Book Review of iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices

Hoog, A., and Strzempka, K. (2011).  iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress, Elsevier, xv + 310 pages; ISBN-10: 1597496596; ISBN-13: 978-1597496599, $69.95Reviewed by Simson Garfinkel, Naval Postgraduate SchoolIn April 2011 news outlets around the world revealed shocking news about Apple’s iPhone: for reasons that were not apparently clear, every iPhone contained a small SQLite database that logged where and when the user had been whenever the phone was turned on, and those records went back for pretty much as long as the user had owned their phone. Apple eventually declared that the data cache was the result of a bug and issued a software update to prune the database (it had previously grown without limit). Privacy activists rejoiced that their beloved iPhones were once again trustworthy. But forensics examiners just shook their heads: many had known about the iPhone’s tracking capabilities for more than a year and had kept quiet. They had made good use of that data. Apple’s pro-privacy patch was actually a setback for law enforcement.(see PDF for full review)</p

IPhone Securtity Analysis

The release of Apple’s iPhone was one of the most intensively publicized product releases in the history of mobile devices. While the iPhone wowed users with its exciting design and features, it also outraged many for not allowing installation of third party applications and for working exclusively with AT&T wireless services for the first two years. Software attacks have been developed to get around both limitations. The development of those attacks and further evaluation revealed several vulnerabilities in iPhone security. In this paper, we examine several of the attacks developed for the iPhone as a way of investigating the iPhone’s security structure. We also analyze the security holes that have been discovered and make suggestions for improving iPhone security

Using smartphones as a proxy for forensic evidence contained in cloud storage services

Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community. It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services

Remote Control and Monitoring of Smart Home Facilities via Smartphone with Wi-Fly

Due to the widespread ownership of smartphone devices, the application of mobile technologies to enhance the monitoring and control of smart home facilities has attracted much academic attention. This study indicates that tools already in the possession of the end user can be a significant part of the specific context-aware system in the smart home. The behaviour of the system in the context of existing systems will reflect the intention of the client. This model system offers a diverse architectural concept for Wireless Sensor Actuator Mobile Computing in a Smart Home (WiSAMCinSH) and consists of sensors and actuators in various communication channels, with different capacities, paradigms, costs and degree of communication reliability. This paper focuses on the utilization of end users’ smartphone applications to control home devices, and to enable monitoring of the context-aware environment in the smart home to fulfil the needs of the ageing population. It investigates the application of an iPhone to supervise smart home monitoring and control electrical devices, and through this approach, after initial setup of the mobile application, a user can control devices in the smart home from different locations and over various distances

DolphinAtack: Inaudible Voice Commands

Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems(VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though hidden, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.Comment: 15 pages, 17 figure

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Using mobile technology to engage sexual and gender minorities in clinical research.

IntroductionHistorical and current stigmatizing and discriminatory experiences drive sexual and gender minority (SGM) people away from health care and clinical research. Being medically underserved, they face numerous disparities that make them vulnerable to poor health outcomes. Effective methods to engage and recruit SGM people into clinical research studies are needed.ObjectivesTo promote health equity and understand SGM health needs, we sought to design an online, national, longitudinal cohort study entitled The PRIDE (Population Research in Identity and Disparities for Equality) Study that enabled SGM people to safely participate, provide demographic and health data, and generate SGM health-related research ideas.MethodsWe developed an iPhone mobile application ("app") to engage and recruit SGM people to The PRIDE Study-Phase 1. Participants completed demographic and health surveys and joined in asynchronous discussions about SGM health-related topics important to them for future study.ResultsThe PRIDE Study-Phase 1 consented 18,099 participants. Of them, 16,394 provided data. More than 98% identified as a sexual minority, and more than 15% identified as a gender minority. The sample was diverse in terms of sexual orientation, gender identity, age, race, ethnicity, geographic location, education, and individual income. Participants completed 24,022 surveys, provided 3,544 health topics important to them, and cast 60,522 votes indicating their opinion of a particular health topic.ConclusionsWe developed an iPhone app that recruited SGM adults and collected demographic and health data for a new national online cohort study. Digital engagement features empowered participants to become committed stakeholders in the research development process. We believe this is the first time that a mobile app has been used to specifically engage and recruit large numbers of an underrepresented population for clinical research. Similar approaches may be successful, convenient, and cost-effective at engaging and recruiting other vulnerable populations into clinical research studies

Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers

There is a growing demand for cloud storage services such as Dropbox, Box, Syncplicity and SugarSync. These public cloud storage services can store gigabytes of corporate and personal data in remote data centres around the world, which can then be synchronized to multiple devices. This creates an environment which is potentially conducive to security incidents, data breaches and other malicious activities. The forensic investigation of public cloud environments presents a number of new challenges for the digital forensics community. However, it is anticipated that end-devices such as smartphones, will retain data from these cloud storage services. This research investigates how forensic tools that are currently available to practitioners can be used to provide a practical solution for the problems related to investigating cloud storage environments. The research contribution is threefold. First, the findings from this research support the idea that end-devices which have been used to access cloud storage services can be used to provide a partial view of the evidence stored in the cloud service. Second, the research provides a comparison of the number of files which can be recovered from different versions of cloud storage applications. In doing so, it also supports the idea that amalgamating the files recovered from more than one device can result in the recovery of a more complete dataset. Third, the chapter contributes to the documentation and evidentiary discussion of the artefacts created from specific cloud storage applications and different versions of these applications on iOS and Android smartphones

Security and privacy aspects of mobile applications for post-surgical care

Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries