Archive for the ‘iPhone’ Category

« Older Entries

Running Concurrent Versions of iTunes

Tuesday, May 11th, 2010

In my forensics classes, I get a lot of requests for help to run two different versions of iTunes, as different versions provide different functionality and interoperability depending on the device and firmware version. This is a quick how-to to set up a Mac with iTunes 9 and iTunes 8.1.1 in such a way that you can run a simple shell command to switch between the two, with a reboot in-between. The following files/directories are specific to each version of iTunes. As a result, you’ll need a separate copy for each version you want to switch between:

  • /Applications/iTunes.app
  • /System/Library/PrivateFrameworks/iTunesAccess.framework
  • /System/Library/PrivateFrameworks/MobileDevice.framework
  • /System/Library/PrivateFrameworks/DeviceLink.framework
  • /System/Library/PrivateFrameworks/CoreFP.framework
  • /System/Library/Extensions/AppleMobileDevice.kext
  • ~/Music/iTunes

What we’ll do is install iTunes 9, move these files into an archive, then install iTunes 8.1.1 and do the same. Using symbolic links, you’ll be able to set up an alias to simply point to the desired version of iTunes.
(more…)

Posted in Forensics, General, iPhone | No Comments »

Al Capone’s Original Thompson Machine Gun

Tuesday, May 4th, 2010

Just when I thought my trip to Chicago would be average, some of the sergeants at the Chicago Police Training Academy, whom I’m training in iPhone forensic investigative methods, took me to the firing range in the basement and brought out an old dusty case. What came out of that case was an amazing piece of American history – Al Capone’s original Thompson submachine gun. As each class member took a hold of it for a photo-op, an immediate sense of joy came across their faces. Just looking at it made me excited and anxious too, but when I saw the rangemaster loading magazines, I realized this was going to be more than just a lesson in history. He took me to the firing line, gave me a quick talk about its function, then handed the beautiful antique to me as the the rest of the class smooshed their faces into the glass to get a peek. For a relic, the piece shoots remarkably well, and is probably the smoothest fully automatic firearm I’ve ever fired. We riddled a few targets full of .45 caliber bullets, then emerged much safer than when the two cardboard cutouts were walking the streets.

Tags: , ,
Posted in General, iPhone | No Comments »

Ballistic: iPhone’s Favorite Ballistics Computer

Friday, February 5th, 2010

Ballistic has come quite a long way since version 1.0. The victim of a $5.99 theft in the App Store, Ballistic was the antidote to a headache created by what was, at the time, the only iPhone app that had the gaul to call itself a ballistics calculator (and inaccurately, mind you). Today, Ballistic is beloved by avid hunters, top competition shooters, and even the military. And unlike some of the competing applications in the App Store, we didn’t have to fuglify Ballistic with olive drab green themes to make it look more commando-fashionable, add silly pictures showing the user how to hold their gun, or cutesy icons to show you which way the wind was blowing. Why? Because Ballistic is an application for shooters. Ballistic’s success has shown that shooters are smarter than your average consumer, and demand a rugged, high performance ballistics computer – not a toy app. Ballistic has led the way in new and revolutionary features the competition has sought to copy to stay afloat. With version 2.x, Ballistic incorporated the world renowned JBM ballistics engine, which is the gold standard other ballistics applications use to measure their own performance. Ballistic’s best days are still to come. So my question to the intelligent and experienced crowd out there using my application is: What do you want next?

Here are the rules. Whatever features you ask for have to be something a large portion of the user base would use; it can’t be a personal preference feature. Features must increase a shooter’s capabilities, rather than decrease them by dumbing the shooter down (for example: no pretty pictures). Features must overall make the application something more usable in the field, but without making the application more complicated to use. Finally, all features must be useful, and not just “cool”. Have at it and post your comments here!

Posted in iPhone | 5 Comments »

iPhone Forensic Method FAQ

Thursday, September 17th, 2009

A few have written in with questions about the latest version of the “Zdziarski” method of iPhone forensic recovery, which is used in the automated tools available free to law enforcement agencies worldwide. This is a quick rundown of the most frequently asked questions.

Q. Does this method “jailbreak” the device?
No. In fact, the latest method has an extremely lightweight footprint and the device will boot back into its normal operating mode once the imaging process is complete. The latest methods do not rewrite the operating system, do not patch the NOR, do not patch the kernel, do not grant the examiner access to the device, and do not require a system restore. All of the available automated forensic tools on this site have been updated to use these new methods. The new technique does not even use the 24KPWN exploit, widely touted by the hacking community.

(more…)

Posted in Forensics, iPhone | 1 Comment »

Bypassing iPhone 3G[s] Encryption

Friday, July 24th, 2009

Bypassing Passcode and Backup Encryption:
    http://www.youtube.com/watch?v=5wS3AMbXRLs

Forensic Recovery of Raw Disk:
    http://www.youtube.com/watch?v=kHdNoKIZUCw

What Data Can You Steal From an iPhone in 2 Minutes?
    http://www.youtube.com/watch?v=34f47m-lYSg

These YouTube videos demonsrate just how easy it is to bypass the passcode and backup encryption in an iPhone 3G[s] within only a couple of minutes’ time. A second video shows how easily tools can pull an unencrypted raw disk image from the device. The seriousness of the iPhone 3G[s]‘ vulnerabilities may make enterprises and government agencies think twice before allowing these devices to contain confidential data. Apple has been alerted to and aware of these vulnerabilities for many years, across all three models of iPhone, but has failed to address them.

The 3G[s] has penetrated the government/military markets as well as top fortune-100s, possibly under the misleading marketing term “hardware encryption”, which many have taken at face value. Serious vulnerabilities such as these threaten to put our country’s national security at risk. Apple’s only fix thus far has been to consistently put a few nails on the front door, but they have thus far failed to fix the major underlying design issues that allow for this threat. Unfortunately, the only way Apple seems to listen is through addressing such problems publicly, as all previous attempts to talk with them have failed. I sincerely hope they fix these issues before a breach occurs.

Posted in Forensics, iPhone | No Comments »

iPhone Forensics Research for Law Enforcement

Tuesday, July 21st, 2009

Law enforcement agencies have the toughest challenge in mobile forensics: not only do they have to get data off the phone of a pedophile, rapist, or murderer, but they have to do it in a forensically sound manner that can be reproduced and explained in a court of law. I have created a new site, iphoneinsecurity.com to make all of my latest research and automated tools to iPhone forensics available to law enforcement agencies. I require that those with access be full time, sworn officers with agencies having arrest and search and seizure powers. A contact address also exists to request access. In addition to the restricted content, many public articles and announcements are also posted by law enforcement officers and other experts in the field, so head on over and check it out.

Posted in Forensics, iPhone | No Comments »

Seven Deadly iPhone Sins: What Every Enterprise Should Know

Tuesday, July 14th, 2009

With buzzwords like, “hardware encryption” and “remote wipe”, many enterprises have been misled into believing that the iPhone 3G[s] is secure enough to store confidential correspondence or other information. Apple is no doubt pushing the enterprise market, but is the iPhone truly secure enough?

While this subject truly warrants a complete white paper, take the following points into consideration. The following apply not only to the iPhone 3G[s], but also to earlier generation devices. Here are the top seven things every enterprise should know about the iPhone:

(more…)

Posted in Forensics, iPhone | No Comments »

Good White Paper on iPhone Forensic Methods

Sunday, July 5th, 2009

Andrew Hoog, Chief Investigative Officer at Via Forensics, put together a good summation of the available forensics techniques for recovering data from the iPhone. This paper is a few months old, so it doesn’t cover my latest USB method (which is much faster and easier), but he does cite my original method from the book, along with some other useful methods. Depending on what kind of information you want to get, there are different techniques you can use. Andrew has informed me this paper will be updated shortly so keep an eye out for a new edition.

Posted in Forensics, iPhone | No Comments »

Jailbreaking a Security Threat? Really?

Wednesday, July 1st, 2009

Someone sent me a copy of this MacWorld article in which Charlie Miller makes the claim that jailbreaking is a threat to ecurity (I left off the ‘s’ because apparently they stole it for the new iPhone). Does Charlie really believe that DRM is healthy for a computer system? It seems that having disclosed the SMS vulnerability, he should know more than most that application signing provides more copyright control than it does actual security. Ironically, most exploits such as SMS and Safari exploits have the potential to affect every single iPhone user with a vulnerable version of firmware – whether it’s jailbroken or not.

(more…)

Posted in Security, iPhone | No Comments »

iErase: Zero Free Space

Monday, March 23rd, 2009

After a ridiculously long three long months of waiting, iErase: Zero Free Space is finally available in the App Store. Buy it now in the iTunes App Store.

The first and only app for the 99.9% of us law abiding citizens who deserve better privacy.

Want to make sure a deleted confidential email or embarrassing photo is purged forever from your iPhone, but don’t want to go through the inconvenience of wiping the entire device? Simply deleting a file doesn’t guarantee it’s gone for good. Protect your deleted data from being recovered by hacking tools and prying eyes, or in the event your iPhone is stolen.

iErase is a simple utility for zeroing out the free space on your iPhone without performing a full reset of your content and settings. The tool does not delete any live files, but uses the same method that Mac OS X uses to zero free space: it creates a large temporary file, which writes zeroes over the free space where deleted files can still reside. On the iPhone, this occurs within the application’s sandbox, but because all applications share the same free space, the entire iPhone user partition is cleansed, forever purging deleted photos, email, voicemail, and other deleted files – without having to reset all your content and settings.

Posted in Forensics, Security, iPhone | No Comments »

« Older Entries