±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 2
New Yesterday: 2
Overall: 26922
Visitors: 59

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Chip Off/JTAG: the beginning of the end?

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Sun Nov 25, 2012 6:50 am

- trewmte

For clarity and avoidance of doubt the comments are directed to smart phones. I fully accept the term mobile phone will equally be used in an inter-changeable fashion.


It is nowadays a very thin line, but I believe it still exists.

As I see it "SmartPhones" are real "little sized" computers and the trend is to have them even more so, thus *anything* that is appearing on the market, one way or the other, tends to "mimic" what happens on "real" computers, and since the accent on security/privacy has been lately IMHO being increased, it is very likely that things such as "on the fly encryption" will be more common.
This makes sense also from a Commercial point of view, you have a device that already has a powerful processor and that you are trying to sell to customers (that largely already have a perfectly working mobile phone) by leveraging on the "added features" your product has when compared to the competitors, for some time it has been "touch screen", then it has been "touch screen with gestures", "security/encryption" while less evident to the eye, might well be next "added feature".

"Mobile phones" is IMHO a much broader definition that, while including the above, could be referred to millions or billions or much simpler (and cheaper) devices that are less likely to have this kind of feature (that has anyway a cost).


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Sun Nov 25, 2012 2:44 pm

Your observation is as good as any other observation primarily because mobile/smart phone is open to interpretation. In this regard you really can't go wrong, just use the term you think is most suited to the topic.

www.webopedia.com/DidY...ne_pda.asp
A smartphone is considered to be the combination of the traditional PDA and cellular phone, with a bigger focus on the cellular phone part. These handheld devices integrates mobile phone capabilities with the more common features of a handheld computer or PDA. Smartphones allow users to store information, e-mail, install programs, along with using a mobile phone in one device. A smartphone's features is usually more oriented towards mobile phone options than the PDA-like features. There is no industry standard for what defines a smartphone, so any mobile device that has more than basic cellphone capabilities can actually be filed under the smartphone category of devices.

en.wikipedia.org/wiki/Smartphone
en.wikipedia.org/wiki/Mobile_phone

Where it would change and specifics might be required are in patent cases, intellectual property disputes and precise definition required by a court or tribunal etc.

There are cellular mobile phone standards - as you know called mobile equipment (ME) and user equipment (UE) - see GSM, ETSI, 3GPP etc standards for the avoidance of doubt. However, none of those standard are smartphone standards, although I see plenty of 3GPP articles about smartphones and in particular relation to 3G HSPA/LTE, so there could be change in the future.

The reason a cellular telephone (aka mobile phone, smart phone etc) is not a computer at first instance is because it is transmits rf emissions in licenced bands which are required to be lawfully authorised for use. A pda, laptop, PC etc without licenced RF usage do not occupy a place requiring lawful authorisation in the same context.

[As a slightly off topic point but again opens up discussion about interpretation: I do remember some discussions with LE back in 2005/6 trying to decide an LE inhouse departmental political issue. If a laptop arrived with e.g. an GSM card inserted or integrated GSM chipset should the exhibit be sent for a computer lab examination or mobile phone lab examination? I think we are all still waiting for the answer as to what they settled on in the end.]

So if people want to use mobile/smart phone, whilst distinction could be made about capability of one device versus another it is not possible to deem a specific term 'must' be adhered to.

However, with relevance to the point for this thread, the later smartphones are the devices mostly referenced to erasure/sanitisation etc.

I would be interested in your observations jaclaz regarding the Tabernus/Blancco erasure/sanitisation claims?
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup 

trewmte
Senior Member
 
 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Mon Nov 26, 2012 6:54 am

- trewmte

I would be interested in your observations jaclaz regarding the Tabernus/Blancco erasure/sanitisation claims?


Actually I have none (or none with some actual value/relevance).

The Tabernus looks like more like a "service company" than anything else.

The blancco seem to provide (among others) specific "smartphone" oriented data sanitizing software.

As often happens it is very difficult without analyzing the demos (if and whether those demos are actually representative of the "real" software) to distinguish between "actual performance" and "advertising jargon/themes".

What strikes me is the claim about number of "items" processable per day, like the 300 smartphones/day or the 75/100 hard disks (expecially these latter).
Besides the fact that I find "rare" that someone has to process those numbers of devices, given the time that is needed to do a single SafeErase (which to my knowledge takes hours, not minutes, and is the fastest available approach) the only possible approach, to get 75-100 disks erased in a day is having before you 100 assembled and powered computers and initiating (by booting form CD/DVD) an Erase/Wipe session every 8*60/100=4.8 or 8*60/75= 6.4 minutes, which makes this theoretically highly specialized chore a "factory production line" where a "trained monkey" inserts/ejects CD's/DVD's or USB sticks and presses a few keys as fast as it can.
Shocked
I think I could be faster with 100 CD's or USB sticks of a bootable Linux minidistro with hdparm or with the CMRR SafeErase DOS boodisk.... Rolling Eyes

Personally I find this:
www.blancco.com/us/pro.../tool-kit/
a good example of a nice - but completely unlike "substantial" set (looks prevail over function).

Really nice looking, mind you Smile , but what is the point?
Is there a need to disassemble the hard disk from the PC? (hence the flashlight and the multi-tool) or is there a need to boot from a CD/DVD or USB stick? (and then where is the "quadruple connection" IDE/SATA/FireWire/SCSI CD/DVD portable reader?)

Nice carbon fiber case, nice, good looking contents, but is that stuff actually *needed*?

My impression is that these guys have seen too many times "Mission Impossible" or similar "spy movies", possibly "Nikita"...

You know, something like:
We have some precious data that noone should be able to access anymore....
Quick, call Victor "The Cleaner"...
And someone with a long coat, sunglasses and hat (and the carbon fiber case) appears at the premises within 5 minutes....


25.media.tumblr.com/tu...o1_500.jpg

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Tue Nov 27, 2012 2:17 am

The handset manufacturers do have erasure facilities and have done so as far back as I can remember from my Type Approvals days in the 1980s/1990s. Test chips were infilled with meaningless data to the maximum memory size of the chip's capacity and then two tests were conducted - "deleted" and "erased". The deletion test was merely to see if re-recording of data would be a problem. The erasure test was to see if any enhancement or improvement would be gained. No chip off was necessary for these tests.

So product description vis-a-vis actual capability is important. I agree with you jaclaz we need more info from Blancco.


For some stats on smart phones have a read of this.

venturebeat.com/2012/1...and-africa
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup 

trewmte
Senior Member
 
 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Tue Nov 27, 2012 9:56 am

If I get a device from a suspect, what is the probability that just prior to collection the device was sent to a third party for detailed erasure?
What is the probability that a software and hardware combination for in-house erasure is not detected and identified, and was performed?

Chip-off - With with the latest encrypted iOS devices, isn't at least part of the encryption key outside of the general storage (flash memory)? This makes the chip-off more complicated as it requires the other device to be probed. Sort of like TPM on PCs.

JTAG - I have run into several devices where I know the IC should have JTAG on it per documentation, but the actual JTAG on the chip is inaccessible.

Mobile vs/or smart phone - I care little. Smart phones are indeed are a subset of mobile telephones. Non-smart phones are embedded systems. At a very high level, they both have a centralized processing device, a storage, and a semi-permanent instruction set. To separate them too much it is like saying devices prior to multitasking OSes were not computers because they did not multitask.

If we take it even further back, (IMTS and radio telephone) when there was no "programming" and the device was truly dedicated to a single function, the separation is much clearer to me.

As for the monolithic device issue, thanks jaclaz, but Nikolko's solution is almost impossible for me to implement. First, I would probably tear the device to shreds with a sanding tool. After sanding, I still would need the tools to put nails at the right spots... very very small spots... Mr. Green (Interestingly, if Nikolko is in Moscow, why is he using English labeled polish?)  

jhup
Senior Member
 
 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Tue Nov 27, 2012 10:18 am

- jhup

As for the monolithic device issue, thanks jaclaz, but Nikolko's solution is almost impossible for me to implement. First, I would probably tear the device to shreds with a sanding tool. After sanding, I still would need the tools to put nails at the right spots... very very small spots... Mr. Green (Interestingly, if Nikolko is in Moscow, why is he using English labeled polish?)

As a matter of fact I posted the info tagging it as "looking horrible". Rolling Eyes

But I believe it is doable, of course if you come from a page that says (between the lines):
  1. DO NOT use sanding tools
  2. use INSTEAD a high speed felt roller and (very fine) polish paste

saying:
- jhup

First, I would probably tear the device to shreds with a sanding tool. After sanding, ...


my guess is that you won't be able to replicate that. Shocked

Seriously, the guys at flash-extractor.com/ do know where their towel is when it comes to these USB thingies.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Chip Off/JTAG: the beginning of the end?

Post Posted: Tue Nov 27, 2012 8:41 pm

Fine rubbing. Polishing, whatever. I understand the difference. Not interested on arguing on particle size.

I have seen their work. I was deprecating my abilities at this time to perform the process. Once the PCB exposed, I could not make heads or tails of it.  

jhup
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 2 of 2
Go to page Previous  1, 2