Forensic Blogs

An aggregator for digital forensics blogs

by

Researching IoT Devices

Art depicting the connectivity of common devices Introduction

It is safe to say that everyone is constantly connected, through our smartphones, social media accounts, and even smart homes. Every day, more and more innovative devices are released to the public. Any device that is able to have a relationship with another is part of Internet of Things (IoT). Forbes goes so far as to state that “the relationship will be between people-people, people-things, and things-things”. While these devices offer easy-to-use functionality and instant access to information, how secure are they? In this blog, students at the Leahy Center will review some common devices and discuss some of their vulnerabilities.

IoT Smart Locks

Smart locks are great for remote access to your home’s doors. They’re a faster way to open them, as well as allow a user to keep a record of each action. However, Katie Hopkins, part of the IoT research team, is in the midst of a deep dive into smart lock vulnerabilities—discovering how to make a device that is supposed to keep your home secure vulnerable to hackers. Her research was specifically on Kwikset Kevo Smart Lock devices. Despite how secure one may think these devices are, Katie found that these vulnerabilities may subvert that expectation.

Image of a smart lock

Some vulnerabilities are very simple, such as a denial of service attack using a smartphone. The InfoSec Handbook, a guide to network security concepts, offers a useful definition. A denial of service attack is one that limits or rejects access due to an overflow of data from an outside device. In this case, an attacker can use the Kevo app to send large amounts of open/close requests to the lock. This confuses the device and causes it to not react to a physical key that comes with the device. Another vulnerability is that the lock’s batteries only last about two weeks. This leaves a window of opportunity for an attacker to gain control of the lock.

Some companies also claim that they encrypt passwords for these devices but end up not doing so; great information for a hacker, bad news for you! There are many more ways to exploit these devices, but these are just a few of the simpler ones. NewSky Security wrote a blog post that breaks down more exploits in detail.

Overall, these locks may be useful for securing your home, but their functionality causes new problems.

Google Home

One of the landmark accomplishments in smart devices has to be the creation of personal assistants. One of the more sophisticated virtual helpers is Google Assistant, a competitor to Apple’s Siri and Amazon’s Alexa personal assistants. This software can exist on most devices with a microphone and a speaker since Google Assistant interacts through voice. The user may give the device commands such as, “set an alarm”, or “open my garage door”.

Google Assistant can also interact with your other smart devices in a smart home. To do this, one can purchase a Google Home. Home runs the Google Assistant software and serves as a hub for all your smart devices. 

Image of a Google Home

IoT team member, Joe McCormack, has been doing research on the Google Home and did not find as many vulnerabilities with the software or hardware as Katie found in her research of the smart locks. But, just like the Kevo Smart Locks, there is always a flaw. Discovered by a group at the University of Michigan, the process which utilizes the microphone and translates it so the Google Assistant can execute those commands can be exploited. By using a low-powered laser, an attacker can shine different frequencies into the Google Home’s microphone and execute commands without a sound. This means a criminal can use this to do things like disarm smart home security systems and open smart locks without a sound. The technology required to do this is fairly complex but can be done by anyone with the proper knowledge.

D-Link WiFi Camera

The best way to catch a criminal is to actually see them in the act of a crime. It is also common for parents to keep an eye on their children while they are working or are left with a babysitter. Security cameras are a great way to automatically record the happenings of an area. Most come with motion detection, night vision, and the ability to record entire days worth of footage. One camera that the IoT Security team has been researching is from D-Link, a reputable manufacturer that specializes in network devices, including security cameras. The D-Link WiFi Camera model (DCS-5030L) is a cheap and effective way to monitor your home or office, but if the user does not update the camera regularly, there can be trouble.

Image of a D-Link wifi camera

Someone who is familiar with code can find specific files online that allow unauthorized access to the camera. That means that a person can gain control of the camera, look at recordings saved in the memory, and even move the position of the camera. However, it is actually pretty easy to prevent an attack. All you have to do is keep your firmware updated as D-Link has fixed many security issues over the lifespan of the device. This is normally the case for many devices.

Conclusion

There are vulnerabilities to most, if not all, of the IoT devices that you might use in your home. A capable hacker can exploit devices that you use every day; from your smart door lock to your smart refrigerator. We must be more aware of the issues that are present with new and exciting technology or our personal data could be compromised. It is always good to keep the device’s firmware up to date and have strong network security. By fortifying your devices and the network it resides on, you can prevent the possibility of an attacker taking control of your smart home, smart camera, or any other smart device. For the sake of your personal information, physical security, as well as privacy, remember that the convenience that smart devices offer might not be worth the risk.

The post Researching IoT Devices appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Mobile App Intern Final Blog Post

Project Wrap Up

The Mobile App Intern team chose 3 travel apps to analyze. Kayak, Expedia, and Google Trips. All three apps stored their data within the internal storage of each device it was downloaded onto. However, Expedia proved to show very little artifacts that could be useful for forensic analysts. Most of the data kept by Expedia is not data meant for the user or analysts’; it is meant for the app itself (data logs etc). Google Trips saved the most user data out of all three of the apps. It kept user info (username and password hash), trip details (title, locations, etc), and location data. Kayak mainly stored location data, the names of hotels, and rental company information. For example, if one were to use Kayak in order to rent a Mercedes-Benz for $60 USD a day, they can set what dates to rent said car and Kayak will keep all of that information about the car and company stored. The same was true for plane and bus tickets. Company, price, dates of departure/arrival, and user timestamps are all stored.

Final Thoughts

The Mobile App Intern Team is grateful to the LCDI to have been given the chance to utilize their devices in order to perform projects and research. The team was able to acquire new skills (like rooting Android devices) and read many useful journal articles relating to mobile forensics. 

The post Mobile App Intern Final Blog Post appeared first on The Leahy Center for Digital Investigation.

by

Application Analysis

Introduction:

The Application Analysis team is a group of technical interns at the Leahy Center for Digital Investigation. The LCDI offers  great opportunities for students to gain knowledge and skills in digital forensics and cybersecurity. This project is how four intern students have gone about testing some consumer mobile tracking & monitoring software.

Experience:

The Application Analysis team has currently been researching four different mobile tracking & monitoring programs available in today’s market. The programs we are looking at are mSpy, FlexiSpy, Mobistealth, and Highster Mobile. We are researching the specifications that each of these applications claims to have. We have five Nexus 7 tablets, four of which are rooted using Nexus Root Toolkit and one that is being used as the control device. A control device is a device that you leave in its original state to compare with other devices so you can see what has changed. Sometimes unexpected things will change and that is how you can confirm that it has been altered. We have a laptop that is being used to monitor the traffic via WireShark and also used as the control panel for the software.   

Our team is using the following apps: Google Hangouts, Facebook, Facebook Messenger, Kik, and Skype. We are generating data by sending information between the rooted device and the control device using these various applications. We are seeing if we are able to view all the information that we generated and are checking on whether any data is not collected.

In addition, we are testing if video calls are recorded and sent to the parents’ account. We have set a keyword to test the capability of specific programs to see if it alerts the parent when the keyword is used. Since the first program that we tested has the capability of Geo-Fencing, we decided to test for this capability as well. Geo-fencing means if a device leaves a certain location, there would be an alert sent to notify the parent that the device has left the specified location.

Conclusion:

We have created a variety of questions that we would like to look further into with each of the programs, including if the software can be hidden on the device. Stay tuned to read further updates on this project and the information we continue to gather from our devices.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

The post Application Analysis appeared first on The Leahy Center for Digital Investigation.