Effects of the Factory Reset on Mobile Devices

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did poorly at removing user documents and media, and occasional surprising user data was left on all devices including photo images, audio, documents, phone numbers, email addresses, geolocation data, configuration data, and keys. A conclusion is that reset devices can still provide some useful information to a forensic investigation

A Study of the Data Remaining on Second-Hand Mobile Devices in the UK

This study was carried out intending to identify the level and type of information that remained on portable devices that were purchased from the second-hand market in the UK over the last few years. The sample for this study consisted of 100 second hand mobile phones and tablets. The aim of the study was to determine the proportion of devices that still contained data and the type of data that they contained. Where data was identified, the study attempted to determine the level of personal identifiable information that is associated with the previous owner. The research showed that when sensitive and personal data was present on a mobile device, in most of the cases there had been no attempt to remove it. However, fifty two percent of the mobile devices had been reset to the factory settings or had had all of the data erased, which demonstrates the previous owner’s attempt to permanently remove personal identifiable information. Twenty eight percent of the devices that were sold were not functional or recognized by the software used in the research. Twenty percent of the devices that contained data contained data that gave away the identity of the previous owner

Digital Privacy: Personal Data Collection Methods and the Myth of Online Privacy

Mobile devices offer users a constant connection to information and entertainment. Our society has become hyperconnected. We have unprecedented access to information at any time of the day. Mobile devices have the potential to make people more efficient and productive or more distracted and negatively influenced. The use of applications or apps on mobile devices brings with them unparalleled access to intimate information about the users of mobile devices. Corporations have been quick to provide apps that make life easier for, or entertain, the end-users. But the entertainment and access come at a price. That price is incredibly detailed information about the users, and it is being used and sold on the internet. Companies are requiring users to allow mobile applications access to far more detailed information than is necessary, and the end-user is unaware of just what the price they are paying is. This paper will explore the permissions that mobile apps request, a company’s terms of service, and third-party relationships to determine if software manufacturers are honest with their stated permissions or if apps are overreaching in their efforts to collect information about their users. An examination of application permissions and analysis of the data transmissions to and from the device on behalf of the application will be performed. This work aims to provide users with more insight into how to protect their confidential data and to improve users’ perception of privacy

Controllable radio interference for experimental and testing purposes in wireless sensor networks

Abstract—We address the problem of generating customized, controlled interference for experimental and testing purposes in Wireless Sensor Networks. The known coexistence problems between electronic devices sharing the same ISM radio band drive the design of new solutions to minimize interference. The validation of these techniques and the assessment of protocols under external interference require the creation of reproducible and well-controlled interference patterns on real nodes, a nontrivial and time-consuming task. In this paper, we study methods to generate a precisely adjustable level of interference on a specific channel, with lowcost equipment and rapid calibration. We focus our work on the platforms carrying the CC2420 radio chip and we show that, by setting such transceiver in special mode, we can quickly and easily generate repeatable and precise patterns of interference. We show how this tool can be extremely useful for researchers to quickly investigate the behaviour of sensor network protocols and applications under different patterns of interference, and we further evaluate its performance

DROP (DRone Open source Parser) Your Drone: Forensic Analysis of the DJI Phantom III

The DJI Phantom III drone has already been used for malicious activities (to drop bombs, remote surveillance and plane watching) in 2016 and 2017. At the time of writing, DJI was the drone manufacturer with the largest market share. Our work presents the primary thorough forensic analysis of the DJI Phantom III drone, and the primary account for proprietary file structures stored by the examined drone. It also presents the forensically sound open source tool DRone Open source Parser (DROP) that parses proprietary DAT files extracted from the drone\u27s nonvolatile internal storage. These DAT files are encrypted and encoded. The work also shares preliminary findings on TXT files, which are also proprietary, encrypted, encoded, files found on the mobile device controlling the drone. These files provided a slew of data such as GPS locations, battery, flight time, etc. By extracting data from the controlling mobile device, and the drone, we were able to correlate data and link the user to a specific device based on extracted metadata. Furthermore, results showed that the best mechanism to forensically acquire data from the tested drone is to manually extract the SD card by disassembling the drone. Our findings illustrated that the drone should not be turned on as turning it on changes data on the drone by creating a new DAT file, but may also delete stored data if the drone\u27s internal storage is full

Securing Communication Channels in IoT using an Android Smart Phone

In today's world, smart devices are a necessity to have, and represent an essential tool for performing daily activities. With this comes the need to secure the communication between the IoT devices in the consumer's home, to prevent attacks that may jeopardize the confidentiality and integrity of communication between the IoT devices. The life cycle of a a simple device includes a series of stages that the device undergoes: from construction and production to decommissioning. In this thesis, the Manufacturing, Bootstrapping and Factory Reset parts of IoT device's life cycle are considered, focusing on security. For example, the Controller of user's home network (e.g., user's smart phone) should bootstrap the ``right'' IoT device and the IoT device should bootstrap with the ``right'' Controller. The security is based on device credentials, such as the device certificate during the bootstrapping process, and the operational credentials that are provisioned to the IoT device from the Controller during the bootstrapping. The goal of this thesis is to achieve easy-to-use and secure procedure for setting up the IoT device into a home network, and for controlling that IoT device from an Android mobile phone (Controller). The objectives are: (1) explore the different aspects of using a smartphone as a Controller device to securely manage the life cycle of a simple device; (2) propose a system design for securely managing the life cycle of a simple device from a Controller compliant with existing standards, (e.g. Lightweight Machine to Machine (LwM2M) is an industrial standard used to manage and control industrial IoT Devices); (3) implement a proof of concept based on the system design; (4) provide a user-friendly interface for a better experience for the user by using popular bootsrapping methods such as QR code scanning; (5) discuss the choices regarding securing credentials and managing data, and achieve a good balance between usability and security during the bootstrapping process. In order to achieve those goals, the state-of-art technologies for IoT device management were studied. Then an Android application that uses LwM2M standard in consumer's home setting was specified, designed and implemented. The Android application is wrapped in a smooth user interface that allows the user a good experience when attempting to connect and control the target IoT device