6

SMS messages received by an iPhone is stored unencrypted in an SQLite database, which may be extracted by backing up the phone.

You can manipulate (tamper with, e.g: replace the text of a message with a different text) the contents of this database with a number of tools and then restore it to a different iPhone.

Is it possible to prevent or detect this type of tampering when one only have access to the phone where the messages have been "restored"?

For instance: Are there any built-in integrity checks (hashes, checksums, etc.) to protect the integrity of the iPhone SQLite database?

Free Radical
  • 734
  • 5
  • 14

2 Answers2

1

There is no way of protecting that in particular.

What I mean is that there is no way of demonstrating that the database was not manipulated itself, BUT, the point is that to be able to manipulate that database in modern versions of iOS (in older versions, the backup could be manipulated and dumped back to the device) you should jailbreak your iOS device, and that really leaves tracks of manipulation on the phone.

As far as I know.

Source: Asking around.

BBerastegui
  • 515
  • 3
  • 9
1

How would you know the integrity checks have not been tampered with?

The way to reliably protect any kind of logs from tampering is by using specialized hardware (write-only storage does the trick), and hope the hardware has not been tampered with.

The other way is to have logs from different sources (SMS logs from telecom company), and if they differ we declare one of the sources as trusted.

Peter
  • 3,620
  • 3
  • 13
  • 24