Join Us!

Is Apple IOS health...
 
Notifications
Clear all

Is Apple IOS health data encrypted  

  RSS
badgerau
(@badgerau)
Member

According to this story, investigators in Germany were able to recover the "health data" from an Apple iPhone to prove that the suspect had climbed stairs, which in turn disproved his statements that he had not. The investigators replicated this at the scene using another phone.

I was under the impression that the Health Data was encrypted and my question is has anyone else been able to extract this data using Cellebrite or any other tool?

https://www.welt.de/vermischtes/article172287105/Mordprozess-Hussein-K-Die-Version-vom-Handeln-im-Affekt-ist-mit-dem-heutigen-Tag-obsolet.html

Google Translate version -https://translate.google.com.au/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fwww.welt.de%2Fvermischtes%2Farticle172287105%2FMordprozess-Hussein-K-Die-Version-vom-Handeln-im-Affekt-ist-mit-dem-heutigen-Tag-obsolet.html&edit-text=

Quote
Posted : 10/01/2018 6:57 pm
mcman
(@mcman)
Active Member

Most of the health and geolocation data for iOS need full file system access which typically means jailbreak but you could go the low tech way and just look at the phone and read the health data off of it. Screenshots have been used many times before.

Jamie

ReplyQuote
Posted : 10/01/2018 7:21 pm
mcman
(@mcman)
Active Member

Sarah Edwards covers a lot of it here, not encrypted, just not as easy to get to
https://www.youtube.com/watch?v=D6cSiHpvboI

ReplyQuote
Posted : 10/01/2018 7:25 pm
jaclaz
(@jaclaz)
Community Legend

The article hints that *somehow* the Munich firm specialized in this stuff managed to "crack" the phone and get access to it.

If this is the case, then seemingly the data was simply read, not encrypted, on the device.

jaclaz

ReplyQuote
Posted : 10/01/2018 7:27 pm
badgerau
(@badgerau)
Member

Thanks Jamie, I will revisit Sarah's stuff.

I think the reference to cracking the phone was in reference to the pin code, which the suspect refused to give up. The article mentions that it took a few months, which leads me to believe that the pin code was cracked by Cellebrite CAIS or similar.

ReplyQuote
Posted : 10/01/2018 7:36 pm
ItsLily
(@itslily)
New Member

Here's Sara Edward's presentation sheet that she uses so you can navigate to the healthdb stuff
https://github.com/mac4n6/Presentations/blob/master/iOS%20of%20Sauron%20-%20How%20iOS%20Tracks%20Everything%20You%20Do/iOS_of_Sauron_04162016.pdf

The steps, meters, flights climbed are pretty dead on. You might have to link the healthdb.sqlite and healthdb_secure.sqlite databases together, and multiple tables, to get the information you're looking for. The "samples" and "quantity_samples" tables inside healthdb_secure.sqlite are the two youre probably looking for, but others will have to be linked to give more context.

As far as if it's encrypted, using a method 1 on cellebrite with their standard encrypted backup let me view these databases with no issues.

ReplyQuote
Posted : 11/01/2018 6:34 pm
badgerau
(@badgerau)
Member

Thanks "ItsLily"

ReplyQuote
Posted : 11/01/2018 8:25 pm
v.katalov
(@v-katalov)
Junior Member

Health data only exists in *encrypted* iTunes backups, but once you have the password from backup, there is no problem to decrypt and analyse the data. Full file system access (with GrayKey or via jailbreaking) is not required. Just note that Health data is not included into backups with no password set.

All the data is stored in healthdb.sqlite and healthdb_secure.sqlite databases; there is also something in healthdb_secure.hfd file, but it is encrypted.

Alternatively, you can download Health data from the iCloud; at this time, Elcomsoft Phone Breaker is the only product that can do that

https://www.elcomsoft.com/eppb.html

ReplyQuote
Posted : 21/01/2019 1:14 pm
Share: