[cryptography] Fwd: Re: Commercialized Attack Hardware on SmartPhones

Jacob Appelbaum jacob at appelbaum.net
Sun Mar 2 12:23:07 EST 2014


Hi Tom,

Have you seen the cellebrite gear and their forensics tools?

My understanding is that their UFED gear attempts to exploit various
bugs in phones.

 https://wikileaks.org/spyfiles/list/company-name/cellebrite.html

Here is one of their people talking about exploiting 0day bugs to gain
access to Android phones:

  http://thetrainingco.com/Techno-2013-PDF/TUESDAY/T1%20Horesh%20-%20Android%20Forensics.pdf

Also I'd encourage you to see these documents as well:

  http://www.ume-update.com/UFED/AndroidPhysicalExtractionFAQJune.pdf
  https://www.cellebrite.com/images/stories/support%20files/UME36_Manual.pdf

They also appear to host events to discuss their bootloader
exploitation techniques:

  http://www.eventbrite.com/o/cellebrite-usa-2029526933

There are lots of other vendors that are similar. I've also had people
approach me about Cold Boot attack weaponizing - I always decline.
However - some of those people are certainly offering "boutique"
forensics services.

Here is a good overview:

  https://csg.utdallas.edu/ wp-content/ uploads/ 2013/ 02/
UTDCSG-Forensics-Week-2.pptx

This is perhaps the most interesting document - it shows the phone by
phone, model by model capabilities for UFED Ultimate as of ~2013
(~3036 phone models):

  https://csg.utdallas.edu/wp-content/uploads/2013/01/Phones.xlsx

It lists the OS, the apps that they target, if they can reconstruct
the full system, and so on:

Vendor	Model	Physical Extraction	Bypass Lock	File System
Extraction	Password Extract	Platform	File system
Reconstruction	SMS	Contacts	Call
log	MMS	Bluetooth	locations	Notes	Bookmarks	Email	Accounts	cookies	Dictionary	Viber	facebook	FaceBook
Messanger	WhatsApp	Google Plus	Skype	Google
Talk	twitter	PingChat	Gesture
Decoding	calendar	BBM	Tasks	Chat	Passwords	Web
History	MotionX	VoiceMail	Application Usage	WiFi	Installed
Applications	Garmin	TextNow	TigerText	Fring	twitterrific	TextFree	Yahoo
Messenger	foursquare	Ping Chat	Waze	dropbox	User Code

Good times!

All the best,
Jacob

On 3/2/14, Tom Ritter <tom at ritter.vg> wrote:
>> ---------- Forwarded message ----------
>> From: "shawn wilson"
>> How about a dictionary and rules. Even if you choose an alphanumeric
> "strong" pass, you're kinda limited to the phone's keyboard - you're not
> going to want to switch case or between letters and special too often.
> Also, IIRC Android limits length to 15 chars. I also don't think the screen
> lock can be different than the boot pass (so everything I said above should
> hold true).
>>
>> Basically what I'm saying is use hashcat.
>
> In regular use I agree completely. But in my threat model (what I'm
> preparing for) is 'prepared use' - you're knowingly crossing a border or
> attending a protest, want/need your phone, and are willing to have a
> painful password for a short bit.
>
> -tom
>


More information about the cryptography mailing list