| 1. |
- Alendal, Gunnar, et al.
(författare)
-
Chip chop - smashing the mobile phone secure chip for fun and digital forensics
- 2021
-
Ingår i: Forensic Science International: Digital Investigation. - : Elsevier BV. - 2666-2817. ; 37
-
Tidskriftsartikel (refereegranskat)abstract
- Performing mobile phone acquisition today requires breaking—often hardware assisted—security. In recent years, Embedded Secure Element (eSE) hardware has been introduced in mobile phones, with a view towards increasing the security of critical system features and encrypted user data. The idea being that the eSE should remain secure even if the rest of the system is compromised. The eSE is set to become crucial to modern mobile phone security, challenging Digital Forensics. The eSE is designed to withstand both logical and physical attacks, including side channel attacks, and to keep the attack surface towards the rest of the system/phone small, and complexity low to minimise the risk of implementation errors.In this paper we adapt current state-of-the-art attacks to the eSE platform and present an attack on an eSE by Samsung, recently introduced in their premium mobile phones. We show how, with limited resources, our approach discovered a vulnerability that could be exploited, leading to a complete compromise of all the eSE security goals and a full loss of future eSE trust, as mitigation of our attack in already fielded devices is challenging. This eSE is Common Criteria EAL 5+ certified and our attack exposes the gap between intended and achieved security, undermining the implied trust in such certifications.We explain the eSE security design, the details of our attack, and discuss how a single vulnerability can have such devastating security results. The ultimate result of our research facilitates acquisition of affected devices, demonstrating use of offensive methods in advanced Digital Forensic Acquisition.
|
|
| 2. |
- Alendal, Gunnar, et al.
(författare)
-
DIGITAL FORENSIC ACQUISITION KILL CHAIN – ANALYSIS AND DEMONSTRATION
- 2021
-
Ingår i: Advances in Digital Forensics XVII. - Cham : Springer Nature. - 9783030883805 - 9783030883812 ; , s. 3-19
-
Bokkapitel (refereegranskat)abstract
- The increasing complexity and security of consumer products pose major challenges to digital forensics. Gaining access to encrypted user data without user credentials is a very difficult task. Such situations may require law enforcement to leverage offensive techniques – such as vulnerability exploitation – to bypass security measures in order to retrieve data in digital forensic investigations. This chapter proposes a digital forensic acquisition kill chain to assist law enforcement in acquiring forensic data using offensive techniques. The concept is discussed and examples are provided to illustrate the various kill chain phases. The anticipated results of applying the kill chain include improvements in performance and success rates in short-term, case-motivated, digital forensic acquisition scenarios as well as in long-term, case-independent planning and research scenarios focused on identifying vulnerabilities and leveraging them in digital forensic acquisition methods and tools.
|
|
| 3. |
- Alendal, Gunnar, et al.
(författare)
-
Exploiting Vendor-Defined Messages in the USB Power Delivery Protocol
- 2019
-
Ingår i: Advances in Digital Forensics XV. - Cham : Springer. - 9783030287511 - 9783030287528 ; , s. 101-118
-
Konferensbidrag (refereegranskat)abstract
- The USB Power Delivery protocol enables USB-connected devices to negotiate power delivery and exchange data over a single connection such as a USB Type-C cable. The protocol incorporates standard commands; however, it also enables vendors to add non-standard commands called vendor-defined messages. These messages are similar to the vendor-specific commands in the SCSI protocol, which enable vendors to specify undocumented commands to implement functionality that meets their needs. Such commands can be employed to enable firmware updates, memory dumps and even backdoors.This chapter analyzes vendor-defined message support in devices that employ the USB Power Delivery protocol, the ultimate goal being to identify messages that could be leveraged in digital forensic investigations to acquire data stored in the devices.© IFIP International Federation for Information Processing 2019
|
|
| 4. |
- Alendal, Gunnar, et al.
(författare)
-
Forensics acquisition – Analysis and circumvention of samsung secure boot enforced common criteria mode
- 2018
-
Ingår i: Digital Investigation. The International Journal of Digital Forensics and Incident Response. - Kidlington : Elsevier. - 1742-2876 .- 1873-202X. ; 24:Suppl., s. S60-S67
-
Tidskriftsartikel (refereegranskat)abstract
- The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security level and complexity of mobile phones (and other embedded devices). In addition, it is often difficult or impossible to get access to design specifications, documentation and source code. As a result, the forensic acquisition methods are also increasing in complexity, requiring an ever deeper understanding of the underlying technology and its security mechanisms. Forensic acquisition techniques are turning to more offensive solutions to bypass security mechanisms, through security vulnerabilities. Common Criteria mode is a security feature that increases the security level of Samsung devices, and thus make forensic acquisition more difficult for law enforcement. With no access to design documents or source code, we have reverse engineered how the Common Criteria mode is actually implemented and protected by Samsung's secure bootloader. We present how this security mode is enforced, security vulnerabilities therein, and how the discovered security vulnerabilities can be used to circumvent Common Criteria mode for further forensic acquisition. © 2018 The Author(s). Published by Elsevier Ltd on behalf of DFRWS.
|
|
| 5. |
- Alendal, Gunnar, et al.
(författare)
-
LEVERAGING USB POWER DELIVERY IMPLEMENTATIONS FOR DIGITAL FORENSIC ACQUISITION
- 2021
-
Ingår i: Advances in Digital Forensics XVII. - Cham : Springer Nature. - 9783030883805 - 9783030883812 ; , s. 111-133
-
Bokkapitel (refereegranskat)abstract
- Modern consumer devices present major challenges in digital forensic investigations due to security mechanisms that protect user data. The entire physical attack surface of a seized device such as a mobile phone must be considered in an effort to acquire data of forensic value. Several USB protocols have been introduced in recent years, including Power Delivery, which enables negotiations of power delivery to or from attached devices. A key feature is that the protocol is handled by dedicated hardware that is beyond the control of the device operating systems. This self-contained design is a security liability with its own attack surface and undocumented trust relationships with other peripherals and the main system-on-chips. This chapter presents a methodology for vulnerability discovery in USB Power Delivery implementations for Apple devices. The protocol and Apple-specific communications are reverse engineered, along with the firmware of the dedicated USB Power Delivery hardware. The investigation of the attack surface and potential security vulnerabilities can facilitate data acquisition in digital forensic investigations.
|
|
