Week 3 - Mobile Device Components - Security Features Flashcards
List the different ways that mobile devices can be locked by the user / network provider or manufacturer
- User enabled security locks to the device itself
- User enabled security locks to specific folders / locations
- Network provider can enable a network lock (enabled to only work on a specific network), country specific locks (to enable it to work only in a specific country) or SIM lock (to only enable that device to work only with that SIM)
Some vendors (like Samsung with Nox) create seperate security related partitions on their devices.
User enabled security locks can be biometrics, codes, passwords, pattern locks, screen saver passwords (after a user defined period).
Some handset locks are simply stored in ASCII, some are encrypted on the device, some are biometric.
What are the Options for LE to Access Locked Handsets?
Options:
- Ask the user (may be an offence not to supply)
- manufacturer default ( e.g. Nokia 12345, Samsung 00000000, Motorola 000000, SE 0000)
- Remember incorrect attempts may wipe the device intentionally or reset to factory settings thus deleting user data
- Forensic tool may be able to bypass a lock. But you have no method of corroborating the device data by using the device’s interface manually.
- Unlock software to bypass code (are you confident in the tool?_
- Manufacturere approaved service centre may be able to unlock but might delete user data
- Full physical extraction (hex dump) if possible may obtain the access code and other data not visible on logical exam.
Ongoing problem for LE - current vendors increasing security of devices with no assistance for LE to have legitimate access.
Device Encryption
- A major challenge.
- Some operating systems such as IOS and Android have encryption enabled as defualt. Implemented differently by each vendor.
- Means that a physical aquisition of flash memory will only result in encrypted data. How to decrypt?
- Other vendors implement technology for secure partitions like Samsun Nox.
- Other devices are developed from the start with security in mind. Have hardened OS and secure comms options. Some use PGP encryption.
- Other vendors use dual operating system devices that provide a number of different options for security 7 disabling certain features / functions of the device for security.
- Encrypted communication applications are common for secure communications. App content stored on the device using different encryption techniques. Requires ongoing reserach & investigation to overcome these challenges for LE
Remote Wiping
-A risk to LE. Only ever leave seized devices to network connections in exceptional circumstances.
- Can be issued via the mobile network or WiFi when certain user defined conditions are met.
- Available on all main operating systems