Elcomsoft Phone Viewer 2.20 Goes Stand-Alone

June 23rd, 2016 by Oleg Afonin

We have a bunch of mobile forensic tools. We have tools for extracting data from jailbroken iPhones and tools for decrypting password-protected backups. Tools for downloading data from iCloud and tools for analyzing user data mined by Google. We even have a tool for decrypting backups produced by BlackBerry 10, one of the most secure OS’es on the market.

We also have a tool for viewing all that data. Elcomsoft Phone Viewer was initially released as a tool to complement our range of mobile forensic tools. Initially, the tool’s sole purpose was enabling our users to view information they extracted using other tools from our range via physical, logical or over-the-air acquisition. Viewing all but unencrypted iTunes backups would require you launching Elcomsoft Phone Breaker to remove protection and decrypt information.

This is no longer the case. Starting with this release, you can use Elcomsoft Phone Viewer as a fully featured, stand-alone tool for accessing mobile data. What did we change and who can benefit from the new features? Read along to find out!

Read the rest of this entry »

Fingerprint Unlock Security: iOS vs. Google Android (Part II)

June 20th, 2016 by Oleg Afonin

Fingerprint Unlock Security: Google Android and Microsoft Hello

Using one’s fingerprint to unlock a mobile device with a touch is fast and convenient. But does it provide sufficient security? More importantly, does biometric unlock provide a level of security comparable to that of the more traditional PIN or passcode? As we found in the first article, Apple has managed to develop a comprehensive fingerprint unlock system that provides just enough security while offering a much greater convenience compared to traditional unlock methods. What’s up with that in the other camp?

01finger

Google Android 4.x through 5.1.1: No Fingerprint API

There is no lack of Android smartphones (but no tablets) that come with integrated fingerprint scanners. Samsung Galaxy S5, S6, S7, Motorola Moto Z, SONY Xperia Z5, LG G5, Huawei Ascend Mate 7 and newer flagships, Meizu Pro 5 and a plethora of other devices are using fingerprint scanners without proper support on the native API level.

Read the rest of this entry »

Elcomsoft System Recovery UEFI Support

June 16th, 2016 by Oleg Afonin

As you may already know, we’ve released an update to Elcomsoft System Recovery, a tool allowing to reset or recover Windows and Microsoft Account passwords by booting from an external USB drive. The new build allows creating bootable USB drives for devices exclusively relying on UEFI bootloaders. Why was this change needed? Read below for an answer!

UEFI Boot Support

If you need access to Windows protected files (and files containing password hashes are always protected), you will either require administrative privileges or must boot a separate copy of Windows from a separate boot media. Elcomsoft System Recovery has always come with the ability to create such bootable media.

As computers evolved, industry moved to 64-bit computations. During the last decade, CPU manufacturers migrated completely to 64-bit architecture. Some years later, it became obvious that legacy BIOS was no longer relevant in the new age. BIOS was superseded with UEFI.

To maintain compatibility with legacy operating systems, most systems of that time period came with support for legacy boot mode (BIOS emulation, “compatibility mode”) enabled out of the box. As operating systems evolved, manufacturers started gradually phasing out legacy support. Today we have reached the point where many new devices (2013 and newer) come without any sort of BIOS emulation at all.

Elcomsoft System Recovery comes with a customized bootable Windows PE environment. By booting from this media, customers can gain access to existing Windows installations even if they don’t know the correct password. For a long time, Elcomsoft System Recovery was relying on legacy compatibility mode to boot. This is no longer an option. The increased share of devices shipping without BIOS emulation or legacy boot support required us to adapt.

Read the rest of this entry »

Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)

June 8th, 2016 by Vladimir Katalov

Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?

We did our research, and are ready to share our findings. Due to the sheer amount of information, we had to break this publication into two parts. In today’s Part I, we’ll discuss the possibility of using a backdoor to hack our way into BitLocker. This publication will be followed by Part II, in which we’ll discuss brute-force possibilities if access to encrypted information through the backdoor is not available. Read the rest of this entry »

Fingerprint Unlock Security: iOS vs. Google Android (Part I)

June 6th, 2016 by Oleg Afonin

Biometric approach to unlocking portable electronics has been on the rise since late 2013 when Apple released iPhone 5S. Ever since, manufacturers started adding fingerprint scanners to their devices. In the world of Android, this was frequently done without paying much (if any) attention to actual security. So how do these systems compare?

Apple iOS: Individually Matched Touch ID, Secure Enclave at Work

Apple invented Touch ID to increase the average user security. The idea behind fingerprint unlock is for users who had no passcode at all to use Touch ID. Fingerprint data is stored on the Secure Enclave, and is never transferred to Apple servers or iCloud.

Read the rest of this entry »

Dealing with a Locked iPhone

April 15th, 2016 by Oleg Afonin

So you’ve got an iPhone, and it’s locked, and you don’t know the passcode. This situation is so common, and the market has so many solutions and “solutions” that we felt a short walkthrough is necessary.

What exactly can be done to the device depends on the following factors:

Hardware Generation

iphone2

From the point of view of mobile forensics, there are three distinct generations:

  1. iPhone 4 and older (acquisition is trivial)
  2. iPhone 4S, 5 and 5C (32-bit devices, no Secure Enclave, jailbreak required, must be able to unlock the device)
  3. iPhone 5S, 6/6S, 6/6S Plus and newer (64-bit devices, Secure Enclave, jailbreak required, passcode must be known and removed in Settings)

Read the rest of this entry »

Apple Two-Factor Authentication vs. Two-Step Verification

April 1st, 2016 by Oleg Afonin

Two-step verification and two-factor authentication both aim to help users secure their Apple ID, adding a secondary authentication factor to strengthen security. While Apple ID and password are “something you know”, two-step verification (and two-factor authentication) are both based on “something you have”.

However, Apple doesn’t make it easy. Instead of using a single two-factor authentication solution (like Google), the company went for two different processes with similar usability and slightly different names. What are the differences between the two verification processes, and how do they affect mobile forensics? Let’s try to find out.
Read the rest of this entry »

Smartphone Encryption: Why Only 10 Per Cent of Android Smartphones Are Encrypted

March 21st, 2016 by Oleg Afonin

“Had San Bernardino shooter Syed Rizwan Farook used an Android phone, investigators would have had a better chance at accessing the data”, says Jack Nicas in his article in The Wall Street Journal. Indeed, the stats suggest that only 10 per cent of the world’s 1.4 billion Android phones are encrypted, compared with 95 per cent of Apple’s iPhones. Of those encrypted, a major number are using Nexus smartphones that have encryption enforced by default.

What is the reason behind this low encryption adoption rate among Android users? Let’s first have a look at how encryption is enforced by two major mobile OS manufacturers, then look at how it’s implemented by either company. Read the rest of this entry »

RSS for posts
RSS for comments
Subscribe
ElcomSoft on Facebook
ElcomSoft on Flickr
ElcomSoft on Twitter
    follow me on Twitter