Archive for the ‘General’ Category

Dealing with a Locked iPhone

Friday, April 15th, 2016

So you’ve got an iPhone, and it’s locked, and you don’t know the passcode. This situation is so common, and the market has so many solutions and “solutions” that we felt a short walkthrough is necessary.

What exactly can be done to the device depends on the following factors:

Hardware Generation


From the point of view of mobile forensics, there are three distinct generations:

  1. iPhone 4 and older (acquisition is trivial)
  2. iPhone 4S, 5 and 5C (32-bit devices, no Secure Enclave, jailbreak required, must be able to unlock the device)
  3. iPhone 5S, 6/6S, 6/6S Plus and newer (64-bit devices, Secure Enclave, jailbreak required, passcode must be known and removed in Settings)


Smartphone Encryption: Why Only 10 Per Cent of Android Smartphones Are Encrypted

Monday, March 21st, 2016

“Had San Bernardino shooter Syed Rizwan Farook used an Android phone, investigators would have had a better chance at accessing the data”, says Jack Nicas in his article in The Wall Street Journal. Indeed, the stats suggest that only 10 per cent of the world’s 1.4 billion Android phones are encrypted, compared with 95 per cent of Apple’s iPhones. Of those encrypted, a major number are using Nexus smartphones that have encryption enforced by default.

What is the reason behind this low encryption adoption rate among Android users? Let’s first have a look at how encryption is enforced by two major mobile OS manufacturers, then look at how it’s implemented by either company. (more…)

Apple vs. the Government: Follow-up

Monday, February 22nd, 2016

We are closely following the case of Apple battling the US government on unlocking the iPhone of San Bernardino mass murderer Farook who killed 14 in December 2015. In our previous post we looked at what the FBI was asking, and why Apple opposes the motion.

On February 19th, a new document shows up. The “GOVERNMENT’S MOTION TO COMPEL APPLE INC. TO COMPLY WITH THIS COURT’S FEBRUARY 16, 2016 ORDER COMPELLING ASSISTANCE IN SEARCH; EXHIBIT”. In this document (which is a highly recommended reading by the way), government attorneys summarize several important points and reply to the many Apple’s and public concerns raised after the original court order. So what do we know today about this case that we didn’t know last week?

The Passcode Is Numeric

The government states that the iPhone 5C in question is protected with a numeric password (see the above motion, p.5/13). This, in turn, means that all possible combinations can be enumerated in about 30 minutes (if the passcode consists of 4 digits) or several days (if there were 6 digits).

In other words, Apple could disable the artificial delay that increases the time between unsuccessful entries, as well disable as the provision that may wipe the phone’s data after 10 unsuccessful attempts. The company could then run an attack on the passcode (using either an in-house tool or one of the many existing forensic solutions such as Elcomsoft iOS Forensic Toolkit), and unlock the device in almost no time.

A Message to Our Customers, Apple and FBI

Thursday, February 18th, 2016

On Tuesday, a federal judge ordered Apple to assist the authorities in breaking into a locked iPhone 5C used by Syed Farook, who killed 14 in San Bernardino in December. According to the FBI, the phone might contain critical information about connections with Islamic terrorist groups. Apple opposed the motion and published an open letter at saying that “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”

So what is the government asking, does Apple have it, and is it technically possible to achieve what they are asking? Let’s try to find out.


Discounts and Novelties From Our ElcomShop!

Friday, February 5th, 2016

Dear friends, here we come with a set of novelties from our ElcomShop. We’ve made a few new designs and added new fancy products, such as long sleeve shirts for girls and baseball caps for boys and separately for dads 🙂 and mugs for everyone. All company designs applied to a wide and varied range of products can be found in our shop window.

Good quality souvenirs from our shop will brighten your day and please your eyes. Placing an order is as easy as 1-2-3, simply choose an item, specify its color and size – and voila. And the best part of your order is that you don’t have to pay for delivery!

Yes, enjoy your absolutely free standard shipping for all orders over $50 till February 16, 2016. Use your exclusive coupon code FREESHIP2016 in order to save on delivery, and have a lovely shopping!


Elcomsoft Phone Breaker 5.20: Direct iCloud Access and iOS 9.3 Support

Thursday, February 4th, 2016

Apple is currently testing a new major iOS release, the iOS 9.3. At this time, the second beta version is available. We looked into what has changed in the new OS, and discovered that iOS 9.3 introduces some minor changes to encryption of certain data stored in cloud backups. However minor, these changes effectively prevented older versions of Elcomsoft Phone Breaker from decrypting the data, which made us release an update ASAP. In addition, we were able to discover and fix the issue with some iOS 9.2 backups not properly decrypting (which wasn’t easy since the issue was intermittent). Finally, we got rid of the requirement to have iCloud for Windows installed as Elcomsoft Phone Breaker shifts to using direct access API.

Hacking For Dummies by Kevin Beaver (5th edition)

Friday, January 29th, 2016

HFDIt is our greatest pleasure to recommend the newest edition of “Hacking For Dummies” by Kevin Beaver, an independent IT security consultant, a practical guide on computer and mobile security updated to the current state of industry. With a natural talent of word Kevin easily guides you through security issues in a very clear and consistent manner, so that all major aspects of IT security, authentication and pen-testing are covered. With such a harmonious and sequential unveiling of security subjects as in this book, it is much easier to dig deeper into particular questions of your own interest.

We know Kevin Beaver from long ago, since that very happy moment when he decided to check out our software and see how it works. Having tried all our tools and providing professional feedback Kevin immensely contributed towards our software developments.

Now it’s a great honor for us to be mentioned in various editions of his book, including the latest one, with reference to practically all of our programs, primarily because they are all meant for getting access to password protected data or encrypted disks and crypto containers. Reverse engineering and data decryption is our main focus since the very beginning of the company. However, lately the focus of our attention has been slowly drifting more “into the cloud” taking the shape of such products as Elcomsoft Explorer for WhatsApp or Elcomsoft Cloud eXplorer for Google Accounts. And it is not a coincidence that Kevin’s book covers cloud security topic as well. So, get these 408 pages of hacks and tips against them right meow and enjoy your reading.

Forensic Acquisition: Android

Friday, January 29th, 2016

While here at ElcomSoft we offer a limited range of tools for acquiring Android devices that’s pretty much limited to over-the-air acquisition, we are still often approached with questions when one should use cloud extraction, and when other acquisition methods should be used. In this article, we decided to sum up our experience in acquiring the various Android devices, explaining why we decided to go for a cloud acquisition tool instead of implementing the many physical and logical extraction methods. This article is a general summary of available acquisition methods for the various makes, models, chipsets and OS versions of Android smartphones. The article is not intended to be a technical guide; instead, it’s supposed to give you a heads-up on approaching Android acquisition.


Google Timeline: How Law Enforcement Can Use Google Data

Monday, January 25th, 2016

As we all know, Google collects and processes an awful lot of data about pretty much everyone who is using the company’s cloud services or owns a smartphone running the Android OS (or, to be precise, is using a device with Google Mobile Services). Just how much data is available was described in our previous article, What Google Knows about You, and Why It Matters. Today, we’ll discuss something slightly different. Meet Google Timeline, a relatively new feature extending the company’s Maps service.