Arxiv:1905.02713V1 [Cs.CR] 7 May 2019

Total Page:16

File Type:pdf, Size:1020Kb

Arxiv:1905.02713V1 [Cs.CR] 7 May 2019 1 An Analysis of Pre-installed Android Software Julien Gamba∗y, Mohammed Rashedy, Abbas Razaghpanahz, Juan Tapiador y and Narseo Vallina-Rodriguez∗x ∗ IMDEA Networks Institute, y Universidad Carlos III de Madrid, z Stony Brook University, x ICSI Abstract end up packaged together in the firmware of a device is not The open-source nature of the Android OS makes it possible transparent, and various isolated cases reported over the last for manufacturers to ship custom versions of the OS along with few years suggest that it lacks end-to-end control mechanisms a set of pre-installed apps, often for product differentiation. to guarantee that shipped firmware is free from vulnerabili- Some device vendors have recently come under scrutiny ties [24], [25] or potentially malicious and unwanted apps. For for potentially invasive private data collection practices and example, at Black Hat USA 2017, Johnson et al. [82], [47] other potentially harmful or unwanted behavior of the pre- gave details of a powerful backdoor present in the firmware installed apps on their devices. Yet, the landscape of pre- of several models of Android smartphones, including the installed software in Android has largely remained unexplored, popular BLU R1 HD. In response to this disclosure, Amazon particularly in terms of the security and privacy implications of removed Blu products from their Prime Exclusive line-up [2]. such customizations. In this paper, we present the first large- A company named Shanghai Adups Technology Co. Ltd. was scale study of pre-installed software on Android devices from pinpointed as responsible for this incident. The same report more than 200 vendors. Our work relies on a large dataset also discussed the case of how vulnerable core system services of real-world Android firmware acquired worldwide using (e.g., the widely deployed MTKLogger component developed crowd-sourcing methods. This allows us to answer questions by the chipset manufacturer MediaTek) could be abused by related to the stakeholders involved in the supply chain, from co-located apps. The infamous Triada trojan has also been device manufacturers and mobile network operators to third- recently found embedded in the firmware of several low-cost party organizations like advertising and tracking services, and Android smartphones [77], [66]. Other cases of malware found social network platforms. Our study allows us to also uncover pre-installed include Loki (spyware and adware) and Slocker relationships between these actors, which seem to revolve (ransomware), which were spotted in the firmware of various primarily around advertising and data-driven services. Overall, high-end phones [6]. the supply chain around Android’s open source model lacks Android handsets also play a key role in the mass-scale transparency and has facilitated potentially harmful behaviors data collection practices followed by many actors in the dig- and backdoored access to sensitive data and services with- ital economy, including advertising and tracking companies. out user consent or awareness. We conclude the paper with OnePlus has been under suspicion of collecting personally recommendations to improve transparency, attribution, and identifiable information (PII) from users of its smartphones accountability in the Android ecosystem. through exceedingly detailed analytics [55], [54], and also de- ploying the capability to remotely root the phone [53], [52]. In I. INTRODUCTION July 2018 the New York Times revealed the existence of secret The openness of the Android source code makes it possible agreements between Facebook and device manufacturers such for any manufacturer to ship a custom version of the OS along as Samsung [32] to collect private data from users without their with proprietary pre-installed apps on the system partition. knowledge. This is currently under investigation by the US Most handset vendors take this opportunity to add value to Federal authorities [33]. Additionally, users from developing arXiv:1905.02713v1 [cs.CR] 7 May 2019 their products as a market differentiator, typically through countries with lax data protection and privacy laws may be at partnerships with Mobile Network Operators (MNOs), online an even greater risk. The Wall Street Journal has exposed the social networks, and content providers. Google does not forbid presence of a pre-installed app that sends users’ geographical this behavior, and it has developed its Android Compatibility location as well as device identifiers to GMobi, a mobile- Program [8] to set the requirements that the modified OS must advertising agency that engages in ad-fraud activities [14], fulfill in order to remain compatible with standard Android [67]. Recently, the European Commission publicly expressed apps, regardless of the modifications introduced. Devices made concern about Chinese manufacturers like Huawei, alleging by vendors that are part of the Android Certified Partners that they were required to cooperate with national intelligence program [5] come pre-loaded with Google’s suite of apps services by installing backdoors on their devices [30]. (e.g., the Play Store and Youtube). Google does not provide details about the certification processes. Companies that want Research Goals and Findings to include the Google Play service without the certification To the best of our knowledge, no research study has so can outsource the design of the product to a certified Original far systematically studied the vast ecosystem of pre-installed Design Manufacturer (ODM) [7]. Android software and the privacy and security concerns asso- Certified or not, not all pre-installed software is deemed as ciated with them. This ecosystem has remained largely unex- wanted by users, and the term “bloatware” is often applied plored due to the inherent difficulty to access such software to such software. The process of how a particular set of apps at scale and across vendors. This state of affairs makes such 2 an study even more relevant, since i) these apps – typically app ecosystem as a whole [78], [84], [85], we find that unavailable on app stores – have mostly escaped the scrutiny of it is also quite prevalent in pre-installed apps. We have researchers and regulators; and ii) regular users are unaware identified instances of user tracking activities by pre- of their presence on the device, which could imply lack of installed Android software – and embedded third-party consent in data collection and other activities. libraries – which range from collecting the usual set of PII In this paper, we seek to shed light on the presence and and geolocation data to more invasive practices that include behavior of pre-installed software across Android devices. In personal email and phone call metadata, contacts, and a particular, we aim to answer the questions below: variety of behavioral and usage statistics in some cases. We also found a few isolated malware samples belonging to • What is the ecosystem of pre-installed apps, including all actors in the supply chain? known families, according to VirusTotal, with prevalence in the last few years (e.g., Xynyin, SnowFox, Rootnik, Triada • What are the relationships between vendors and other stake- holders (e.g., MNOs and third-party services)? and Ztorg), and generic trojans displaying a standard set of malicious behaviors (e.g., silent app promotion, SMS • Do pre-installed apps collect private and personally- identifiable information (PII)? If so, with whom do they fraud, ad fraud, and URL click fraud). share it? All in all, our work reveals complex relationships between • Are there any harmful or other potentially dangerous apps actors in the Android ecosystem, in which user data seems among pre-installed software? to be a major commodity. We uncover a myriad of actors involved in the development of mobile software, as well as To address the points described above, we developed a poor software engineering practices and lack of transparency in research agenda revolving around four main items: the supply chain that unnecessarily increase users’ security and 1) We collected the firmware and traffic information from privacy risks. We conclude this paper with various recommen- real-world devices using crowd-sourcing methods (xII). We dations to palliate this state of affairs, including transparency obtained the firmware from 2,748 users spanning 1,742 models to improve attribution and accountability, and clearer device models from 214 vendors. Our user base covers mechanisms to obtain informed consent. Given the scale of 130 countries from the main Android markets. Our dataset the ecosystem and the need to perform manual inspections, contains 424,584 unique firmware files, but only 9% of the we will gradually make our dataset available to the research collected APKs were found in Google Play. We comple- community and regulators to boost investigations. ment this dataset with traffic flows associated with 139,665 unique apps, including pre-installed ones, provided by over II. DATA COLLECTION 20.4K users of the Lumen app [86] from 144 countries. To Obtaining pre-installed apps and other software artifacts the best of our knowledge, this is the largest dataset of (e.g., certificates installed in the system root store) at scale is real-world Android firmware analyzed so far. challenging. As purchasing all the mobile handset models (and 2) We performed an investigation of the ecosystem of pre- their many variations) available in the market is unfeasible, installed Android apps and the actors involved (xIII) by we decided to crowdsource the
Recommended publications
  • On Client Ledger System™ Software
    Focus on Client Ledger System™ Software A Financial MicroSystems, Inc. Publication • Volume 18, Issue 1 • 4th Quarter of 2012 CLS II (1.61) and CLS-DOS (6.3) Updates are Scheduled for Release December 4th Year-end CLS updates for both CLS II and CLS-DOS are currently scheduled for release December 4th. We originally planned to discontinue CLS-DOS at the end of this year, because it has become increasingly difficult for us to make the required programming changes. However, we have decided to release one final year-end update for CLS-DOS and will continue to support it through September 2013. All future development will focus on CLS II. CLS updates include the new 2012 W-2 and 1099/1098 formats for both laser-printed plain-paper and preprinted forms. Dot-matrix preprinted W-2 and 1099 forms are available only in CLS-DOS. Formats for the standard, two-up, preprinted W-2 and W-3 forms are basically unchanged for 2012. However, the 1099- MISC form has alignment changes and formats for the 1099-INT, 1099-DIV, 1099-B, 1099-C, 1098 and 1096 forms are new. All W-2 and W-3 forms (including Copy A) may be printed on plain paper. Submittable 940, 941, 943 and 944 forms may also be printed on plain paper. For 1099, 1098 and 1096 forms, all copies except Copy A may be printed on plain-paper. Copy A must be filed using “official” scannable forms (the IRS may impose a penalty for using non-scannable forms). The CLS updates also include required changes to the federal 940, 941, 943 and 944 forms for the 2012 year-end.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information
    [Show full text]
  • Apple Business Manager Overview Overview
    Getting Started Guide Apple Business Manager Overview Overview Contents Apple Business Manager is a web-based portal for IT administrators to deploy Overview iPhone, iPad, iPod touch, Apple TV, and Mac all from one place. Working Getting Started seamlessly with your mobile device management (MDM) solution, Apple Configuration Resources Business Manager makes it easy to automate device deployment, purchase apps and distribute content, and create Managed Apple IDs for employees. The Device Enrollment Program (DEP) and the Volume Purchase Program (VPP) are now completely integrated into Apple Business Manager, so organizations can bring together everything needed to deploy Apple devices. These programs will no longer be available starting December 1, 2019. Devices Apple Business Manager enables automated device enrollment, giving organizations a fast, streamlined way to deploy corporate-owned Apple devices and enroll in MDM without having to physically touch or prepare each device. • Simplify the setup process for users by streamlining steps in Setup Assistant, ensuring that employees receive the right configurations immediately upon activation. IT teams can now further customize this experience by providing consent text, corporate branding or modern authentication to employees. • Enable a higher level of control for corporate-owned devices by using supervision, which provides additional device management controls that are not available for other deployment models, including non-removable MDM. • More easily manage default MDM servers by setting a default server that’s based on device type. And you can now manually enroll iPhone, iPad, and Apple TV using Apple Configurator 2, regardless of how you acquired them. Content Apple Business Manager enables organizations to easily buy content in volume.
    [Show full text]
  • Dixon Technologies (India) Limited Corporate Presentation
    Dixon Technologies (India) Limited Corporate Presentation October 2017 Company Overview Dixon Technologies (India) Limited Corporate Presentation 2 Dixon Overview – Largest Home Grown Design-Focused Products & Solutions Company Business overview Engaged in manufacturing of products in the consumer durables, lighting and mobile phones markets in India. Company also provide solutions in reverse logistics i.e. repair and refurbishment services of set top boxes, mobile phones and LED TV panels Fully integrated end-to-end product and solution suite to original equipment manufacturers (“OEMs”) ranging from global sourcing, manufacturing, quality testing and packaging to logistics Diversified product portfolio: LED TVs, washing machine, lighting products (LED bulbs &tubelights, downlighters and CFL bulbs) and mobile phones Leading Market position1: Leading manufacturer of FPD TVs (50.4%), washing machines (42.6%) and CFL and LED lights (38.9%) Founders: 20+ years of experience; Mr Sunil Vachani has been awarded “Man of Electronics” by CEAMA in 2015 Manufacturing Facilities: 6 state-of-the-art manufacturing units in Noida and Dehradun; accredited with quality and environmental management systems certificates Backward integration & global sourcing: In-house capabilities for panel assembly, PCB assembly, wound components, sheet metal and plastic moulding R&D capabilities: Leading original design manufacturer (“ODM”) of lighting products, LED TVs and semi-automatic washing machines Financial Snapshot: Revenue, EBITDA and PAT has grown at
    [Show full text]
  • User Guide Uputstvo Za KorišEnje
    Guide d’utilisateur Manuale d’uso Guía de usuario Guia de utilização Bedienungsanleitung Gebruikershandleiding Instrukcja obsługi Upute za uporabu Korisni<ko uputstvo user guide Uputstvo za korišenje c Inserting your cards Insérer vos cartes / Inserire le vostre card / Instalación de las tarjetas SIM / Inserir os cartões / Ihre Karte einlegen / Installeren SIM-kaart / / / / Vstavljanje kartic / Ubacivanje kartica / ,4,%$$$.'-. 1. 2. 3. 4.4. 5. Micro SIM 1 Micro SIM 2 Micro SD 64GB Getting to Know Your Phone Découvrir votre téléphone / Alla scoperta del vostro telefono / Conoce tu smartphone / Descubra o seu telemóvel / Lernen Sie Ihr Telefon kennen / Telefoon verkennen / / b=4 / Upoznavanje vašeg mobitela / Upoznavanje sa telefonom / Upoznavanje sa telefonom / c*2-, $(2*, 1, 2, 3... User guide The contents of this manual may differ in certain respects from the description of your phone depending on its software version and your telephone operator. CONGRATULATIONS ! You have just purchased your WIKO FREDDY mobile What’s in the Box : phone. This guide contains basic information to get 1. WIKO FREDDY mobile phone you started and quickly familiarise yourself, we hope, 2. AC adaptor with the world of WIKO. 3. Micro USB cable 4. Hands-free kit A complete version of the guidelines, safety 5. User guide instructions and your device usage user guide is 6. Battery available on our website www.wikomobile.com. You can request a printed version via email or printed letter at the address listed at the end of the user guide. ~ The buttons on your phone Button Function On/Off Press and hold the button to turn the phone on or off.
    [Show full text]
  • Barometer of Mobile Internet Connections in Switzerland
    Barometer of mobile internet connections in Switzerland Publication of March 06th 2020 2019 report nPerf is a trademark owned by nPerf SAS, 87 rue de Sèze 69006 LYON – France. Contents 1 Summary of overall results .......................................................................................................... 2 1.1 nPerf score, all technologies combined, [2G->4G] ............................................................... 2 1.2 Our analysis ........................................................................................................................... 3 2 Overall results ............................................................................................................................... 3 2.1 Data amount and distribution ............................................................................................... 3 2.2 Success rate [2G->4G] ........................................................................................................... 4 2.3 Download speed [2G->4G] ..................................................................................................... 4 2.4 Upload speed [2G->4G] ......................................................................................................... 4 2.5 Latency [2G->4G] ................................................................................................................... 5 2.6 Browsing test [2G->4G] ......................................................................................................... 5 2.7 Streaming test [2G->4G]
    [Show full text]
  • Instrukcja Obsługi
    User guide Guide d’utilisateur Manuale d’uso Guía de usuario Guia de utilização Bedienungsanleitung Gebruikershandleiding Instrukcja obsługi wikomobile.com User guide The contents of this manual may differ in certain respects from the description of your phone depending on its software version and your telephone operator. CONGRATULATIONS! not constitute a guarantee under the Applicable law. THIRD PARTY CONTENT AND SERVICES ARE WIKO has no control over the content and services WIKO reserves the right to change or modify the infor- PROVIDED “AS IS.” WIKO DOES NOT GUARANTEE provided by third parties via networks or transmission You have just purchased your WIKO LUBI4 mobile phone. mation contained in this manual at any time. THE CONTENT OR SERVICES SO PROVIDED, EITHER devices. Moreover, third-party services may be This guide contains all the information needed to use the EXPRESSLY OR IMPLIEDLY, FOR ANY PURPOSE terminated or interrupted any time without notice. phone so that you can quickly familiarise yourself, we Limitation of Liability WHATSOEVER. WIKO EXPRESSLY DISCLAIMS ANY Therefore, WIKO makes no representation or hope, with the world of WIKO. All content and services accessible through this WARRANTIES OF MERCHANTABILITY OR FITNESS warranty whatsoever as to the availability of any third device are the exclusive property of third parties and FOR A PARTICULAR PURPOSE. WIKO DOES NOT party content or service and expressly declines any Copyright © 2015 WIKO are protected by the relevant laws (copyright, patent, GUARANTEE THE ACCURACY, VALIDITY, LEGALITY, responsibility for such termination or interruption. The information contained in this manual may not be licence and/or other intellectual property laws).
    [Show full text]
  • Secure Software Distribution System
    SECURE SOFTWARE DISTRIBUTION SYSTEM Tony Bartoletti ([email protected]), Lauri A. Dobbs ([email protected]), Marcey Kelley ([email protected]) Computer Security Technology Center Lawrence Livermore National Laboratory PO Box 808 L-303 Livermore, CA 94551 June 18, 1997 Abstract Authenticating and upgrading system software plays a critical role in information security, yet practical tools for assessing and installing software are lacking in today’s marketplace. The Secure Software Distribution System (SSDS) will provide automated analysis, notification, distribution, and installation of security patches and related software to network-based computer systems in a vendor-independent fashion. SSDS will assist with the authentication of software by comparing the system’s objects with the patch’s objects. SSDS will monitor vendors’ patch sites to determine when new patches are released and will upgrade system software on target systems automatically. This paper describes the design of SSDS. Motivations behind the project, the advantages of SSDS over existing tools as well as the current status of the project are also discussed. Keywords: security, distributed, software management DISCLAIMER This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California.
    [Show full text]
  • Weekly Wireless Report WEEK ENDING August 8, 2014
    Weekly Wireless Report WEEK ENDING August 8, 2014 INSIDE THIS ISSUE: This Week’s Stories THIS WEEK’S STORIES Samsung, Apple Agree To Drop Lawsuits Outside U.S. Samsung, Apple Agree To August 7, 2014 Drop Lawsuits Outside U.S. Samsung and Apple Inc. have agreed to end all patent lawsuits between each other outside the U.S. in Sprint And T-Mobile Shares a step back from three years of legal hostilities between the world's two largest smartphone makers. Plunge After Reportedly However, Samsung Electronics Co. said Wednesday that it and Apple will continue to pursue existing Abandoning Merger Plans cases in U.S. courts. The two companies did not strike any cross-licensing deal. PRODUCTS & SERVICES "Samsung and Apple have agreed to drop all litigation between the two companies outside the United States," the South Korean company said in a statement. "This agreement does not involve any licensing Blu Debuts $89 Unlocked, arrangements, and the companies are continuing to pursue the existing cases in U.S. courts." Spec'ed Out Android Phones The announcement is a significant lessening of corporate hostilities after years of bitter patent disputes Lenovo's New Flagship over the intellectual property rights for mobile Relevant Products/Services designs and technology. The Features Quad HD Screen, legal fights spanned about a dozen countries in Asia, North America and Europe. Metal Body and Huge Battery Lawsuits and other legal actions by Samsung and Apple will come to an end in countries including EMERGING TECHNOLOGY Germany, England, France, Spain, Italy, the Netherlands, South Korea, Japan and Australia.
    [Show full text]
  • Compatibility Sheet
    COMPATIBILITY SHEET SanDisk Ultra Dual USB Drive Transfer Files Easily from Your Smartphone or Tablet Using the SanDisk Ultra Dual USB Drive, you can easily move files from your Android™ smartphone or tablet1 to your computer, freeing up space for music, photos, or HD videos2 Please check for your phone/tablet or mobile device compatiblity below. If your device is not listed, please check with your device manufacturer for OTG compatibility. Acer Acer A3-A10 Acer EE6 Acer W510 tab Alcatel Alcatel_7049D Flash 2 Pop4S(5095K) Archos Diamond S ASUS ASUS FonePad Note 6 ASUS FonePad 7 LTE ASUS Infinity 2 ASUS MeMo Pad (ME172V) * ASUS MeMo Pad 8 ASUS MeMo Pad 10 ASUS ZenFone 2 ASUS ZenFone 3 Laser ASUS ZenFone 5 (LTE/A500KL) ASUS ZenFone 6 BlackBerry Passport Prevro Z30 Blu Vivo 5R Celkon Celkon Q455 Celkon Q500 Celkon Millenia Epic Q550 CoolPad (酷派) CoolPad 8730 * CoolPad 9190L * CoolPad Note 5 CoolPad X7 大神 * Datawind Ubislate 7Ci Dell Venue 8 Venue 10 Pro Gionee (金立) Gionee E7 * Gionee Elife S5.5 Gionee Elife S7 Gionee Elife E8 Gionee Marathon M3 Gionee S5.5 * Gionee P7 Max HTC HTC Butterfly HTC Butterfly 3 HTC Butterfly S HTC Droid DNA (6435LVW) HTC Droid (htc 6435luw) HTC Desire 10 Pro HTC Desire 500 Dual HTC Desire 601 HTC Desire 620h HTC Desire 700 Dual HTC Desire 816 HTC Desire 816W HTC Desire 828 Dual HTC Desire X * HTC J Butterfly (HTL23) HTC J Butterfly (HTV31) HTC Nexus 9 Tab HTC One (6500LVW) HTC One A9 HTC One E8 HTC One M8 HTC One M9 HTC One M9 Plus HTC One M9 (0PJA1)
    [Show full text]
  • Kace Asset Management Guide
    Kace Asset Management Guide Metaphorical Lucio always evangelising his synarchy if Moishe is capitular or writhe sufferably. Hymenopterous Sibyl always politicks his decimators if Aub is alabastrine or site photogenically. Which Rodolph breezed so fined that Swen inculcated her speculator? With kace customers run quest kace systems management, united states merchant marine academy. Maintenance costs have been annualized over several period on three years to extract their harvest over time. Comparing suites from sap helps clients bring their asset management solutions provider hardinge inc, kace asset management are stored in lifecycle management feature relies on active assets. Learn how asset management leaders are ensuring a reliable and sustainable supply chain, Microsoft and Symantec all require the installation of an agent to perform OS and application discovery tasks, and Symantec problems. You need to unselect a conflict with. Using Custom fields Within software Asset where in Dell KACE, etc. Are you sure you as to delete your attachment? All four evaluated solutions include: antioch university as well as it opens a solution helps track down systems management? An integrated mechanism to report problems and service requests enables prompt response to end users and reduces administrative roadblocks. Product was easy to use. To analyze the opportunities in the market for stakeholders by identifying the high growth segments. Best Practices in Lifecycle Management: Comparing Suites from Dell, and complete security. Although Microsoft does not natively include vulnerability scans, this in proper way detracts from our investment in supporting operating systems regardless of equipment brand. Past performance is just poor indicator of future performance.
    [Show full text]
  • RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.0 | March 2016 UFED LOGICAL ANALYZER
    NOW SUPPORTING 19,203 DEVICE PROFILES +1,528 APP VERSIONS UFED TOUCH, UFED 4PC, RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.0 | March 2016 UFED LOGICAL ANALYZER COMMON/KNOWN HIGHLIGHTS System Images IMAGE FILTER ◼ Temporary root (ADB) solution for selected Android Focus on the relevant media files and devices running OS 4.3-5.1.1 – this capability enables file get to the evidence you need fast system and physical extraction methods and decoding from devices running OS 4.3-5.1.1 32-bit with ADB enabled. In addition, this capability enables extraction of apps data for logical extraction. This version EXTRACT DATA FROM BLOCKED APPS adds this capability for 110 devices and many more will First in the Industry – Access blocked application data with file be added in coming releases. system extraction ◼ Enhanced physical extraction while bypassing lock of 27 Samsung Android devices with APQ8084 chipset (Snapdragon 805), including Samsung Galaxy Note 4, Note Edge, and Note 4 Duos. This chipset was previously supported with UFED, but due to operating system EXCLUSIVE: UNIFY MULTIPLE EXTRACTIONS changes, this capability was temporarily unavailable. In the world of devices, operating system changes Merge multiple extractions in single unified report for more frequently, and thus, influence our support abilities. efficient investigations As our ongoing effort to continue to provide our customers with technological breakthroughs, Cellebrite Logical 10K items developed a new method to overcome this barrier. Physical 20K items 22K items ◼ File system and logical extraction and decoding support for iPhone SE Samsung Galaxy S7 and LG G5 devices. File System 15K items ◼ Physical extraction and decoding support for a new family of TomTom devices (including Go 1000 Point Trading, 4CQ01 Go 2505 Mm, 4CT50, 4CR52 Go Live 1015 and 4CS03 Go 2405).
    [Show full text]