Archive for June, 2020

BitLocker is Windows default solution for encrypting disk volumes. A large number of organizations protect startup disks with BitLocker encryption. While adding the necessary layer of security, BitLocker also has the potential of locking administrative access to the encrypted volumes if the original Windows logon password is lost. We are offering a straightforward solution for reinstating access to BitLocker-protected Windows systems with the help of a bootable USB drive.

A lot of people have asked me over the past couple of months – “What’s that cable on your desk, James?”. Today I’ll tell you all about it. Every accessory that connects to your iPhone via lightning is ‘flashed’ with an Accessory ID. The Accessory ID essentially identifies the device connected to the iPhone as a specific type. For example, a Lightning-To-Ethernet adapter will identify itself with it’s assigned Accessory ID so the iPhone knows how to treat the device and interact with it. It’s sort of like directing the iPhone to use a specific driver to interact with said device.

How can you obtain the highest amount of data from an iPhone, iPad, Apple TV or Apple Watch? This is not as simple as it may seem. Multiple overlapping extraction methods exist, and some of them are limited to specific versions of the OS. Let’s go through them and summarize their availability and benefits.

Originally released in September 2016, iOS 10 was regularly updated for most devices until July 2017. The 64-bit iPhones capable of running iOS 10 range from the iPhone 5s to iPhone 7 and 7 Plus. While one is hardly likely to encounter an iOS 10 in the wild, forensic labs still process devices running the older version of the OS. In this update, we’ve brought support for jailbreak-free extraction back to the roots, adding support for the oldest version of iOS capable of running on the iPhone 7 generation of devices. Let’s see what it takes to extract an older iPhone without a jailbreak. In addition, we have expanded support for the Apple TV devices, now offering keychain decryption in addition to file system extraction for both Apple TV 4 (Apple TV HD) and Apple TV 4K running tvOS 13.4 through 13.4.5.

Is jailbreaking an Apple TV worth it? If you are working in the forensics, it definitely is. When connected to the user’s Apple account with full iCloud access, the Apple TV synchronizes a lot of data. That data may contain important evidence, and sometimes may even help access other iCloud data. I have some great news for the forensic crowd: the Apple TV does not have a passcode. And some bad news: jailbreaking is not as easy and straightforward as we’d like it to be. Let’s have a look at what can be done.

Apple iCloud contains massive amounts of data, which may become highly valuable evidence. The oldest and most frequently mentioned are iCloud backups, which ElcomSoft were the first to extract back in 2012. A lot has changed since then. Today, iCloud backups account for a very minor part of the evidence available in iCloud. Learn what types of data are stored in iCloud, how Apple protects the data with end-to-end encryption, and how to access that valuable evidence with the updated Elcomsoft Phone Breaker.

Since iOS 5, Apple allows users to back up their phones and tablets automatically into their iCloud account. Initially, iCloud backups were similar in content to local (iTunes) backups without the password. However, the introduction of iCloud sync has changed the rules of the game. With more types of data synchronized through iCloud as opposed to being backed up, the content of iCloud backups gets slimmed down as synchronized information is excluded from cloud backups (but still present in local backups).

It’s an honor to be given the opportunity to post on the ElcomSoft Blog, and I’d like to thank the ElcomSoft team for supporting my research. Recently I’ve been sent over a few questions from members of the community, such as “Why can’t we decrypt the data from a disabled iPhone over SSH if we know the passcode?” and “I tried to SCP a file from the device to the Mac, but getting permission errors”. Today I’m going to answer these questions in a Q&A format for you all so hopefully we can shed some light on how this works! The article is aimed to be accessible for everybody, including beginners and non-technical users. Without further ado…

Multi-factor authentication is the new reality. A password alone is no longer considered sufficient. Phishing attacks, frequent leaks of password databases and the ubiquitous issue of reusing passwords make password protection unsafe. Adding “something that you have” to “something that you know” improves the security considerably, having the potential of cutting a chain attack early even in worst case scenarios. However, not all types of two-factor authentication are equally secure. Let’s talk about the most commonly used type of two-factor authentication: the one based on text messages (SMS) delivered to a trusted phone number.

iPhone users have access to literally hundreds of instant messaging apps. These apps range all the way from the built-in iMessage app to the highly secure Signal messengers, with all stops in between. Many of the messaging apps are marketed as ‘secure’ or ‘protected’ messengers, touting end-to-end encryption and zero retention policies. We routinely verify such claims by analyzing the security of various instant messaging apps. It turned out that the degree of protection can vary greatly, having little to do with the developers’ claims. Today we’ll check out Confide, a tool advertising unprecedented level of security.