iPhone

Make sure to encrypt your iPhone backups

iTunes retains a surprising amount of sensitive information on a computer after syncing with an iPhone. By default, it's not encrypted and that could be a problem.

iTunes retains a surprising amount of sensitive information on a computer after syncing with an iPhone. By default, it's not encrypted and that could be a problem.

------------------------------------------------------------------------------------

It started out with a friend's request for help. His iPhone is at the bottom of one of Minnesota's 10,000 lakes. He doesn't have MobileMe or his contacts backed up to any type of address book. To make matters worse, he does not want another iPhone.

That's why he called me, asking if I could retrieve his list of contacts. I know iTunes saves it, I just didn't know where. After some searching, I found what I was looking for:

C:\Documents and Settings\"username"\Application Data\Apple Computer\MobileSync\Backup

I looked in that folder. Wow, that's a lot of files. Next step is to figure out how to open them, at least the ones with contact information. The following slide is small portion of what I found:

Side note: Mac users please forgive me. My friend is an adamant PC user, hence the focus of this article. This link describes where the databases can be found on Mac computers.

Info.plist

Since there were only three .plist files, I thought I would look at them first. I remember reading that .plist files are written using XML and can be opened with a web browser or text editor. I opened the .plist files with Notepad to see what I could find. Info.plist was the only one of interest because it contained the following information:

  • ICC-ID: Integrated Circuit Card ID or serial number of installed SIM card
  • IMEI: International Mobile Equipment Identity or the serial number of the baseband processor
  • Phone number
  • Serial number of the iPhone
  • Product version and product type

That's valuable information, but not what my friend wanted, so on to the other files.

SQLite

That meant trying to figure out what the files were with the same name, but different extensions. After a bit of searching, I came across an Apple Examiner article that explained everything. Evidently, the file name is a SHA1 hash of the file's full path on the iPhone. The article also mentions that the files are SQLite databases. The .mdinfo file contains metadata information about what is contained in the .mddata file.

The next step was to see if I could find a way to read the .mddata files. Fortunately, I found SQLite Database Browser. Now I'm all set, except where to start. There are over 1000 files, so back to the Internet. I found an article by the Hampton Roads Geek community that listed exactly what I wanted.

What I found

The blog saved me a lot of guess work as it pointed out the following pertinent .mddata files:

Contact List: 31bb7ba8914766d4ba40d6dfb6113c8b614be442.mddata
  • This was the file that saved my friend. It has an abundance of information. Contact names, email addresses, and phone numbers are the most important ones.

I decided to see what else I could find on the .mddata files mentioned in the Hampton Roads Geek Community article. To be honest, there is more information available than I had thought:

SMS Log: 3d0d7e5fb2ce288813306e4d4636395e047a3d28.mddata
  • As you can see below, the SMS log records every text message and the phone number. The date may seem a bit odd. It's in Unix time or the number of seconds since January 1, 1970. The flag field allows you to determine if the message was sent or received. The number two indicates a received message and the number three a sent message.

Call Log: ff1324e6b949111b2fb449ecddb50c89c3699a78.mddata
  • The call log lists the phone number, date, duration, and whether the call was incoming or outgoing.

Notes database: 740b7eaf93d6ea5d305e88bb349c8e9643f48c3b.mddata
  • I really did not expect much from the Notes database. I changed my mind when I opened the file. My friend had several entries including passwords and personal information. As you can see, he even referenced his next oil change.

Thinking about my iPhone security

I personally do not keep any data on my computers. It's all stored on encrypted flash drives. I now realize that's not the case. Due to my iPhone, I have sensitive information stored in Documents and Settings. My initial solution was to move the backup folder to my encrypted flash drive. But it's not a good solution, as I have to remember to move the folder after every sync.

Before I moved the folder, I decided to sync my iPhone. Talk about being embarrassed. There it was, right in the options on the Summary tab. A checkbox titled "Encrypt iPhone backup" with an option to change the password.

The Apple iPhone OS Enterprise Deployment Guide states:

"Device backups can be stored in encrypted format by selecting the Encrypt iPhone Backup option in the device summary pane of iTunes. Files are encrypted using AES128 with a 256-bit key. The key is stored securely in the iPhone keychain."

Sounds good to me, I checked the box and initiated a backup. After the sync was completed, I decided to see what the encrypted files looked like. The first example below is of a .mdinfo file before being encrypted:

bplist00ÕXMetadata^StorageVersionWVersion[AuthVersion[IsEncryptedO'bplist00ÔTPathWVersionXGreylistVDomain]iTunesArtworkS3.0_%AppDomain-com.basevelocity.RadarScope.<@A iS1.0S3.0+3?Kàäè

The next example was the same file after being encrypted:

bplist00Õ^StorageVersionXMetadataWVersion[AuthVersion[IsEncryptedS1.0Oä%P¸0¹TMwî7ÄIPi¢Þbýªh(g|Ò¢@ÞP...cݯ$µn'zÍ2‹Ón}I»ùK‹¡ïW=ݸwî³oqWz,C<à«]ÔtH¸YÛð›ëaÓŸH¼u‰'Ófñ¢§o$Èèâ`R„‹co‘ö&J¼ªs­ô¨zmî^´·!q‚7XUb§ojÄ¿&ö§¤<n-Úff±ÚÀG½z^_á´Iñ¢P½

Not encrypted

Out of curiosity, I checked to see if info.plist was encrypted as well. It wasn't. I wanted to make sure I mentioned this as you will have to decide how much of a risk that is.

Final thoughts

I mentioned what I learned to an IT colleague. She said it wasn't that big of a deal. Someone would need physical and security access to the computer in question. That's true, but entirely possible. Also, there could be malware specifically developed to steal the critical .mddata files.

Either way, my friend is now happy and I am encrypting my backups. I also wanted to share my new-found knowledge with you, just in case you want to do the same.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

68 comments
JasonnB
JasonnB

The article says that the notes database can be found in the backup under: Notes database: 740b7eaf93d6ea5d305e88bb349c8e9643f48c3b.mddata I don't have this file listed after doing a search in the directory. I have all the other ones mentioned, but not the "notes" one. I have an iphone 4, on 3.0.1. Did something change? I NEED to find this bad! Please help!

mypcclean
mypcclean

Very good report. That is unreal about the way your data can be found. Does that mean the computers of iPhone users are at risk too

da_jenkins
da_jenkins

That is common to have text log and call log on any phone backup. I use bitpim on my old BREW based phone and you can browse the file structure of the phone and extract any file and data you want. Bitpim also logs it when it's downloaded from the phone to bitpim.

santeewelding
santeewelding

Walking among us with an IT equivalent of the Kabbalah scrolling before your eyes?

walteradamson
walteradamson

I'd be happy to encrypt my backups IF I could do any. Since the last three releases of iTunes my backups take endless hours, I'm talking 12 or more, and fail. Not to mention messing up my iPhone. It's when things like this happen you realise that Apple doesn't give a damn. I guess success breeds contempt. For all the talk of companies being social media connected and connected with their customers, Apple is like a fortress. I'm hoping, since there is nothing else which can be done, that accelerated releases of iTunes for the new iPhone might miraculously solve this problem. It must be only a small proportion of users who suffer, but a small proportion of a large number is still a large group. Here's hoping... Walter @g2m http://xeesm.com/walter

Neon Samurai
Neon Samurai

It doesn't do full system encryption on osX unless that's a recently added feature. It does do encrypted volumes though. Create an encrypted vault area and point the backups at it. (I didn't see it mentioned though I read the article pretty quick)

Michael Kassner
Michael Kassner

I am not sure what you mean? An attacker targeting a person with an iPhone will need to access the syncing computer to get at the backup files. So, in that regard the computer is owned by the attacker.

tracy.walters
tracy.walters

Now that was funny, Santee! And accurate, too.

Matt Henderson
Matt Henderson

Sounds like you had success until something bad happened. Even backups can and do break in all systems that I have ever been associated with. When they break, the system owner has to resolve what broke, and then fix it. Have you considered reloading your iPhone? Backing it up to another iTunes account? Apple even has allowed other backup solutions like SafeCopy Backup if you need another redundant mechanism to safeguard your iPhone data.

Michael Kassner
Michael Kassner

The help desk about this. I have yet to hear of this problem. How large is your entire data set on the iPhone?

Michael Kassner
Michael Kassner

As far as I know you cannot change the backup location. But, TrueCrypt and entire drive encryption would work also. I just don't like keeping any data on a mechanical drive.

azetetic
azetetic

I know I suggested Strip to you in another post, but it is appropriate here too. Strip also acts as a data vault with 256-bit AES Encryption, so maybe you can kill 2 birds with one stone with Strip-- password manager and data vault. http://getstrip.com/c/forum

proximityinfotech4
proximityinfotech4

Love is a waste of time, money, and emotion. It is a chemical reaction in the brain that leads to misery & woe. It?s not a matter of how will it end in tragedy, only when. The more in love you are the greater the disaster it will become. There is absolutely no avoiding it. Be it a break up, cheating or death?it WILL end up in heartache or indifference. ___________________________________________________________________________________ [url=http://www.visage-glasgow.co.uk/glasgow-tooth-whitening-scotland.html] Teeth Bleaching Glasgow[/url]|[url=http://www.visage-glasgow.co.uk/glasgow-clear-braces-scotland.html] Invisalign Glasgow[/url]

JasonnB
JasonnB

I just backed up my 3GS, and then restored that backup to my new Iphone 4. After doing this, all the email from my pop email account, "inbox", "outbox" "sent", and "drafts" is gone! It's still all on my 3GS, but none of those emails are on the Iphone 4. I called apple as I had a the same issue when I went from my 3g to 3gs. I just went from a 3gs to a iphone 4. Apple said pop email isn't backed up in the backups! That means everything in my sent box, drafts, etc. is gone! Yes, I also download these emails on my home computer, which pulls them off the server, but I wanted to still have those copies on my iphone. I can't believe this.

tracy.walters
tracy.walters

...do you password protect your phone? As a security guy, I see that as a much bigger issue. I don't run an iPhone...I have a Blackberry, but all the smartphones are the same in this respect. Very few people I know password protect their phone, and the phone is the most likely device to get lost or compromised. Before you go through the effort to encrypt your backup, secure that phone, and encrypt data on it if possible... in Apple's vernacular, is there an app for that? :)

SgtPappy
SgtPappy

Do you really carry all of your data on a flash USB Drive? That just strikes me as unusual. Is this security related behavior?

seanferd
seanferd

I have no iAnything experience, but I'll keep this in mid for my friends and relatives who use these. There is also an SQLite extension for Firefox. You can look through your iTunes databases and the FF databases right from your browser.

Neon Samurai
Neon Samurai

Do a little social engineering message to motivate the user to do a backup. Drop some logging/sniffing code on the machine. Check back in a day A-La-EvilMaid style. Or, tap the machine with a backdoor so you can watch and do stuff within the user's session but without affecting there own work during that session. (Attack is so much more fun than deffense)

Neon Samurai
Neon Samurai

With the underlying Unix, there is the option to mount a separate partition or link a separate location. Since these both happen at the storage layer any application using the location should be indifferent. I thought Truecrypt also did external media on osX which may work when the backup app won't allow use of anything appearing to be a local partition. All just speculation though for lack of a handy osX machine that can be formated on a whim.

mlarsh
mlarsh

I have been using the iPhone for 3 years now, getting ready to go to iPhone 4. I use the password protect and the SIM password protect on my iPhone. Not only that, I set it to wipe after 10 unsuccessful tries. All this after an article 18 months ago about the Find My iPhone App came out which states that all you had to to was pop out the SIM; making the iPhone impossible to find and allowing free use of your account through the SIM.

Michael Kassner
Michael Kassner

I am glad that iPhone 4 has a better password protection scheme too.

Michael Kassner
Michael Kassner

I don't like relying on a mechanical device. I have two 32 GB flash drives that hold all my data. I have backups of those at home and in a safety deposit box at my bank.

Ocie3
Ocie3

I could not get it to work. It would not display any content of any of the .SQLITE files at all. The same thing happens with the SQLite Browser. Apparently it will open a file that I select, but none of the content appears on any of the tabs.

Michael Kassner
Michael Kassner

I am trying to help those that just want things to work without repercussion. Edit: Spelling

Matt Henderson
Matt Henderson

Yes, I am referring only to the PIN for the iPad 3G SIM card. I already have a 4 digit passcode on the iPad and a long password on the iTunes backup. The service associated with the card is data only, although they do have an assigned phone number. If I pulled that card and put it into another GSM device, (like an iPhone 4), telephony service would be broken making doubtful value to a thief. Assigning a PIN would require Another hurdle for the thief to overcome before accessing my unlimited data service.

Michael Kassner
Michael Kassner

Matthew,I just want to be clear. You are referring to enabling the SIM PIN?

Matt Henderson
Matt Henderson

.... all you need is browser access into the MobileMe web site.

Matt Henderson
Matt Henderson

... To encrypt the micro SIM in my iPad. Originally was wondering why I should do this, but now I see that several telecoms are providing adapters that would allow reuse in any GSM device. Of course, a thief would need physical access, which most of the time would mean prying it out of my hands

SniperTech
SniperTech

It is not free... In the descripion of the Apps second paragraph, "Sign in with your memeber name and password (MobileMe subscription required) to locate your missing device on a map.... After installing it for verification, the first thing it asks you is to enter your MobileMe login information, if you don't have one, register!

Michael Kassner
Michael Kassner

You are right. I guess the app itself is free, but MobileMe is still required. Edit: Spelling

SniperTech
SniperTech

A subscription to MobileMe is required! If Apple is making it easier to keep track of your devices, why not offer the location service for free, and a paid option for mobile wipe.

Michael Kassner
Michael Kassner

If I understand correctly, it requires a certain skill set. So there is still some advantage to having the encryption scheme. I have been looking into it and other phones are in the same boat.

Neon Samurai
Neon Samurai

The product of a third party security audit is the final report. This has traditionally been delivered on paper because it details the last kind of information you want sitting on your hard drives if a criminal get's into your network. Ironkey becomes an attractive expense item to "publish" the audit report on and deliver to the client rather than a thick bound paper report or cleartext emailed PDF. You just need to be pentesting clients big enough that the 100$ "publishing" cost of the final report is justified.

techrepublic@
techrepublic@

... one that strongly encrypts the storage using a user supplied password, and would not store that password in the device except on RAM, and only it was being used. Currently, the iPhone 3GS data security scheme is worse than having no security scheme, because it may give a totally false sense of security to the user. Just think on the amount of personal, private, financial, confidential information many users store on these devices. Now think of the number of these devices that are lost, stolen, or misplaced (even if temporarily).

Neon Samurai
Neon Samurai

If your not going to go with industrially hardened and encrypted hardware (or don't have access to that buying level at all), you could look at Maemo. It can already be setup as a dualboot (internal flash, removable SD). One could probably modify it to boot an encrypted SD. Anyone taking your SD or turning on your N900 will be stopped at the "please enter your password to continue booting" prompt. Granted, this is not something your going to get from a stock vendor. if an encrypted phone is that important but doesn't have the budget to go into mil/gov hardware vendors; this may be an option.

techrepublic@
techrepublic@

... does not apply to backups and I never said it did. That said, being worried about unencrypted backups when the encryption on the iPhone 3GS (and probably earlier versions) can be trivially broken is a waste of "mind share". It is far more likely for a iPhone to get lost, stolen, or be unattended for half an hour than it is for a backup, usually in a desktop, to be lost or stolen.

Michael Kassner
Michael Kassner

Point me to where a hacker can jailbreak someone else's iPhone. Also that was the initial iPhone, the 3 series has improved and as Sean pointed out that initial problem has nothing to do with the backup.

seanferd
seanferd

that is a rather horrible implementation flaw on the iPhone itself.

Michael Kassner
Michael Kassner

I am curious to learn why you feel that way. AES128/256 is decent as far as I know. Edit: Spelling

techrepublic@
techrepublic@

Password protection without good encryption is useless, and the encryption on current iPhone versions is pathetic.

tracy.walters
tracy.walters

I work for an auditing firm, and do Information Systems audits of Casinos and Government Entities, so protecting client data is very important. A loss of data would be devastating to our company. Truecrypt is a good and inexpensive solution, but the Ironkey is nice because it's all in one, and it forces users to encrypt when they save to it, meaning the data is protected...when I issue these to the financial auditors, I know they have to use it to move data around in the field (between client computers and ours...internally we use Citrix almost exclusively). $100 to provide that kind of protection is well worth it to us.

Neon Samurai
Neon Samurai

I still get a "new Firefox version available" update even with the three boxes unchecked in the advanced settings. Defaulting that to off with the ironkeys that can't update firmware would be good or delivering the bundled firefox as part of the encrypted storage area instead of firmware area. For ironkey that can update firmware, it may be more beneficial to leave update checking on. Even if a user can't update there own firmware, they can at least be warned that they are out of date during the session and take the key back to head office for update after. With mobile computers, I've found the Java update check handy that way; "my notebook keeps saying there is a new Java?" - 'perfect, please bring it in for updates and maintenance' (saves checking the maintenance schedual and chasing after users to bring it in).

Michael Kassner
Michael Kassner

I have interviewed the major players at IronKey and they are extremely techy. From your comments, I know what they need to do then. They should shut off the ability of Firefox to automatically check for updates. That would fix the problem.

Neon Samurai
Neon Samurai

The ironkeys I've used so far have had a function to update the firmware including bundled firefox. I've only recently seen one that did not have a firmware upgrade function. I believe the first several where the business class with the latest being the lowest "home user" type model. If you insure you buy at least the minimum model with firmware upgrading, you should get your new firefox versions. You can also ignore the bundled firefox and just use your own portable firefox and TOR plugin.

Michael Kassner
Michael Kassner

Unless they changed it recently, is the TOR-based web browser could not be updated on the IronKey. If Firefox asked to update and you did the drive froze, until you returned it to default.

Neon Samurai
Neon Samurai

I love the one article by a security researcher. He's not well liked by vendors because he's pretty much shown everything he's reviewed to be broken. Couldn't break the ironkey hardware so he went at the software app in the running OS's memory with his binary tools. Still couldn't break it so he went after weaknesses in the company and worked his way up through management. The CEO was talking engineering details, threat models.. stuff far beyond the 10,000 ft high view that CEOs usually work at. The researcher baught his own IronKey and uses it to keep his testing results on. That's a heck of a sales pitch from a third party researcher. But, if you can't justify the cost of an Ironkey, truecrypt is the way to go. I like it's ability to create an encrypted flashdrive as a portable app instead of requiring Truecrypt on any machine you use the usb with.

tracy.walters
tracy.walters

Michael, Do you use encrypted flash drives? I don't mean the Office Depot AES drives for $35...I mean something like IronKey: https://www.ironkey.com/ If you are going to carry data around that way, you probably should look into something like this... of course, nothing is perfectly safe :-)

seanferd
seanferd

The odd thing is, all the other files are in use as well, so it is a bit odd. I suppose I could have tried opening the FF cookies DB from SeaMonkey, or using the app version with the browsers shut down. I just never bothered, because I mostly wanted to use the extension to clear bad logins and other junk without entirely wiping the DBs. BTW, if you use CCleaner, you can set it to compact the cookies DB whenever you run it.

Ocie3
Ocie3

SQLite Database Browser 2.0 1b now displays the contents of the cookies.sqlite file in the (only) Firefox profile folder! Previously, when I used the Open Database feature, the title bar of the window would change to show that the file was "opened" but the content was not displayed on any tab and I could not find a way to cause it to be displayed. The "database browser" would display the contents of the "backup" cookies_[i]dddddddddddddd[/i].sqlite file, though. After reading your most recent post, I decided to use Windows Explorer to investigate whether cookies.sqlite was "locked" while Firefox was running. The Unlocker utility reported that SQLite D. Browser had the file open, but apparently not "locked". It did not include Firefox on its list, so Firefox was not accessing the file or "locking" it. So I closed Firefox and returned to the SQLite D. Browser. IIRC, I clicked the Left Mouse Button on the blank field of the Database Structure tab. A tree called moz.cookies appeared with a long string under the schema field. ..... I have done exactly that several times before without any result. So I proceeded to look at what it reported as the contents of the file with the Browse tab. I thought about adding a new record that would be a "made up" cookie, but decided that I had already discovered what I wanted to know. Maybe I should have compacted the file, though.

seanferd
seanferd

which DB you were trying to access. Cookies is the only one I never tried to load, as the only cookies that don't get wiped at least once a day are those which I have set to never delete. It figures, doesn't it? :^0 The one you want to view is the only one I never tried. Of course, now I'm left wondering why one cannot connect cookies.sqlite. Anything to keep us guessing and confused, right? :D edited for atrocious spelling

Ocie3
Ocie3

The SQLite Database Browser opens all of the .sqlite files in the Firefox profile [i]except [/i] cookies.sqlite, which, of course, had to be the first one that I attempted to open.

Ocie3
Ocie3

Quotes: [i]"After a bit of searching, I came across an Apple Examiner article that explained everything. .... The article also mentions that the files are SQLite databases. ...."[/i] [i]"The next step was to see if I could find a way to read the .mddata files. Fortunately, I found SQLite Database Browser."[/i] .SQLITE is the default filename extension for the files which that "browser" is designed to create, read, edit, etc. It puzzles me as to why the .MDDATA filename extension is used instead. Perhaps choosing the extension .mddata was an Apple decision to hide the fact that they have used a file format (and software) which they did not create. Not that doing so was illegal. SQLite is OpenSource. I've been thinking about downloading the C source just to see whether I can still read such stuff. Personally, I have not been able to get the SQLite Database Browser to read anything, yet. By the way, I downloaded it over two weeks ago, not because it was mentioned in your current article about encrypting iPhone backups. Your account is a fascinating read, though! [b]UPDATE:[/b] The SQLite Database Browser opens all of the .sqlite files in the Firefox profile [i]except[/i] cookies.sqlite, which, of course, had to be the first one that I attempted to open. :-(

seanferd
seanferd

And yes, I can't seem to get the cookie database loaded, either. I just use it for the databases that do not already have a front end. As to file size, the deleted entries are deleted. To recover the space, use the compact database function available in the sqlite manager.

Ocie3
Ocie3

[i]Did you Database → Connect Database?(Assuming use of SQLite Manager FF extension.)[/i] Yes. Nothing changes. As far as I can determine, it is not possible to access the Firefox profile file cookies.sqlite. However, I can open the "backup" files that I described, by selecting them from the dropdown menu on the right end of the toolbar, or by using Database -> Connect Database. So that basically means that I can read the contents of the cookies file but I cannot change it (not that I would want to do that). Unfortunately, I cannot figure out how to display more than just the first "page" of twelve in the Browse & Search tab. The Show All button does not produce any results and the buttons labeled with arrowheads are grayed-out. There is an SQLite FAQ somewhere that has a remark that deleting a record from a file does not reduce the size of the file. The file remains the same size and the space previously occupied by the deleted record is available to store new records. (Does that scheme sound familiar, or what?) It does not disclose whether the data on a 'deleted' record remains in the file, though. Sheesh!! I haven't accessed a database with any sort of utility in quite a while, and do not recall whether I've ever used SQL. But once I did write a program that accessed "binary tree" database files. If I am going to solve puzzles, then I would rather play a MMORPG instead of using some "just-got-to-code" guy's idea of software that "does not need documentation".

seanferd
seanferd

for mentioning the FF extension and the additional use of opening any sqlite db files, including those used by the browser itself.

seanferd
seanferd

Did you Database → Connect Database?(Assuming use of SQLite Manager FF extension.) I can't speak to opening the iPhone databases, excepting you would use the same general method. If I recall correctly, the standalone app works similarly.

Michael Kassner
Michael Kassner

We are talking about .mddata files not the ones that you are referring to. I suspect that is the problem.

Ocie3
Ocie3

I (apparently) "opened" the [i]cookies.sqlite[/i] file in the Firefox profile directory but neither the add-on nor the program displays anything. Since it is easier to reference[b]:[/b] the SQLite Manager 3.6.22 extension declares, below the skinny dropdown that is at the top of the lefthand pane, "Database Not Selected" (w/o the quotes). I have never found a way to change that. For example, none of the options on the File menu which contain the word "Database" do anything and "Select Database" is not an option. So, I use the "(Select Profile Database)" drop-down on the toolbar, above the pane that has four tabs, to choose the cookies.sqlite file. When I use what appears (dimly!) to be the "Go" button, the following message is displayed: [i]Failed to create the backup file: cookies_20100622191136.sqlite Exception Message: Component returned failure code: 0x80520008 (NS_ERROR_FILE_ALREADY_EXISTS) [nsILocalFile.copyTo][/i] So it seems that once upon a time it created the backup file somewhere, and now cannot load the contents of the cookies.sqlite file because it cannot make a backup copy. But I have noticed a growing number of files with names of the form: cookies_[i]dddddddddddddd[/i].sqlite on the drop-down list. Since the pattern matches the filenames in the error message, they appear to be the "backups" despite the error message assertion that it cannot create such a file, but why they are on the list of files is not clear. If I disable the option to make backups, exit SQLite Manager and run it again from the Tools menu, then selecting cookies.sqlite and using the Go button does not display any evident "data" on any of the tabs. (Of course, the error message is not displayed.) However, if the lefthand pane has been expanded to the right, then sometimes it will collapse, but the button below the skinny dropdown will still say "Database Not Selected". (After an attempt to open a file, it often changes to the boldface font.) The SQLite Browser has a similar interface and it, too, never displays anything, as there doesn't appear to be a way to instruct it to do that which works. The browser might not be able to open files in the Firefox profile because they are "locked", regardless of whether Firefox is currently running. I don't recall using the Unlocker utility to investigate that possibility. However, I doubt that file locking would be an issue with using the extension, insofar as it is usable only while Firefox is running, so it should have access to the files without such a barrier. [i]Edit: deleted initial closing paragraph[/i]

Editor's Picks