Profile picture
, 13 tweets, 3 min read
My Authors
Read all threads
Current status: doing forensics on my own iPhone to do the same sort of network data report as in that Bezos forensics report:
It appears that not only can I track data usage, I can narrow it down to which App did the usage. In other words, that I can know if it was Snapchat, WhatsApp, or whatever that was responsible for the uploads.
Well, yes, it appears I can know from forensics which app is responsible for "unauthorized data exfiltration".
In other words, that forensics report could have told us which app was doing the "unauthorized exfiltration", but chose not to. Or the forensics is woefully incomplete.
So let's pop this data over from SQLite into Excel and graph traffic by date. We see that it's spikey, like Bezo's phone.
Hmm, that's a big spike at the end of June 2018. What apps are responsible for this traffic?
(FYI: this isn't actually my phone, but my sister's phone. I was confused as to which iPhone backup I was looking at).
The point is that we can drill down a bit better as to which app is doing the unusual traffic, and by how much.
BTW: this is something anybody can do:
* use iTunes to create a backup of your phone onto your computer
* use tools to extract the data, like "iPhone Backup Extractor"
* grab /private/var/wireless/Library/Databases/DataUsage.sqlite
* use SQLlite tools to browse this file
To extract this data to save to CSV to import into Excel, I stole the query from:
github.com/mac4n6/APOLLO/…
Then I use excel tricks to sum by date:
=SUMPRODUCT($E$3:$E$2034*(INT($A$3:$A$2034)=G26))
I'm not an iPhone forensics expert, so don't quote me as such.

However, I am a person who has done this sort of forensics on iPhones.
I mean, I'm not proving my competence to opine on this story by citing fancy credentials, I'm demonstrating my competence by reproducing the "exfiltration" graph on one of my own iPhones (the one I gave to my sister):
To repeat my conclusion from another thread: I see nothing in that FTI Bezos "forensics" report that suggests Bezos's phone was hacked.
vice.com/en_us/article/…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Rob ☃️ Graham
@ErrataRob
So my latest blogpost is chock full of details you didn't realize you cared about, such as where Apple puts files when it backs up your iPhone. It stores them in files named with the SHA1 hash of the original filename.
There are easy-to-use GUIs for extracting files from iPhone backups, like "iPhone Backup Extractor", but you can extract the "ChatStorage.sqlite" file from the backup yourself by grabbing the file named "7c7fba66680ef796b916b067077cc246adacf01d".
I mention their product because that's what I started with, but also because it's got a lot of good additional technical information on their website:
iphonebackupextractor.com/blog/iphone-ba…
Read 3 tweets
Profile picture
Rob ☃️ Graham
@ErrataRob
The story about Saudis hacking Jeff Bezos iPhone didn't find evidence, but unknowns, such as a suspicious encrypted video they couldn't decrypt.

So I wrote a blogpost with a detailed explanation how to decrypt it:
blog.erratasec.com/2020/01/how-to…
Steps:
1. backup the iPhone to desktop
2. grab the file 7c7fba66680ef796b916b067077cc246adacf01d (aka. ChatStorage.sqlite) from that backup
3. use sqlite, in the table ZWAMDIAITEM, grab ZMEDIAURL and ZMEDIAKEY
4. use those values to download the encrypted file and decrypt.
The FTI investigators found the encrypted version of the video suspicious because it was a few bytes longer than the unencrypted video.

That's just normal checksumming and padding, as you see in the code that decrypts the file.
Read 7 tweets
Profile picture
Rob ☃️ Graham
@ErrataRob
Once again it's worth pointing out that the norm of journalism is to NOT have things "off the record". The entire point of journalism is getting things on the record.
state.gov/statement-by-s…
Now, Washington D.C. is teaming with journalists willing to fudge their ethics in order to get "access" to government leaders. So in D.C., government people have become accustomed to their conversations being off the record, on background, or otherwise anonymous.
It's therefore understandable that Pompeo might assume that his after-interview remarks would be off-the-record. But journalists wouldn't assume that. Journalists default to everything on the record.
Read 4 tweets

Related threads

Profile picture
Ben Collins
@benlcollins
Mega thread of #GoogleSheets #productivity tips & tricks coming up...

Starting with this humdinger

Type “sheet.new” or "sheets.new" into your browser to instantly create a new Google Sheet

(1/n)
From inside a folder of @GoogleDrive press

Shift + S

To create a new Google Sheet in that folder
(2/n)
Quickly freeze panes in your #GoogleSheet by hovering over the border of the sheet (just under the column letters) until you see the hand icon.

Drag down as many rows as you want to freeze.

Works for columns too!
(3/n)
Read 43 tweets
Profile picture
Aniket Deshpande
@aniket0608
India plans to invest about ₹102 lakh crore in the infra sector in the next 5 yrs to achieve GDP target of $5 trillion by 2024-25.

The FM had set up a task force headed by Economic Affairs Secretary to prepare a road map for the "national infrastructure pipeline"

NIP Summary👇🏼
http://164.100.117.97/WriteReadData/userfiles/DEA%20IPF%20NIP%20Report%20Vol%201.pdf
-ENERGY-
The vision set for 2025 is raise the total capacity of power to 619 GW (from 356 GW) of energy by decreasing thermal energy to 50% from 66% as on date.
RE power: 39%, hydro: 9%, nuclear: 2%
Read 12 tweets
Profile picture
Chris Vickery
@VickerySec
iPhone models before iPhoneX are believed to be non-infrared emitting, right?
That detail has been stated as part of the reason FaceID is not compatible with models before the X.
I have in front of me an iPhone 7 which is emitting IR from the front-facing lense speck. I thought this was not a capability of that model.

The phone itself + mirror shows it in playback, due to the front-facing camera lacking an infrared filter (the back camera filters out IR)
#iPhone enthusiasts, is this common knowledge? (that models prior to X can and do emit infrared from front-facing selfie camera lense area). I thought the capability was introduced with the X.
Read 3 tweets
Profile picture
Wale Micaiah
@WaleMicaiah
PETER OBI data usage at the #2019VPDebate was exceptional...but must be #factchecked.

Here are the #data:

1. Nigeria have 87m poor people & growing 6% every minute

2. Nigeria has the highest No. of Out of school children in the World

3. Our HDI has dropped from 152 to 157

/1
Cont'd.

4. Nigeria's GCI has dropped from 124 to 127

5. On Terrorism: Nigeria has moved from 7 to number 3, behind Iran and Afghanistan

6. Our Inequality have worsen

7. Our Misery Index have worsen

8. SMEs in China is contributing 60% to their GDP

/2
Cont'd.

9. 60% of their GDP is 7.2 trillion which 18% of Nigeria GDP

10. They are contributing 60% of the employment

11. On Urban employment, SMEs are contributing 80%

12. 80% of Urban unemployment in China is 480??? 80% of that 380

/3
Read 12 tweets
Profile picture
Shyam
@codelust
A quick peek back into Aadhaar land shows that things are no better from a while ago. What worries me most about the UIDAI is the way in which it designs systems, without much of a thought for how it will actually work out.
Story so far for the UIDAI:
- Biometrics are foolproof, can't be cloned or faked.
- Even when it is cloned/faked, we'll counter with RD service.
- OK, that is not foolproof, so we'll add Iris, which is really hard to fake.
- That did not work well, so we'll add face detection.
It was clear even early as January that iris was not a modality that was practical.



It is not rocket science to figure this out. Just a simple practical evaluation will throw up these problems.
Read 18 tweets
Profile picture
Paratii.video
@ParatiiVideo
1/ Tokenomics is on 🔥. Some disdainfully label it "the gift card economy". Others devote a life to perfecting parameters of virtual block rewards. There’s 1000s of tokens out there, and countless cute diagrams for explaining them. Stake, mint, slash - you’ve heard all buzzwords.
2/ The lowest-level primitives at hand here are rewards and punishments. Carrots and sticks. Incentives and disincentives. In tokenised systems, as @trentmc0 says, rewards = block rewards, and punishments = slashing stake.
3/ @lkngtn states that “tokens uniquely required to incentivize or disincentivize behavior in order to provide a service accrue value relative to that service’s utility”. But is that an absolute truth? Do tokens really capture the value produced by underlying networks?
Read 19 tweets

Trending hashtags

#PLAYERS #Israel #resetlogs #hours #ElizabethWarren #controlfile #problems #sustainable #iphone #Bezos #WayOfLife #factchecked #DOWn #data #sysdba #research #RockyFlats #multimodel #Sylph #forecasting #rollback #instance #lawyers #listener #Data
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!