Archive for the ‘Elcom-News’ Category

BlackBerry Password Keeper Escrow Key: Have We Just Found a Hidden Backdoor?

Tuesday, August 11th, 2015

As you may already know from the official press release, we’ve recently updated Elcomsoft Phone Breaker to version 4.10. From that release, you could learn that the updated version of the tool targets passwords managers, adding the ability to instantly decrypt passwords stored in BlackBerry Password Keeper for BlackBerry 10 and attack 1Password containers.

If you read along the lines though it’s a different story.

Essentially, we’ve discovered a backdoor hidden in recent versions of BlackBerry Password Keeper allowing us to decrypt the content of that app instantly without brute-forcing the master password. For our customers, this means instant access to passwords and other sensitive information maintained by BlackBerry Password Keeper. No lengthy waits and no fruitless attacks, just pure convenience. But is this convenience intentional? Did BlackBerry leave a backdoor for government access, or is this an unintentional vulnerability left by the company renowned for its exemplary security model? Let’s try to find out.

(more…)

Why Do We Need Physical Acquisition?

Thursday, June 25th, 2015

With all the trouble of jailbreaking iOS 8 devices and the lack of support for 64-bit hardware, does iOS physical acquisition still present meaningful benefits to the investigator? Is it still worth your time and effort attempting to acquire that iPhone via a Lightning cord?

Granted, jailbroken iOS devices are rare as hen’s teeth. You are very unlikely to see one in the wild. However, we strongly believe that physical acquisition still plays an important role in the lab, and here are the reasons why.

  1. Apple’s current privacy policy explicitly denies government information requests if the device in question is running iOS 8. This means that handing over the device to Apple will no longer result in receiving its full image if the device is running iOS 8.x (source: https://www.apple.com/privacy/government-information-requests/)
  2. In many countries (Mexico, Brazil, Russia, East Europe etc.) Apple sells more 32-bit phones than 64-bit ones. Old iPhones traded in the US are refurbished and sold to consumers in other countries (BrightStar coordinates these operations for Apple in the US). As an example, new and refurbished iPhone 4S and 5 units accounted for some 46% of all iPhones sold through retail channels in Russia in Q1 2015.
  3. Physical extraction returns significantly more information compared to any other acquisition method including logical or over-the-air acquisition. In particular, we’re talking about downloaded mail and full application data including logs and cache files (especially those related to Internet activities). A lot of this information never makes it into backups.
  4. Full keychain extraction is only available with physical acquisition. Physical is the only way to fully decrypting the keychain including those records encrypted with device-specific keys. Those keychain items can be extracted from a backup file, but cannot be decrypted without a device-specific key. In addition, the keychain often contains the user’s Apple ID password.
  5. With physical acquisition, you can extract the ‘securityd’ (0x835) from the device. This key can be used to completely decrypt all keychain items from iCloud backups.
  6. Physical acquisition produces a standard DMG disk image with HFS+ file system. You can mount the image into the system and use a wider range of mobile forensic tools to analyze compared to iTunes or iCloud backup files.

(more…)

Elcomsoft Phone Viewer: Faster and Easier

Tuesday, May 19th, 2015

ElcomsoftPhoneViewer_SnapshotAs you may already know, we have just updated our recently released forensic tool, Elcomsoft Phone Viewer. The update received a major performance boost and numerous usability enhancements.

So what’s the point of having a “yet another” mobile forensic tool? Aren’t there enough already? In fact, we considered making this tool for a long time, and were hesitant to make the move exactly because there are so many great forensic packages already. However, our customers kept asking for a lighter, smaller, faster and easier alternative to complement our existing tools. They cited how bulky those all-in-one forensic packages were, and mentioned training courses they had to take just to begin using those tools. Call it minimalism, but we made a tool that doesn’t require training sessions to use, and employs the same familiar user interface as other ElcomSoft tools. (more…)

Spring Vaccination From Boredom!

Wednesday, April 1st, 2015

Spring vaccination

As everyone knows, the high-speed, extremely powerful and increasingly popular ElcomSoft tools have already become industry standard in IT-security, risk management and computer forensics industries. After achieving these targets, our team got a little… bored.

That’s why we’re happy to announce a refreshing turn in the history of our code-breaking business by making an injection of several completely different but entertaining activities. Instead of boring number-crunching code, we will now focus on making t-shirts, mugs, pins, smartphone cases, mobile games, and entertaining commercials, simply for the fact we’re always doing The Right Thing no matter what :)

Think it’s an April Fool’s joke? Just visit our new Web store or download our new game for Android and iOS to see how serious we are!

Discover our new business activities:
★ A new online shop with funny tees, pants, pins, mugs and phone cases
★ A new mobile game ElcomSafe for enriching your IT security vocabulary
★ And an amusing commercial to make you smile and kiss your dearest one

Have a wonderful day and a happy spring!

Supporting Apple iCloud Drive and Decrypting Keychains from iCloud

Thursday, March 12th, 2015

As you may already know from our official announcement, we’ve recently updated Elcomsoft Phone Breaker to support Apple accounts upgraded to iCloud Drive and decrypting keychains from iCloud. Considering that one can access files stored in iCloud Drive without any third-party tools, is the update really worth the buzz? Read along to find out!

Before getting to the updated technology, let’s have a look at what Apple iCloud Drive is, and how it’s different from “classic” iCloud. (more…)

Distributed Password Recovery: Faster, Smarter and Cost-Effective

Tuesday, February 3rd, 2015

We have just released a long-awaited update to one of our flagship products, Elcomsoft Distributed Password Recovery. While you can learn more about what’s been added and changed from our official announcement, in this post we’d like to share some insight about the path we took to design this update. (more…)

Elcomsoft Phone Breaker Update: Improved iCloud Acquisition, Two-Factor Authentication and Stronger Brute Force

Wednesday, December 17th, 2014

We are excited to announce an update to one of our oldest mobile forensic tools, Elcomsoft Phone Breaker. In this release we mostly targeted iCloud acquisition, although we’ve made some changes to the password recovery algorithm targeting iOS offline backups. All in all, the new tool can be used under a wider range of circumstances, squeezes more juice of your existing acceleration hardware and adds support for newest and greatest AMD and NVIDIA boards.

(more…)

Breaking Into iCloud: No Password Required

Tuesday, June 17th, 2014

With little news on physical acquisition of the newer iPhones, we made every effort to explore the alternatives. One of the alternatives to physical acquisition is over-the-air acquisition from Apple iCloud, allowing investigators accessing cloud backups stored in the cloud. While this is old news (we learned to download data from iCloud more than two years ago), this time we have something completely different: access to iCloud backups without a password! The latest release of Phone Password Breaker is all about password-free acquisition of iCloud backups. (more…)

Phone Password Breaker with all-new UI, BlackBerry 10 support, and downloading Windows Phone 8 data from the cloud

Thursday, May 8th, 2014

This time, we are updating our bread-and-butter mobile forensic tool, Elcomsoft Phone Password Breaker, to version 3.0 (beta). This new version has many things that are new or have changed. Let’s see what’s new, and why. (more…)

Welcome Holidays With ElcomSoft

Thursday, December 12th, 2013

Seasonal Offer

With most waited winter holidays just around the corner, now is the best time to take care of your easy after-holidays start at work with less headache, more pleasure, and all your passwords in place.

We give you 35% discount for our product releases of 2013 starting from today and available till 16th December, 2013. This offer is valid for direct online purchases only, with help of your special coupon code NY2014-OFF35 (enter the code while placing your order) for the following products:

Elcomsoft Password Recovery Bundle includes all our software (except for Elcomsoft iOS Forensic Toolkit) and embraces all updates of the year.

Elcomsoft Distributed Password Recovery, a high-end solution for big networked workstations added hardware acceleration for a number of file formats(see www.elcomsoft.com/edpr.html) on AMD Radeon HD cards (including 7000 series) and support for Tesla K20.

Elcomsoft iOS Forensic Toolkit, an all-in-one solution for bit-precise physical acquisition of iOS devices got more flexibility on cracking the passcode in ‘Guided’ mode allowing you to detect the passcode type or perform the brute-force or dictionary attack with selected options. The toolkit also supports iPhone 5S and iPad 4 (jailbroken without passcode, non-jailbroken with passcode) for complete forensic analysis of devices’ contents.

Elcomsoft Phone Password Breaker, an ideal solution for investigation of Apple and BlackBerry mobile devices added support for iOS 7 iTunes and iCloud backups, including keychain decryption and flexible iCloud downloading and quick downloading of iCloud backup data by selected categories.

Advanced Office Password Recovery, an irreplaceable utility for home and corporate usage was speeded up in password recovery for MS Office 2007/2010 and 2013 with AMD OpenCL, NVIDIA CUDA, and NVIDIA Tesla K20.

Elcomsoft Wireless Security Auditor, a unique tool to recover the original WPA/WPA2-PSK text passwords also added support for latest AMD Radeon R2xx cards, NVIDIA graphic cards, and NVIDIA Tesla K20.

 Asantall our team wishes you a lot of new successful opportunities and greatest accomplishments in 2014!