aliphcom.Armstrong iOS location: /Data/Data/mobile/Applications/[applic ation id]/Library/[user id]/CoreData/Armstrong.sqlite
  48. 48. Next Steps Jawbone UP Retrieve data off of the Jawbone UP Obstacles: Proprietary operating system on the device. Non-standard connection. No existing documentation – vendor or community.
  49. 49. Summary This is just the beginning. We have options. We need to challenge our vendors to be ready for what is coming.
  50. 50. Thank you Contact Options: 01100110 01101111 01110010 01100101 01101110 01110011 01101001 01100011 01000000 01110011 01110100 01100101 01110110 01100101 01110111 01100001 01110100 01110011 01101111 01101110 00101110 01101110 01100101 01110100 Twitter @stevewatson LinkedIn - watsonsteve
  51. 51. Reference slides 1. Google Glass – Enable debug 2. Google Glass - ADB backup or Vendor collection via ADB 3. Omate Truesmart – Enable debug 4. Samsung Galaxy Gear - Tether to mobile device 5. Samsung Galaxy Gear – Enable debug
  52. 52. Please reach out for assistance, additional information or for access to the remainder of the slides in backup material. Where is the rest of the slide deck? 60