SlideShare uma empresa Scribd logo

Smartwatch Data Forensics

Transferir como PPTX, PDF
B
BriMorLabs

This document provides an overview of research conducted on the Pebble Time and Microsoft Band 2 smartwatches. It describes the hardware and software used, data storage locations on Android devices, and examples of parsed health and notification data. The document emphasizes that smartwatch data can be valuable for investigations and recommends clearing notifications regularly to help protect privacy. Future research goals include analyzing network traffic and expanding the open source Perl script to parse additional watch data.

Tecnologia
1 de 79
Brian Moran Digital Strategy Consultant - BriMor Labs Millersville, Maryland JUNE 24 2016
A Brief List of Topics • Why use these confounded devices? • Pebble Time – Data on phone • Microsoft Band 2 – Data on phone • Ways to protect your data • Future research goals • Questions/Comments (if time permits) BriMor Labs - 2016
The Introductory Introduction • Hello, my name is Brian Moran – Hi Brian! • 13 years Air Force Active Duty – 10 years mobile exploitation/DFIR experience • Co-winner: Unofficial Forensic 4Cast Awards 2012 -- Best Photoshop of Lee Whitfield • Worked here…. BriMor Labs - 2016
The Introductory Introduction BriMor Labs - 2016
Hardware Used • Samsung Galaxy Note II (SCH-i605) – rooted – Running Android 4.4.2 • Pebble Time – Running 3.10 • Microsoft Band 2 – Running 2.0.4215.0 26R BriMor Labs - 2016
Software Used • ES File Explorer app – Android – Version 4.0.4.5 • Microsoft Health app – Android – Version 1.3.20213.1 • Pebble Time app – Android – Version 3.10.0-976-0c219e8 • SQLite Spy – Version 1.9.6 • Hex Workshop – Version 6.8.0.5419 • Perl/Python BriMor Labs - 2016
iOS data shout out • Special thanks to likely 2017 Forensic 4Cast Awards “Digital Forensic Book of the Year” nominee Heather Mahalik for providing me Pebble related iOS data* – Let’s make this happen! *Only cost me a couple pairs of LuLaRoe leggings BriMor Labs - 2016
BriMor Labs - 2016
What Was NOT Used • Cellebrite – Don’t want to rely on ~$10k worth of equipment • During the course of this research, no lying dormant cyber pathogens were harmed BriMor Labs - 2016
Why not Apple/Samsung/LG/etc? • Wanted to choose smartwatches that can be used regardless of brand of phone or phone operating system • Microsoft Band 2 – Android, iOS, Windows Phone • Pebble – Android, iOS, “unofficial official” Windows Phone BriMor Labs - 2016
Why use smart watches? • Helpful notifications (especially when driving) BriMor Labs - 2016
Why use smart watches? BriMor Labs - 2016
Why use smart watches? BriMor Labs - 2016
Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016
Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Inactive and out of shape
Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Lee Whitfield – “Brotato Chip” version
Why use smart watches? BriMor Labs - 2016Tracking a weekend bike ride
Why use smart watches? BriMor Labs - 2016Tracking a round of golf
Why use smart watches? BriMor Labs - 2016Tracking your run
Why use smart watches? BriMor Labs - 2016Remotely change music from this …
BriMor Labs - 2016… to this
Why use smart watches? BriMor Labs - 2016Tracking your sleep
Pebble Time Specs • Processor: ST Micro STM32F439ZG 180 MHz ARM Cortex-M4-based-MCU (100 MHz, single core) • Storage: Spansion S29VS128R 128MB, 65 nm MirrorBit Flash • Display: 1.25” color e-paper screen (144 x 168 pixels, 182 ppi) • Battery: 150 mAh, (average battery life of 7 days) • Bluetooth: TBD • Source: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382 BriMor Labs - 2016
Pebble Time storage (Android mobile device) • Path: /data/data/com.getpebble.android.basalt – Make sure it is NOT “emulated” BriMor Labs - 2016
BriMor Labs - 2016
• “datadatacom.getpebble.android.basaltdatabase spebble” is primary file of interest – SQLite database (as are most files on mobile devices these days) – Easy to view in any SQLite viewer or parse via scripting languages BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “android_apps” contains a listing of every application and application version installed on the device • Information is obviously needed for notifications sent to Pebble • Useful location if looking for an application/version BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “notifications” contains a listing of every notification that happened on the mobile device • Data is stored by Pebble app regardless of it is sent to the device or not • Can obviously contain INCREDIBLY useful information – NOTE: Database does get cleaned when user chooses to clear all notifications BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “timeline_items” contains a listing notifications actually sent to device • This data is stored as json inside of a SQLite database BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• Table “weather_locations” contains a list of “locations” that the device receives weather updates • Can be useful to determine if an individual was in a certain place at a certain time BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016
• SMS message notifications are stored under “notifications” table. – The “package_name” is bank, the “SOURCE” is “SMS” • Remember, this can potentially contain messages that were deleted from the phone but stored within this database! BriMor Labs - 2016 Pebble Time storage (Android mobile device)
BriMor Labs - 2016 Pebble Time storage (Android mobile device)
• Obligatory Pebble data on iOS devices slides • Main database of interest is named “PBMyPebbleAppDataCoreDataManager.sqlite” BriMor Labs - 2016 Pebble Time storage (iOS mobile device)
BriMor Labs - 2016
Microsoft Band 2 Specs • Processor: ARM Cortex M4 MCU CPU • Storage: 64MB onboard storage • AMOLED Gorilla Glass 3 screen, 12.8mm x 32mm (0.5” x 1.25”), 320 x 128 pixels, 255ppi • Battery: Lithium Polymer battery (average battery life 48 hours) • Bluetooth: Bluetooth 4.0 • GPS • Source: http://www.pcadvisor.co.uk/review/activity-trackers/microsoft-band- vs-band-2-comparison-3626883/#productSpecificationFull BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Path: /data/data/com.microsoft.kapp – Make sure it is NOT “emulated” BriMor Labs - 2016
BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Primary folder of interest is “responseCache” – Found under “com.microsoft.kapp/files” • Folder contains files in json format with GUID type names – Names correlate to entries in SQLite database “cache.sqlite” found under the path “com.microsoft.kapp/databases” – IMPORTANT NOTE: Not all names have an entry, depending on Band usage BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Data in SQLite database notes a file related to “Golf” is stored as “/data/data/com.microsoft.kapp/files/responseCac he/9524a205-d3d6-4d7c-ad31-cbfba2e25840” BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) • Highlights – Distance is stored in “cm” – Par was 71 – Total score was 85 – Scored par or better on 10 holes (Had a good front nine (+2), but ran into trouble on the back. Not too bad all in all considering I have an exploded hip) BriMor Labs - 2016
Microsoft Health - website BriMor Labs - 2016
Microsoft Health - website BriMor Labs - 2016
Microsoft Health - website • Remember the text data from golfing earlier? • The data viewed in the application or on the web is much easier to understand BriMor Labs - 2016
Microsoft Health BriMor Labs - 2016 Golf data viewed on Microsoft Health website
BriMor Labs - 2016 Golf data viewed on Microsoft Health app Microsoft Health app
Microsoft Health • Same methodology can be applied for all “tracking” aspects – Running – Workouts – Sleep – Calories – Etc. BriMor Labs - 2016
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Look at database for file associated with “Sleeping” b0d94bd7-4b17-46f9-9733-090aebcbf0ae
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Browse to “com.microsoft.kapp/files/responseCache/b0d94bd7-4b17- 46f9-9733-090aebcbf0ae”
Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Raw sleep data on mobile device
Microsoft Health - website BriMor Labs - 2016 Sleep data viewed on Microsoft Health website NOTE: Asleep at 12:04AM
Microsoft Health app BriMor Labs - 2016 Sleep data viewed on Microsoft Health app NOTE: Asleep at 12:05 AM
Important Take Away • Smart watches are essentially content notification devices – Require another device (smart phone) to “fully” work • Most of the interesting data will be stored on the mobile device itself • Connected apps/websites can have even MORE data! BriMor Labs - 2016
Important Take Away • Time(s) are dependent on exact time on device/platform being analyzed – Fell asleep at 12:04AM according to website – Fell asleep at 12:05AM according to app • Trust the raw data, but be prepared for slight time skew • No current method to “secure” most smart watches – It pains me to say this, but it is one thing that Apple got right BriMor Labs - 2016
Important Take Away • If you are going to do something bad, don’t wear a smartwatch/fitness tracker • Additionally, if you are going to lie about something bad happening to you, don’t wear a smartwatch/fitness tracker BriMor Labs - 2016
Protecting your data • Only turn on notifications you want to record – NOTE: iOS will not allow the user to modify some notification settings • Open Pebble app on mobile device – Navigate to “Notifications” – Select “View All Apps” – Change slider from blue (on) to gray (off) accordingly BriMor Labs - 2016
BriMor Labs - 2016
Protecting your data • Clear notifications on a regular basis • On Pebble device, – Navigate to “Notifications” – Select “Clear All” • NOTE: You must have at least one notification on the Pebble device to clear the SQLite table on the mobile device BriMor Labs - 2016
Protecting your data BriMor Labs - 2016
Protecting your data • Don’t sync health care data/records with any applications – If you do, and you lose control of your own PII/PHI, you could theoretically be held liable for losing your own data BriMor Labs - 2016
Protecting your data • Use strong password(s) for your accounts • Don’t reuse passwords – Especially for 2nd/3rd party apps BriMor Labs - 2016 Examples of BAD passwords
Future development (DEPENDENT ON FREE TIME) • allyourpebblearebelongtous.pl – ETA late June 2016 – Wait. That’s now!! • allyourband2arebelongtous.pl – ETA TBD, In progress • Why Perl? – Easier for me – Want Cellebrite to at least do a little work to make money off of open source research  BriMor Labs - 2016
allyourpebblearebelongtous.pl • Give the script a pebble database & output folder and let it run • Tries to figure out if it is iOS or android & parses data accordingly BriMor Labs - 2016 NOW FEATURING IOS PARSING CAPABILITIES!!
allyourpebblearebelongtous.pl BriMor Labs - 2016 Screenshot of script running
allyourpebblearebelongtous.pl • Produces easy to read HTML output for: – Android • Applications • Canned responses • Notifications • Phone numbers – iOS • Notifications BriMor Labs - 2016
Android- Output of parsed notifications BriMor Labs - 2016
iOS- Output of parsed notifications BriMor Labs - 2016
Future development (DEPENDENT ON FREE TIME) • Collect more data and do more experimentation – Capturing traffic to/from smart watches is my next goal – Doing this after hip surgery will help considerably  • Expand to other smart watches (maybe?) BriMor Labs - 2016
Future development (DEPENDENT ON FREE TIME) • Check out a post by b0nb0n on jailbreaking the Microsoft fitness band – http://www.b0n0n.com/2016/04/20/ms- jailbreak/ • NOTE: This was done with the original Microsoft Band, my limited testing has been unsuccessful thus far on the Band 2 BriMor Labs - 2016
Questions? Contact Us! Email: brian@brimorlabs.com Phone: 443.834.8280 Website: www.brimorlabs.com Blog: www.brimorlabsblog.com Twitter: @BriMorLabs (work) @brianjmoran (personal) BriMor Labs - 2016

Recomendados

BriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCONBriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCONBriMorLabs
 
Who Watches The Smart Watches
Who Watches The Smart WatchesWho Watches The Smart Watches
Who Watches The Smart WatchesBriMorLabs
 
BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMorLabs
 
Live Response Collection Overview
Live Response Collection OverviewLive Response Collection Overview
Live Response Collection OverviewBriMorLabs
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
T3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gateT3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gateJames Lanyon
 
Brush Rabbits
Brush RabbitsBrush Rabbits
Brush Rabbitsjabernethy
 

Recomendados

BriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCONBriMor Labs Live Response Collection - OSDFCON
BriMor Labs Live Response Collection - OSDFCONBriMorLabs
 
Who Watches The Smart Watches
Who Watches The Smart WatchesWho Watches The Smart Watches
Who Watches The Smart WatchesBriMorLabs
 
BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMorLabs
 
Live Response Collection Overview
Live Response Collection OverviewLive Response Collection Overview
Live Response Collection OverviewBriMorLabs
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
T3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gateT3: apple watch - creating value out of the gate
T3: apple watch - creating value out of the gateJames Lanyon
 
Brush Rabbits
Brush RabbitsBrush Rabbits
Brush Rabbitsjabernethy
 
Diploma Certificate
Diploma CertificateDiploma Certificate
Diploma CertificateBalaMurugan Ramalingam
 
Tics
TicsTics
Ticsguestdd180bdf
 
Darkness
DarknessDarkness
Darknesspeekay30
 
Romantische restaurants
Romantische restaurantsRomantische restaurants
Romantische restaurantsJose Pinto Cardoso
 
certifikat training
certifikat trainingcertifikat training
certifikat trainingIsyaf Syafrudin
 
Kurz práce s informacemi
Kurz práce s informacemiKurz práce s informacemi
Kurz práce s informacemikittttynka
 
Sad Sea Horizons
Sad Sea HorizonsSad Sea Horizons
Sad Sea Horizonspeekay30
 
Meghalaya's Environment
Meghalaya's EnvironmentMeghalaya's Environment
Meghalaya's EnvironmentEFI
 
Cheetahs
CheetahsCheetahs
Cheetahsjabernethy
 
Nervio Abducens
Nervio AbducensNervio Abducens
Nervio AbducensAndrea Morales Loyo
 
My food chain story
My food chain storyMy food chain story
My food chain storyjabernethy
 
Equipos dinamicos
Equipos dinamicosEquipos dinamicos
Equipos dinamicosJoseGLara00
 
Autoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuAutoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuPauloVitro
 
American Robin
American RobinAmerican Robin
American Robinjabernethy
 
How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015IsobarUS
 
Apple Watch App Concepts
Apple Watch App ConceptsApple Watch App Concepts
Apple Watch App ConceptsJose Coronado
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Startedintive
 
A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringMichael Dawson
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can youShakacon
 
Turning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesTurning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesRam Fish
 
Mobile App Security: A Review
Mobile App Security: A ReviewMobile App Security: A Review
Mobile App Security: A ReviewUmang Singh
 
Let's understand Data Science
Let's understand Data Science Let's understand Data Science
Let's understand Data Science Sachin Rastogi
 

Mais conteúdo relacionado

Destaque

Kurz práce s informacemi
Kurz práce s informacemiKurz práce s informacemi
Kurz práce s informacemikittttynka
 
Sad Sea Horizons
Sad Sea HorizonsSad Sea Horizons
Sad Sea Horizonspeekay30
 
Meghalaya's Environment
Meghalaya's EnvironmentMeghalaya's Environment
Meghalaya's EnvironmentEFI
 
My food chain story
My food chain storyMy food chain story
My food chain storyjabernethy
 
Equipos dinamicos
Equipos dinamicosEquipos dinamicos
Equipos dinamicosJoseGLara00
 
Autoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuAutoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuPauloVitro
 
American Robin
American RobinAmerican Robin
American Robinjabernethy
 
How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015IsobarUS
 
Apple Watch App Concepts
Apple Watch App ConceptsApple Watch App Concepts
Apple Watch App ConceptsJose Coronado
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Startedintive
 

Destaque (17)

Diploma Certificate
Diploma CertificateDiploma Certificate
Diploma Certificate
 
Tics
TicsTics
Tics
 
Darkness
DarknessDarkness
Darkness
 
Romantische restaurants
Romantische restaurantsRomantische restaurants
Romantische restaurants
 
certifikat training
certifikat trainingcertifikat training
certifikat training
 
Kurz práce s informacemi
Kurz práce s informacemiKurz práce s informacemi
Kurz práce s informacemi
 
Sad Sea Horizons
Sad Sea HorizonsSad Sea Horizons
Sad Sea Horizons
 
Meghalaya's Environment
Meghalaya's EnvironmentMeghalaya's Environment
Meghalaya's Environment
 
Cheetahs
CheetahsCheetahs
Cheetahs
 
Nervio Abducens
Nervio AbducensNervio Abducens
Nervio Abducens
 
My food chain story
My food chain storyMy food chain story
My food chain story
 
Equipos dinamicos
Equipos dinamicosEquipos dinamicos
Equipos dinamicos
 
Autoretrato Paulovitro Bataguassu
Autoretrato Paulovitro BataguassuAutoretrato Paulovitro Bataguassu
Autoretrato Paulovitro Bataguassu
 
American Robin
American RobinAmerican Robin
American Robin
 
How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015How Apple Watch Will Change Human Behavior in 2015
How Apple Watch Will Change Human Behavior in 2015
 
Apple Watch App Concepts
Apple Watch App ConceptsApple Watch App Concepts
Apple Watch App Concepts
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Started
 

Semelhante a Smartwatch Data Forensics

A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringMichael Dawson
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can youShakacon
 
Turning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesTurning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesRam Fish
 
Mobile App Security: A Review
Mobile App Security: A ReviewMobile App Security: A Review
Mobile App Security: A ReviewUmang Singh
 
Let's understand Data Science
Let's understand Data Science Let's understand Data Science
Let's understand Data Science Sachin Rastogi
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Silicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDBSilicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDBDaniel Coupal
 
Building Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine LearningBuilding Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine LearningDavid Walker, CSM,CSD,MCP,MCAD,MCSD,MVP
 
Use Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data ClustersUse Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data ClustersDatabricks
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Beyond Tomorrow
Beyond TomorrowBeyond Tomorrow
Beyond TomorrowDotitude
 
Wearable Computing Ecosystem
Wearable Computing EcosystemWearable Computing Ecosystem
Wearable Computing EcosystemAmish Gandhi
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?Ken Tabor
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Advanced monitoring
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewWindows Developer
 
Wearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating SystemsWearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating SystemsGil Bouhnick
 
Simplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your LogsSimplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your LogsSolarWinds
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 

Semelhante a Smartwatch Data Forensics (20)

A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoring
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
Turning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditchesTurning Ideas into reality: a few stories from the ditches
Turning Ideas into reality: a few stories from the ditches
 
Mobile App Security: A Review
Mobile App Security: A ReviewMobile App Security: A Review
Mobile App Security: A Review
 
Let's understand Data Science
Let's understand Data Science Let's understand Data Science
Let's understand Data Science
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
 
Silicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDBSilicon Valley Code Camp 2014 - Advanced MongoDB
Silicon Valley Code Camp 2014 - Advanced MongoDB
 
Building Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine LearningBuilding Powerful and Intelligent Applications with Azure Machine Learning
Building Powerful and Intelligent Applications with Azure Machine Learning
 
Dr Di Liu - BOLD Mirror Setup
Dr Di Liu - BOLD Mirror SetupDr Di Liu - BOLD Mirror Setup
Dr Di Liu - BOLD Mirror Setup
 
Use Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data ClustersUse Machine Learning to Get the Most out of Your Big Data Clusters
Use Machine Learning to Get the Most out of Your Big Data Clusters
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
Beyond Tomorrow
Beyond TomorrowBeyond Tomorrow
Beyond Tomorrow
 
Wearable Computing Ecosystem
Wearable Computing EcosystemWearable Computing Ecosystem
Wearable Computing Ecosystem
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?BigDesign 2014 - What's Before Mobile First?
BigDesign 2014 - What's Before Mobile First?
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overview
 
Wearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating SystemsWearables: The Comprehensive List of Smartwatch Operating Systems
Wearables: The Comprehensive List of Smartwatch Operating Systems
 
Simplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your LogsSimplify Troubleshooting With Context in Your Logs
Simplify Troubleshooting With Context in Your Logs
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Smartwatch Data Forensics

  • 1. Brian Moran Digital Strategy Consultant - BriMor Labs Millersville, Maryland JUNE 24 2016
  • 2. A Brief List of Topics • Why use these confounded devices? • Pebble Time – Data on phone • Microsoft Band 2 – Data on phone • Ways to protect your data • Future research goals • Questions/Comments (if time permits) BriMor Labs - 2016
  • 3. The Introductory Introduction • Hello, my name is Brian Moran – Hi Brian! • 13 years Air Force Active Duty – 10 years mobile exploitation/DFIR experience • Co-winner: Unofficial Forensic 4Cast Awards 2012 -- Best Photoshop of Lee Whitfield • Worked here…. BriMor Labs - 2016
  • 5.
  • 6. Hardware Used • Samsung Galaxy Note II (SCH-i605) – rooted – Running Android 4.4.2 • Pebble Time – Running 3.10 • Microsoft Band 2 – Running 2.0.4215.0 26R BriMor Labs - 2016
  • 7. Software Used • ES File Explorer app – Android – Version 4.0.4.5 • Microsoft Health app – Android – Version 1.3.20213.1 • Pebble Time app – Android – Version 3.10.0-976-0c219e8 • SQLite Spy – Version 1.9.6 • Hex Workshop – Version 6.8.0.5419 • Perl/Python BriMor Labs - 2016
  • 8. iOS data shout out • Special thanks to likely 2017 Forensic 4Cast Awards “Digital Forensic Book of the Year” nominee Heather Mahalik for providing me Pebble related iOS data* – Let’s make this happen! *Only cost me a couple pairs of LuLaRoe leggings BriMor Labs - 2016
  • 10. What Was NOT Used • Cellebrite – Don’t want to rely on ~$10k worth of equipment • During the course of this research, no lying dormant cyber pathogens were harmed BriMor Labs - 2016
  • 11. Why not Apple/Samsung/LG/etc? • Wanted to choose smartwatches that can be used regardless of brand of phone or phone operating system • Microsoft Band 2 – Android, iOS, Windows Phone • Pebble – Android, iOS, “unofficial official” Windows Phone BriMor Labs - 2016
  • 12. Why use smart watches? • Helpful notifications (especially when driving) BriMor Labs - 2016
  • 13. Why use smart watches? BriMor Labs - 2016
  • 14. Why use smart watches? BriMor Labs - 2016
  • 15. Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016
  • 16. Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Inactive and out of shape
  • 17. Why use smart watches? • Fitness/workout tracking BriMor Labs - 2016 Lee Whitfield – “Brotato Chip” version
  • 18. Why use smart watches? BriMor Labs - 2016Tracking a weekend bike ride
  • 19. Why use smart watches? BriMor Labs - 2016Tracking a round of golf
  • 20. Why use smart watches? BriMor Labs - 2016Tracking your run
  • 21. Why use smart watches? BriMor Labs - 2016Remotely change music from this …
  • 22. BriMor Labs - 2016… to this
  • 23. Why use smart watches? BriMor Labs - 2016Tracking your sleep
  • 24. Pebble Time Specs • Processor: ST Micro STM32F439ZG 180 MHz ARM Cortex-M4-based-MCU (100 MHz, single core) • Storage: Spansion S29VS128R 128MB, 65 nm MirrorBit Flash • Display: 1.25” color e-paper screen (144 x 168 pixels, 182 ppi) • Battery: 150 mAh, (average battery life of 7 days) • Bluetooth: TBD • Source: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382 BriMor Labs - 2016
  • 25. Pebble Time storage (Android mobile device) • Path: /data/data/com.getpebble.android.basalt – Make sure it is NOT “emulated” BriMor Labs - 2016
  • 27. • “datadatacom.getpebble.android.basaltdatabase spebble” is primary file of interest – SQLite database (as are most files on mobile devices these days) – Easy to view in any SQLite viewer or parse via scripting languages BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 29. • Table “android_apps” contains a listing of every application and application version installed on the device • Information is obviously needed for notifications sent to Pebble • Useful location if looking for an application/version BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 31. • Table “notifications” contains a listing of every notification that happened on the mobile device • Data is stored by Pebble app regardless of it is sent to the device or not • Can obviously contain INCREDIBLY useful information – NOTE: Database does get cleaned when user chooses to clear all notifications BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 33. • Table “timeline_items” contains a listing notifications actually sent to device • This data is stored as json inside of a SQLite database BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 35. • Table “weather_locations” contains a list of “locations” that the device receives weather updates • Can be useful to determine if an individual was in a certain place at a certain time BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 37. • SMS message notifications are stored under “notifications” table. – The “package_name” is bank, the “SOURCE” is “SMS” • Remember, this can potentially contain messages that were deleted from the phone but stored within this database! BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 38. BriMor Labs - 2016 Pebble Time storage (Android mobile device)
  • 39. • Obligatory Pebble data on iOS devices slides • Main database of interest is named “PBMyPebbleAppDataCoreDataManager.sqlite” BriMor Labs - 2016 Pebble Time storage (iOS mobile device)
  • 41. Microsoft Band 2 Specs • Processor: ARM Cortex M4 MCU CPU • Storage: 64MB onboard storage • AMOLED Gorilla Glass 3 screen, 12.8mm x 32mm (0.5” x 1.25”), 320 x 128 pixels, 255ppi • Battery: Lithium Polymer battery (average battery life 48 hours) • Bluetooth: Bluetooth 4.0 • GPS • Source: http://www.pcadvisor.co.uk/review/activity-trackers/microsoft-band- vs-band-2-comparison-3626883/#productSpecificationFull BriMor Labs - 2016
  • 42. Microsoft Band 2 storage (Android mobile device) • Path: /data/data/com.microsoft.kapp – Make sure it is NOT “emulated” BriMor Labs - 2016
  • 44. Microsoft Band 2 storage (Android mobile device) • Primary folder of interest is “responseCache” – Found under “com.microsoft.kapp/files” • Folder contains files in json format with GUID type names – Names correlate to entries in SQLite database “cache.sqlite” found under the path “com.microsoft.kapp/databases” – IMPORTANT NOTE: Not all names have an entry, depending on Band usage BriMor Labs - 2016
  • 45. Microsoft Band 2 storage (Android mobile device) • Data in SQLite database notes a file related to “Golf” is stored as “/data/data/com.microsoft.kapp/files/responseCac he/9524a205-d3d6-4d7c-ad31-cbfba2e25840” BriMor Labs - 2016
  • 46. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
  • 47. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016
  • 48. Microsoft Band 2 storage (Android mobile device) • Highlights – Distance is stored in “cm” – Par was 71 – Total score was 85 – Scored par or better on 10 holes (Had a good front nine (+2), but ran into trouble on the back. Not too bad all in all considering I have an exploded hip) BriMor Labs - 2016
  • 49. Microsoft Health - website BriMor Labs - 2016
  • 50. Microsoft Health - website BriMor Labs - 2016
  • 51. Microsoft Health - website • Remember the text data from golfing earlier? • The data viewed in the application or on the web is much easier to understand BriMor Labs - 2016
  • 52. Microsoft Health BriMor Labs - 2016 Golf data viewed on Microsoft Health website
  • 53. BriMor Labs - 2016 Golf data viewed on Microsoft Health app Microsoft Health app
  • 54. Microsoft Health • Same methodology can be applied for all “tracking” aspects – Running – Workouts – Sleep – Calories – Etc. BriMor Labs - 2016
  • 55. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Look at database for file associated with “Sleeping” b0d94bd7-4b17-46f9-9733-090aebcbf0ae
  • 56. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Browse to “com.microsoft.kapp/files/responseCache/b0d94bd7-4b17- 46f9-9733-090aebcbf0ae”
  • 57. Microsoft Band 2 storage (Android mobile device) BriMor Labs - 2016 Raw sleep data on mobile device
  • 58. Microsoft Health - website BriMor Labs - 2016 Sleep data viewed on Microsoft Health website NOTE: Asleep at 12:04AM
  • 59. Microsoft Health app BriMor Labs - 2016 Sleep data viewed on Microsoft Health app NOTE: Asleep at 12:05 AM
  • 60. Important Take Away • Smart watches are essentially content notification devices – Require another device (smart phone) to “fully” work • Most of the interesting data will be stored on the mobile device itself • Connected apps/websites can have even MORE data! BriMor Labs - 2016
  • 61. Important Take Away • Time(s) are dependent on exact time on device/platform being analyzed – Fell asleep at 12:04AM according to website – Fell asleep at 12:05AM according to app • Trust the raw data, but be prepared for slight time skew • No current method to “secure” most smart watches – It pains me to say this, but it is one thing that Apple got right BriMor Labs - 2016
  • 62. Important Take Away • If you are going to do something bad, don’t wear a smartwatch/fitness tracker • Additionally, if you are going to lie about something bad happening to you, don’t wear a smartwatch/fitness tracker BriMor Labs - 2016
  • 63.
  • 64.
  • 65. Protecting your data • Only turn on notifications you want to record – NOTE: iOS will not allow the user to modify some notification settings • Open Pebble app on mobile device – Navigate to “Notifications” – Select “View All Apps” – Change slider from blue (on) to gray (off) accordingly BriMor Labs - 2016
  • 67. Protecting your data • Clear notifications on a regular basis • On Pebble device, – Navigate to “Notifications” – Select “Clear All” • NOTE: You must have at least one notification on the Pebble device to clear the SQLite table on the mobile device BriMor Labs - 2016
  • 69. Protecting your data • Don’t sync health care data/records with any applications – If you do, and you lose control of your own PII/PHI, you could theoretically be held liable for losing your own data BriMor Labs - 2016
  • 70. Protecting your data • Use strong password(s) for your accounts • Don’t reuse passwords – Especially for 2nd/3rd party apps BriMor Labs - 2016 Examples of BAD passwords
  • 71. Future development (DEPENDENT ON FREE TIME) • allyourpebblearebelongtous.pl – ETA late June 2016 – Wait. That’s now!! • allyourband2arebelongtous.pl – ETA TBD, In progress • Why Perl? – Easier for me – Want Cellebrite to at least do a little work to make money off of open source research  BriMor Labs - 2016
  • 72. allyourpebblearebelongtous.pl • Give the script a pebble database & output folder and let it run • Tries to figure out if it is iOS or android & parses data accordingly BriMor Labs - 2016 NOW FEATURING IOS PARSING CAPABILITIES!!
  • 73. allyourpebblearebelongtous.pl BriMor Labs - 2016 Screenshot of script running
  • 74. allyourpebblearebelongtous.pl • Produces easy to read HTML output for: – Android • Applications • Canned responses • Notifications • Phone numbers – iOS • Notifications BriMor Labs - 2016
  • 75. Android- Output of parsed notifications BriMor Labs - 2016
  • 76. iOS- Output of parsed notifications BriMor Labs - 2016
  • 77. Future development (DEPENDENT ON FREE TIME) • Collect more data and do more experimentation – Capturing traffic to/from smart watches is my next goal – Doing this after hip surgery will help considerably  • Expand to other smart watches (maybe?) BriMor Labs - 2016
  • 78. Future development (DEPENDENT ON FREE TIME) • Check out a post by b0nb0n on jailbreaking the Microsoft fitness band – http://www.b0n0n.com/2016/04/20/ms- jailbreak/ • NOTE: This was done with the original Microsoft Band, my limited testing has been unsuccessful thus far on the Band 2 BriMor Labs - 2016
  • 79. Questions? Contact Us! Email: brian@brimorlabs.com Phone: 443.834.8280 Website: www.brimorlabs.com Blog: www.brimorlabsblog.com Twitter: @BriMorLabs (work) @brianjmoran (personal) BriMor Labs - 2016