Apps included Signal, Skype, WeChat, Gmail, Facebook, WhatsApp, and Telegram running on a Samsung S4, LG G3, and HTC One.It is a "new paradigm in smartphone forensics", according to the team of Brendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, and Dongyan Xu of Purdue University, and Golden G. Richard III of the University of New Orleans."We feel without exaggeration that this technology really represents a new paradigm in smartphone forensics," Saltaformaggio says."It is very different from all the existing methodologies for analyzing both hard drives and volatile memories."The lead author says he was "amazed" by the lack of in-memory app data protection reckoning that information should be "shredded" after it is displayed.Writing over expired screens will impact smartphone performance however and the team did not find an easy way to counter their forensic data extraction methods.

The team's work builds extends early research which recovered the last screen displayed by an Android application.Retroscope is described in the paper Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images [PDF] and in a proof-of-concept video as a tool for police to pull new information from smartphones that have not been locked or shut down.
Retroscope is inspired by the observations that app-internal data on previous screens exists much longer in memory than the GUI data structures that 'package' them and each app is able to perform context-free redrawing of its screens upon command from the Android framework.
Based on these, RetroScope employs a novel interleaved re-execution engine to selectively reanimate an app’s screen redrawing functionality from within a memory image. Our evaluation shows that RetroScope is able to recover full temporally-ordered sets of screens (each with 3 to 11 screens) for a variety of popular apps on a number of different Android devices.Police have methods for preserving machines that have been left on in a bid to capture decrypted information and data stored in memory.Jailed Silk Road kingpin Ross Ulbricht was nabbed in a public library with his laptop still running, securing police additional crucial evidence.

• Battery for SONY VGP-BPS22


• Battery for SONY VGP-BPS21A


• Battery for Sony VGP-BPS13/S


• Battery for Sony VGP-BPS9


• Battery for Sony VGP-BPS8


• Battery for SONY VGP-BPL22


• Battery for Samsung RC512

Security researchers will demonstrate how crooks can break into cars at will using wireless signals that can unlock millions of vulnerable vehicles.The eggheads, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, have managed to clone a VW Group remote control key fob after eavesdropping on the gizmos' radio transmissions.The hack can be used by thieves to wirelessly unlock as many as 100 million VW cars, each at the press of a button. Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The problem stems from VW’s reliance on a “few, global master keys.”El Reg asked Volkswagen to comment on the findings, but we didn’t hear back at the time of going to press. We’ll update this story as and when we hear anything more.During an upcoming presentation, titled Lock It and Still Lose It — on the (In)Security of Automotive Remote Keyless Entry Systems at the Usenix security conference (abstract below) – the researchers are also due to outline a different set of cryptographic flaws in keyless entry systems as used by car manufacturers including Ford, Mitsubishi, Nissan and Peugeot.

The two examples are designed to raise awareness and show that keyless entry systems are insecure and ought to be re-engineered in much the same way that car immobilisers were previously shown to provide less than adequate protection.While most automotive immobiliser systems have been shown to be insecure in the last few years, the security of remote keyless entry systems (to lock and unlock a car) based on rolling codes has received less attention. In this paper, we close this gap and present vulnerabilities in keyless entry schemes used by major manufacturers.
In our first case study, we show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorised access to a vehicle by eavesdropping a single signal sent by the original remote.Secondly, we describe the Hitag2 rolling code scheme (used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others) in full detail. We present a novel correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop. Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles.

• Battery for Samsung NP-R520


• Battery for Samsung NP-R468


• Battery for Samsung AA-PB9NS6B


• Battery for Samsung AA-PB4NC6B


• Battery for LENOVO ThinkPad W700


• Battery for LENOVO ThinkPad Edge E330


• Battery for Lenovo IdeaPad S10-3


• Battery for Lenovo G575M

Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen. This earlier research on how the ignition key used to start cars might be subverted was eventually presented last year, following a two year legally enforced postponement.The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles' owners without covering how their engines might subsequently be turned on.WiReD reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob. Alternatively, a software defined radio rig connected to a laptop might be employed. Either way, captured data can be used to make counterfeit kit.Jason Hart, CTO data protection at Gemalto, said: “The security of connected cars is one of the biggest issues that manufacturers are faced with today as it has the potential to be one of the most dangerous connected ecosystems. While no car, or device for that matter, can ever be 100% unhackable, there are some key security precautions that original equipment manufacturers must incorporate.

To add a comment please login by clicking here