Huawei and the US – Oxygen Forensics, Inc.

0 297

All over the news there has been hype
surrounding the alleged Huawei spying on the US users through its products so
not better time to take a look at these devices and also cover how they are
supported in our Oxygen Forensic Detective suite.

On May 15, President Trump signed
an executive order that effectively banned Huawei from accessing US supply
chains. Less than a week later, Google pulled Huawei’s Android license. After a
grace period ,specified by the Trump administration for current users, the
company’s future phones will be cut off from Google, the most widely used
operating system in the world.  Huawei
was granted a temporary license to continue pushing Android updates through
mid-August.

Some say, the source of suspicion
may come from Huawei founder and Chairman Ren Zhengfei, who was formerly with
the Chinese military. Huawei Technologies Co. Ltd. was founded in 1987 and is
now headquartered in Shenzhen, Guangdong, China.

According to Bloomberg
Businessweek
Huawei has distributed its products and services in more than 170
countries, and as of 2011 it served 45 of the 50 largest telecom operators. It
ranks 72nd on the Fortune Global 500 list.

In December 2018, Huawei
reported that its annual revenue had risen to US$108.5 billion in 2018
(a
21% increase over 2017). As you can see from the table below, Huawei is
currently the second-biggest vendor in the world (with 19% of the market share
at 1Q19) after Samsung (23.1%), surpassing Apple (11.7%).

In North America Huawei is the
fifth popular vendor (2.67% of market share) after Apple (49.41%), Samsung
(25.61%), LG (6.47%) and Motorola (4.86%) partly due to the fact that it is
almost nonexistent in the US (less than 1% of the market share).

However, Huawei is the third
popular vendor in Europe (23.6% of market share) after Samsung (28.7%) and
Apple (26%), being the only vendor showing growth (+55% compared to -1% Samsung
and -5.1% Apple).

In Asia Huawei is the fifth
popular vendor (7.32% of market share) after Samsung (30.39%), Apple (13.91%),
Xiaomi (11.79%) and Oppo (8.23%). You can see the complete market share statistics
following this link.

Oxygen Forensic Detective offers
various methods of data extraction from Huawei devices.

First, Huawei devices can be
connected via USB cable for logical or physical acquisition depending on the
model and Android OS version. However, with constantly growing device security
direct data extraction from a device is getting more and more difficult. With
this in mind we keep on introducing alternative methods of device data
extraction.For Huawei devices we have two options.

Huawei backups

Huawei backups are a good
alternative to direct data extraction. They can be created in two ways – either
in Huawei’s HiSuite software on a PC or from the device itself with data
residing on its SD card. Our software allows investigators to import both
Huawei and HiSuite backups  up to and
including 9.1, the latest version. The evidence set is massive and includes
contacts, calls, messages, calendar events, file system artifacts including the
data/data folder and applications. In our testing, all the most popular
applications are fully parsed: WhatsApp, Facebook Messenger, Gmail, Web
browsers, Instagram, etc. Please note that a standard Android ADB backup will not
often include these apps.

Huawei backup parsed in Oxygen Forensic Detective

Huawei backups can be encrypted if
the user has set a password. However, this is not a problem for Oxygen Forensic
Detective. Investigators can either enter a known password ,brute force it
using the built-in brute force engine, and even use custom dictionaries. It should
be noted that various versions of Huawei backups can be encrypted with
different encryption algorithms.  Of
note,  the latest version (9.1) of Huawei
and HiSuite backups found on the SD card will be encrypted by default even if a
user has not set any password. The best part, Oxygen Forensic Detective supports
any encrypted backup regardless of encryption algorithm and version.

Brute force of Huawei encrypted backup.

When should an investigator use
this method?  

a)        When
full access to the device is available but the important data (e.g., apps)
cannot be extracted using typical extraction techniques. In this instance, create
a Huawei backup and import it into Oxygen Forensic Detective or Jet Engine.

b)        When
you have a locked device that cannot be acquired. Check the SD card for a
Huawei backup that might have been made by the device owner.  If located simply import as indicated above.

Huawei cloud

Cloud is a goldmine of digital
evidence. In certain cases when a Huawei device cannot be acquired directly the
associated cloud account might be the only alternative. Oxygen Forensic Cloud
Extractor offers investigators an exclusive feature to mobile device forensics;
access a user’s data within the Huawei cloud via login/password or token. Token’s
can be located and parsed in Oxygen Forensic Detective if a physical
acquisition has been conducted. If a Huawei cloud account is secured with 2FA,
Oxygen Forensic Cloud Extractor offers two options: receive a verification code
by SMS or by email.

When successful the following data
can be extracted from the Huawei cloud account:

  1. Account details
  2. Connected device(s)
  3. List of email accounts
  4. Contacts including deleted ones
  5. Calls
  6. Calendar events
  7. Messages
Huawei Cloud Data

By oxygen.forensics at 2019-08-15 23:58:51 Source Oxygen Forensics, Inc.:
Huawei and the US - Oxygen Forensics, Inc.

احصل على إشعارات فورية مباشرة على جهازك ، اشترك الآن.

تعليقات
جار التحميل...

يستخدم موقع الويب هذا ملفات تعريف الارتباط لتحسين تجربتك. سنفترض أنك موافق على هذا ، ولكن يمكنك إلغاء الاشتراك إذا كنت ترغب في ذلك. موافق قراءة المزيد