DeepSec 2019 Talk: Still Secure. We Empower What We Harden Because We Can Conceal — Yury Chemerkin *

The launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a statement in the Privacy Policy written by Apple: “Your device will keep track of places you have recently been, as well as how often and when you visited them, in order to learn places that are significant to you, to provide you with personalized services, such as predictive traffic routing, and to build better Photos Memories… ‘Everything’ stores in iCloud service”.

Both cases are the same, designed in the same manner and driven by a similar idea to simplify the devices usage. It went even further with iOS and Android OS. Eventually, Microsoft and Apple have boldly described their OS as “the most secure OS ever.”

This research is based on three things: data leaks, hardening, and forensics.

Combining data leaks and hardening gives a data set with a goal and a vision of how to protect a system and make your use cases transparent. Forensics gives us excellent knowledge about valuable device security settings. Empowering the hardening with these anti-forensics techniques in terms of ‘anti-forensics hardening’ of a system makes it transparent what, when and why the whole device or its…