![]() ![]() I mean, when I got my first computer, and though I cannot say what that was, but it was like a tenth of the processing speed of my current phone on my pocket.Īnd people don’t realize all the fascinating things that they have on their phone, and what their phone knows. A lot of people have done a computer thing, a lot of people have done laptop forensic analysis etc., but something we don’t realize is we’ve got this essentially super computer in our pocket. What I am really specifically focusing on is Android application security. So essentially, what I am trying to say is that there are a lot of ways our phones could f**ck us (see image). Or your roommate who is also on your wireless network can do a lot of damage, assuming how close you are with your roommate or the guy next door if you are using WAP. And I am not saying the ISPs can be evil, but if they wanted to be, there is a good chance that they can do a lot and a lot of damage. Most people just sign that contract and assume that the ISP has their best interest at heart. And all this data can be filtered, logged, and analyzed by third party. Some of our applications send: licensing and registration data, update information, demographic data etc. And a lot of companies are really good at protecting that, that’s why they hash your passwords, but the simple fact that I may look at is that it’s a huge not only privacy risk, but security vulnerability. I mean nobody wants to be handing out their usernames, passwords or anything else. ![]() And along there, whether or not I have access to your actual computer, I might have access to your network traffic, and through that, I have access to lot of fascinating information. When you log into Twitter for example, most people think: “Oh, my computer, Twitter – that’s all that’s happening”, but they don’t realize that they are going from most likely their laptop, iPhone, iPad, iDevice etc., to probably a wireless router, which then connects to the ISP, which then is routed over the Internet to Twitter service. And a lot of people don’t think of all the third parties that affect that. But we send all of these amazing things over the Internet, and we think to ourselves: “Oh, I am sending my password to this service”. We send usernames, passwords, hashes, URLs, lolcat pictures with your Grandma. Everything you did was on that terminal.īut now we send all sorts of things to everyone. I mean, back in the day before the advent of the Internet, and the beauty that is network communications, people just had a single computer that was not connected to anything else. So, how does network forensics affect us? All of us use network devices: we use laptops, phones, etc. Or network forensics can be called: listening to the wire for fun, ?, profit and lulz. is actually sharing with your network and the world. So listening on the wire gives you a definite perspective, and it lets you really understand what your phone, your laptop, your server, etc. You’ve got traditional forensics, you know, we take your hard drive, you ‘dd’ 1 it, you make an image, you analyze it, and then you try and say: “Hey, what’s on this hard drive?”īut there is also network forensics, and that’s where you’re going: “What is going over the wire? What is my computer leaking? What is going on?” I mean, with traditional forensics, unless you pull the memory, you won’t ever realize that there is something loaded in the memory leaking any number of things. So what is network forensics? The Wikipedia article says: “ Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.” But basically it’s sniffing packets on the wire. I also want to touch a little bit on network forensics, because this is what I used to help discover what’s being shared over your Android phone. ![]() Maybe at home you’ve got a smartphone and you don’t realize that every day it’s leaking your location, your apps, and some other interesting facts. I think that our privacy that we have is eroding, and we don’t exactly know what’s happening. So what I am going to show you today is I am going to start with some definitions and testing methodology, kind of going into how I analyzed the packets, what I was looking for, what I found, some fun findings I found through all of this and then I’ll come to a conclusion (see preview).īut what I am trying to cover here is some distinct topics, privacy especially I mean, obviously – it’s in the title.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |