29,047 research outputs found
Book Review of iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices
Hoog, A., and Strzempka, K. (2011). iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress, Elsevier, xv + 310 pages; ISBN-10: 1597496596; ISBN-13: 978-1597496599, $69.95Reviewed by Simson Garfinkel, Naval Postgraduate SchoolIn April 2011 news outlets around the world revealed shocking news about Apple’s iPhone: for reasons that were not apparently clear, every iPhone contained a small SQLite database that logged where and when the user had been whenever the phone was turned on, and those records went back for pretty much as long as the user had owned their phone. Apple eventually declared that the data cache was the result of a bug and issued a software update to prune the database (it had previously grown without limit). Privacy activists rejoiced that their beloved iPhones were once again trustworthy. But forensics examiners just shook their heads: many had known about the iPhone’s tracking capabilities for more than a year and had kept quiet. They had made good use of that data. Apple’s pro-privacy patch was actually a setback for law enforcement.(see PDF for full review)</p
IPhone Securtity Analysis
The release of Apple’s iPhone was one of the most intensively publicized product releases in the history of mobile devices. While the iPhone wowed users with its exciting design and features, it also outraged many for not allowing installation of third party applications and for working exclusively with AT&T wireless services for the first two years. Software attacks have been developed to get around both limitations. The development of those attacks and further evaluation revealed several vulnerabilities in iPhone security. In this paper, we examine several of the attacks developed for the iPhone as a way of investigating the iPhone’s security structure. We also analyze the security holes that have been discovered and make suggestions for improving iPhone security
Using smartphones as a proxy for forensic evidence contained in cloud storage services
Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community.
It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services
Remote Control and Monitoring of Smart Home Facilities via Smartphone with Wi-Fly
Due to the widespread ownership of smartphone devices, the application of mobile technologies to enhance the monitoring and control of smart home facilities has attracted much academic attention. This study indicates that tools already in the possession of the end user can be a significant part of the specific context-aware system in the smart home. The behaviour of the system in the context of existing systems will reflect the intention of the client. This model system offers a diverse architectural concept for Wireless Sensor Actuator Mobile Computing in a Smart Home (WiSAMCinSH) and consists of sensors and actuators in various communication channels, with different capacities, paradigms, costs and degree of communication reliability. This paper focuses on the utilization of end users’ smartphone applications to control home devices, and to enable monitoring of the context-aware environment in the smart home to fulfil the needs of the ageing population. It investigates the application of an iPhone to supervise smart home monitoring and control electrical devices, and through this approach, after initial setup of the mobile application, a user can control devices in the smart home from different locations and over various distances
DolphinAtack: Inaudible Voice Commands
Speech recognition (SR) systems such as Siri or Google Now have become an
increasingly popular human-computer interaction method, and have turned various
systems into voice controllable systems(VCS). Prior work on attacking VCS shows
that the hidden voice commands that are incomprehensible to people can control
the systems. Hidden voice commands, though hidden, are nonetheless audible. In
this work, we design a completely inaudible attack, DolphinAttack, that
modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve
inaudibility. By leveraging the nonlinearity of the microphone circuits, the
modulated low frequency audio commands can be successfully demodulated,
recovered, and more importantly interpreted by the speech recognition systems.
We validate DolphinAttack on popular speech recognition systems, including
Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By
injecting a sequence of inaudible voice commands, we show a few
proof-of-concept attacks, which include activating Siri to initiate a FaceTime
call on iPhone, activating Google Now to switch the phone to the airplane mode,
and even manipulating the navigation system in an Audi automobile. We propose
hardware and software defense solutions. We validate that it is feasible to
detect DolphinAttack by classifying the audios using supported vector machine
(SVM), and suggest to re-design voice controllable systems to be resilient to
inaudible voice command attacks.Comment: 15 pages, 17 figure
Conceivable security risks and authentication techniques for smart devices
With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques
Using mobile technology to engage sexual and gender minorities in clinical research.
IntroductionHistorical and current stigmatizing and discriminatory experiences drive sexual and gender minority (SGM) people away from health care and clinical research. Being medically underserved, they face numerous disparities that make them vulnerable to poor health outcomes. Effective methods to engage and recruit SGM people into clinical research studies are needed.ObjectivesTo promote health equity and understand SGM health needs, we sought to design an online, national, longitudinal cohort study entitled The PRIDE (Population Research in Identity and Disparities for Equality) Study that enabled SGM people to safely participate, provide demographic and health data, and generate SGM health-related research ideas.MethodsWe developed an iPhone mobile application ("app") to engage and recruit SGM people to The PRIDE Study-Phase 1. Participants completed demographic and health surveys and joined in asynchronous discussions about SGM health-related topics important to them for future study.ResultsThe PRIDE Study-Phase 1 consented 18,099 participants. Of them, 16,394 provided data. More than 98% identified as a sexual minority, and more than 15% identified as a gender minority. The sample was diverse in terms of sexual orientation, gender identity, age, race, ethnicity, geographic location, education, and individual income. Participants completed 24,022 surveys, provided 3,544 health topics important to them, and cast 60,522 votes indicating their opinion of a particular health topic.ConclusionsWe developed an iPhone app that recruited SGM adults and collected demographic and health data for a new national online cohort study. Digital engagement features empowered participants to become committed stakeholders in the research development process. We believe this is the first time that a mobile app has been used to specifically engage and recruit large numbers of an underrepresented population for clinical research. Similar approaches may be successful, convenient, and cost-effective at engaging and recruiting other vulnerable populations into clinical research studies
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
There is a growing demand for cloud storage services such as Dropbox, Box,
Syncplicity and SugarSync. These public cloud storage services can store
gigabytes of corporate and personal data in remote data centres around the
world, which can then be synchronized to multiple devices. This creates an
environment which is potentially conducive to security incidents, data breaches
and other malicious activities. The forensic investigation of public cloud
environments presents a number of new challenges for the digital forensics
community. However, it is anticipated that end-devices such as smartphones,
will retain data from these cloud storage services. This research investigates
how forensic tools that are currently available to practitioners can be used to
provide a practical solution for the problems related to investigating cloud
storage environments. The research contribution is threefold. First, the
findings from this research support the idea that end-devices which have been
used to access cloud storage services can be used to provide a partial view of
the evidence stored in the cloud service. Second, the research provides a
comparison of the number of files which can be recovered from different
versions of cloud storage applications. In doing so, it also supports the idea
that amalgamating the files recovered from more than one device can result in
the recovery of a more complete dataset. Third, the chapter contributes to the
documentation and evidentiary discussion of the artefacts created from specific
cloud storage applications and different versions of these applications on iOS
and Android smartphones
Security and privacy aspects of mobile applications for post-surgical care
Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries
- …