When there isn't any stored data to be sent, they could easily send fake/random data in requests though. So then it's not detectable if data is stored and sent or not. How would you make up for that?
That's actually a good point! Random data is unlikely since it would be noticable due to differences in size of the compressed traffic (random data doesn't compress), but fake data would not be distinguishable from just looking at traffic.
Luckily there are still things you can do, like analyzing the firmware itself (especially when you can inject your MitM proxy cert). It has been done before, and it's reasonable to assume such a technique would have been found by security researchers by now.
When there isn't any stored data to be sent, they could easily send fake/random data in requests though. So then it's not detectable if data is stored and sent or not. How would you make up for that?
That's actually a good point! Random data is unlikely since it would be noticable due to differences in size of the compressed traffic (random data doesn't compress), but fake data would not be distinguishable from just looking at traffic.
Luckily there are still things you can do, like analyzing the firmware itself (especially when you can inject your MitM proxy cert). It has been done before, and it's reasonable to assume such a technique would have been found by security researchers by now.
Wow, the tone of your replies sure has changed.
Any additional analysis of my comments you'd like to share?
Damn, and just when you were improving.