IoT Investigations and Open Source

At the Consumer Electronics Show last week numerous new internet connected devices were introduced which continues to expand the so called Internet of Things (IoT).

Law Enforcement has begun to consider internet connected devices in their investigation. On December 29, 2016 it was widely published that police in Arkansas requested detailed information from Amazon about a particular Amazon Echo owner’s voice data in order to further a murder investigation. As of the time of writing Amazon refused to provide the data without a warrant.

In the same case data from the alleged perpetrator’s connected water meter was used in the investigation.

The information gleaned from internet connected devices, from the appliances in our homes to our vehicles to the landscapes in our cities will certainly become more and more important in investigations going forward, at least from a digital forensics perspective, but what about from Open Source?

That will depend on the device, what it is doing and what the security settings are.

Those who have been doing OSINT investigations for a while will recall old “Google Dorks” or “Google Hacks” which allowed searchers to find web security cameras that were not secured. This is an example of the kind of content which might be available, web service pages or settings pages that public facing.

A second type of OSINT information might be the names of the devices themselves. One only has to visit a site like WiGle which is a crowd sourced database of wifi devices that are broadcasting their names.

As we progress in the development of IoT, undoubtedly there will be new avenues for researching and analyzing the open source information that is available from these devices.