Archive for the ‘Security’ Category

Apple Two-Factor Authentication vs. Two-Step Verification

Friday, April 1st, 2016

Two-step verification and two-factor authentication both aim to help users secure their Apple ID, adding a secondary authentication factor to strengthen security. While Apple ID and password are “something you know”, two-step verification (and two-factor authentication) are both based on “something you have”.

However, Apple doesn’t make it easy. Instead of using a single two-factor authentication solution (like Google), the company went for two different processes with similar usability and slightly different names. What are the differences between the two verification processes, and how do they affect mobile forensics? Let’s try to find out.
(more…)

A Message to Our Customers, Apple and FBI

Thursday, February 18th, 2016

On Tuesday, a federal judge ordered Apple to assist the authorities in breaking into a locked iPhone 5C used by Syed Farook, who killed 14 in San Bernardino in December. According to the FBI, the phone might contain critical information about connections with Islamic terrorist groups. Apple opposed the motion and published an open letter at https://www.apple.com/customer-letter/ saying that “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”

So what is the government asking, does Apple have it, and is it technically possible to achieve what they are asking? Let’s try to find out.

(more…)

Hacking For Dummies by Kevin Beaver (5th edition)

Friday, January 29th, 2016

HFDIt is our greatest pleasure to recommend the newest edition of “Hacking For Dummies” by Kevin Beaver, an independent IT security consultant, a practical guide on computer and mobile security updated to the current state of industry. With a natural talent of word Kevin easily guides you through security issues in a very clear and consistent manner, so that all major aspects of IT security, authentication and pen-testing are covered. With such a harmonious and sequential unveiling of security subjects as in this book, it is much easier to dig deeper into particular questions of your own interest.

We know Kevin Beaver from long ago, since that very happy moment when he decided to check out our software and see how it works. Having tried all our tools and providing professional feedback Kevin immensely contributed towards our software developments.

Now it’s a great honor for us to be mentioned in various editions of his book, including the latest one, with reference to practically all of our programs, primarily because they are all meant for getting access to password protected data or encrypted disks and crypto containers. Reverse engineering and data decryption is our main focus since the very beginning of the company. However, lately the focus of our attention has been slowly drifting more “into the cloud” taking the shape of such products as Elcomsoft Explorer for WhatsApp or Elcomsoft Cloud eXplorer for Google Accounts. And it is not a coincidence that Kevin’s book covers cloud security topic as well. So, get these 408 pages of hacks and tips against them right meow and enjoy your reading.

Elcomsoft Distributed Password Recovery Updated with OS X Keychain Support and Enhanced GPU Acceleration

Thursday, November 26th, 2015

We’ve recently updated Elcomsoft Distributed Password Recovery, adding enhanced GPU-assisted recovery for many supported formats. In a word, the new release adds GPU-accelerated recovery for OS X keychain, triples BitLocker recovery speeds, improves W-Fi password recovery and enhances GPU acceleration support for Internet Key Exchange (IKE).

(more…)

Physical Acquisition for 64-bit Devices, iOS 9 Support

Wednesday, November 18th, 2015

Big news! iOS Forensic Toolkit receives its first major update. And it’s a big one. Not only does version 2.0 bring support for iOS 9 handys. We also expanded acquisition support for jailbroken devices, enabling limited data extraction from jailbroken devices locked with an unknown passcode.

Last but not least. For the first time ever, we’ve added physical acquisition support for 64-bit devices! We’ve done what was long considered to be impossible. Intrigued? Read along to find out! Can’t wait to see what can be done to 64-bit iDevices? Skip right to that section!

New in EIFT 2.0

  • iOS 9: Full physical acquisition support of jailbroken 32-bit devices running iOS 9
  • 64-bit: Physical acquisition for jailbroken 64-bit devices running any version of iOS
  • Locked: Limited acquisition support for jailbroken 32-bit and 64-bit iOS devices that are locked with an unknown passcode and cannot be unlocked

It’s probably a bit too much for a modest one-digit version bump… we should’ve named this version 3.0! (more…)

Extracting Data from Locked iPhones

Friday, November 13th, 2015

With hardware-backed full-disk encryption and additional protection of sensitive user data located in the keychain, Apple iOS is the most secure mobile operating system out there. Acquisition approaches that are traditional for Android and Windows Phone devices (namely, JTAG, ISP and chip-off) are completely meaningless for iOS devices running even years-old generations of the system. Bypassing screen lock password (passcode) has also been long considered to be useless due to the fact user data stored in the keychain is additionally encrypted with a secure key based on the passcode.

While we can’t do much with the former, our recent research shows that the latter is not entirely true. Bypassing the passcode does reveal quite a bit of information that can be useful for an investigation. And this is not just a theoretical research. We are building this functionality into a ready-to-use commercial tool, iOS Forensic Toolkit, to allow extracting data from locked iDevices – providing they have a jailbreak installed. The tool will allow pull available information from devices locked with an unknown passcode. That includes devices that were powered on (or rebooted) and never unlocked. Naturally, a pre-installed jailbreak is required in order to access the data.

(more…)

Digging Mac OS Keychains

Wednesday, September 16th, 2015

We have just released a brand new tool, and this time it’s not about mobile forensics. Or is it?

Elcomsoft Password Digger is designed for decrypting the content of Mac OS protected storage, the keychain. For one, it’s a Windows tool, so you’ll need to pull keychain files from the Mac OS system along with any decryption metadata (such as the key file for the system keychain or user’s password for decrypting the user keychain). After decrypting the keychain, we’ll export everything into an XML, and create a filtered plain-text file that only contains passwords (to be used as a pluggable dictionary in various password recovery tools).

So what is this all about?

(more…)

BlackBerry Password Keeper Escrow Key: Have We Just Found a Hidden Backdoor?

Tuesday, August 11th, 2015

As you may already know from the official press release, we’ve recently updated Elcomsoft Phone Breaker to version 4.10. From that release, you could learn that the updated version of the tool targets passwords managers, adding the ability to instantly decrypt passwords stored in BlackBerry Password Keeper for BlackBerry 10 and attack 1Password containers.

If you read along the lines though it’s a different story.

Essentially, we’ve discovered a backdoor hidden in recent versions of BlackBerry Password Keeper allowing us to decrypt the content of that app instantly without brute-forcing the master password. For our customers, this means instant access to passwords and other sensitive information maintained by BlackBerry Password Keeper. No lengthy waits and no fruitless attacks, just pure convenience. But is this convenience intentional? Did BlackBerry leave a backdoor for government access, or is this an unintentional vulnerability left by the company renowned for its exemplary security model? Let’s try to find out.

(more…)