All posts by Olga Koksharova

Switching iPhones into a DFU (Device Firmware Update) mode is a hassle. Power off, press that and hold those that many seconds, release this but continue holding that until hopefully something happens on the phone. Many iPhone users have major troubles switching their iPhones into DFU mode. Luckily for them, they don’t have to do the Apple Dance too often.

Criminal investigators, police officers and workers of the intelligence are not as lucky. They have dozens of iPhones to process every day, hundreds every week. “When I get an iPhone, I only have two hours”, says a police officer who’s name we cannot disclose. “In 120 minutes, I have to acquire and process information from that phone. Honestly, I can rarely complete it in a proper way.”

Here at ElcomSoft, we’re trying to do everything to make the life of investigators easier. Performing a physical acquisition with EIFT, which is the only proper way to capture everything in the phone, only takes 20 to 40 minutes depending on the model. But here comes another pitfall. Unlike pickpockets and fraudsters with long, thin fingers, police officers have big hands and firm, strong fingers. Performing the Apple Dance is extremely frustrating and almost physically painful. “I have to try and try before I can twist my fingers to hold those damn buttons”, confesses another police officer. “These damn things are too small and slick”.

Visiting the EuroForensics conference a few days ago, I was demonstrating how easy it was to switch an iPhone into DFU mode. I did it right the first time, but on a second try I failed miserably. “I’m too old for this shtuff”, commented yet another visitor whose badge simply read “Special Agent”.

I passed my concerns to ElcomSoft R&D department, and they built a mockup of an ingenious device automating this sort of things. They called it “iOS DFU Mode Starter”. As a first mockup, it’s not yet perfect. It requires careful placement of the device, and you have to plug a USB cable by hand. Other than that, iOS DFU Mode Starter can switch the device into Debug Firmware Update mode with 100% reliability. “It’s almost infallible”, says Andrey Belenko, ElcomSoft leading researcher. “And it was incredible fun to build”.

Here’s a video demonstrating how the new device works:

 

Why LEGO?

I was shocked at first when I saw the robot. A LEGO? Are you guys kidding me? It turned out our R&D guys were serious as ever. Here’s what Andrey Belenko has to say about this robot.

“Constructing mockups and early prototypes with LEGO bricks is commonplace for building robots. Honestly, LEGO blocks are a godsend to all robot builders. Don’t be fooled with the look of the thing; these bricks are a serious prototyping tool.”

“LEGO bricks hold together amazingly well under low and medium load. LEGO blocks come in a wide assortment of shapes and sizes. They give a tight fit, they are reusable, and they save us a lot of time when prototyping. We’re not building an industrial piece; this robot simply handles a modern electronic device. No force is required.”

Whether or not this device goes into production, and what the price is going to be like if it does is yet to be determined.

We’ve analyzed 17 popular password management apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single password keeper app provides a claimed level of protection. None of the password keepers except one are utilizing iOS or BlackBerry existing security model, relying on their own implementation of data encryption. ElcomSoft research shows that those implementations fail to provide an adequate level of protection, allowing an attacker to recover encrypted information in less than a day if user-selectable Master Password is 10 to 14 digits long.

The Research

Both platforms being analyzed, BlackBerry and Apple iOS, feature comprehensive data security mechanisms built-in. Exact level of security varies depending on which version of Apple iOS is used or how BlackBerry users treat memory card encryption. However, in general, the level of protection provided by each respective platform is adequate if users follow general precautions.

The same cannot be said about most password management apps ElcomSoft analyzed. Only one password management app for the iOS platform, DataVault Password Manager, stores passwords in secure iOS-encrypted keychain. This level of protection is good enough by itself; however, that app provides little extra protection above iOS default levels. Skipping the complex math (which is available in the original whitepaper), information stored in 10 out of 17 password keepers can be recovered in a day – guaranteed if user-selectable master password is 10 to 14 digits long, depending on application. What about the other seven keepers? Passwords stored in them can be recovered instantly because passwords are either stored unencrypted, are encrypted with a fixed password, or are simply misusing cryptography.

Interestingly, BlackBerry Password Keeper and Wallet 1.0 and 1.2 offer very little protection on top of BlackBerry device password. Once the device password is known, master password(s) for Wallet and/or Password Keeper can be recovered with relative ease.

In the research we used both Elcomsoft Phone Password Breaker and Elcomsoft iOS Forensic Toolkit.

Recommendations

Many password management apps offered on the market do not provide adequate level of security. ElcomSoft strongly encourages users not to rely on their advertised security, but rather use iOS or BlackBerry built-in security features.

In order to keep their data safe, Apple users should set up a passcode and a really complex backup password. The unlocked device should not be plugged to non-trusted computers to prevent creation of pairing. Unencrypted backups should not be created.

BlackBerry users should set up a device password and make sure media card encryption is off or set to “Encrypt using Device Key” or “Encrypt using Device Key and Device Password” in order to prevent attackers from recovering device password based on what’s stored on the media card. Unencrypted device backups should not be created.

The full whitepaper is available at http://www.elcomsoft.com/WP/BH-EU-2012-WP.pdf

Today, we released an updated version of iOS Forensic Toolkit. It’s not as much of an update to make big news shout, but the number of improvements here and there warrants a blog post, and is definitely worth upgrading to if you’re dealing with multiple iPhones on a daily basis.

The newly updated Elcomsoft iOS Forensic Toolkit now supports iOS 5.1 and adds a number of small and not-so-small enhancements to the already sound package. The ability to try top 100 most common passcodes gives a chance to recover a passcode in a matter of minutes. There’s one more thing new with the updated iOS Forensic Toolkit: an iPhone booted with iOS Forensic Toolkit now displays a small ElcomSoft logo instead of the default one.

Top 100 Passcodes

We’ve seen lots of iPhones. Most are locked with simple, easy to remember passcodes. We were able to compile a list of most commonly used passcodes. There are the obvious ones like 1111, 2222, 1234, 5555, vertical raw 2580, and there are many ‘convenience’ passcodes that are just easier to remember or enter on the iPhone’s screen. There’s a whole range of passcodes representing possible dates significant to iPhone owners; these passcodes range from early 1930 to 2020. The updated iOS Forensic Toolkit will now try these passcodes before launching a brute-force attack.

How good are the chances? A recent study demonstrated that as many as 15% of all passcode sets are represented by only 10 different passcodes (out of 10,000 possible combinations). That’s 1 in 7 iPhones unlocked within minutes or even seconds.

New Logo

iPhones booted by iOS Forensic Toolkit will now display ElcomSoft logo when loading. Not a big deal, but a nice and pleasant for us visual effect 🙂

We also added a few other improvements and enhancements here and there, making the new version a recommended update.

Attacking Wi-Fi passwords is near hopeless if a wireless hotspot is properly secured. Today’s wireless security algorithms such as WPA are using cryptographically sound encryption with long passwords. The standard enforces the use of passwords that are at least 8 characters long. Encryption used to protect wireless communications is tough and very slow to break. Brute-forcing WPA/WPA2 PSK passwords remains a hopeless enterprise even if a horde of GPU’s is employed. Which is, in general, good for security – but may as well inspire a false sense of security if a weak, easy to guess password is selected.

Elcomsoft Wireless Security Auditor is one tool to test how strong the company’s Wi-Fi passwords are. After checking the obvious vulnerabilities such as open wireless access points and the use of obsolete WEP encryption, system administrators  will use Wireless Security Auditor that tries to ‘guess’ passwords protecting the company’s wireless traffic. In previous versions, the guessing was limited to certain dictionary attacks with permutations. The new version gets smarter, employing most of the same guessing techniques that are likely to be used by an intruder.

Humans are the weakest link in wireless security. Selecting a weak, easy to guess password easily overcomes all the benefits provided by extensive security measures implemented in WPA/WPA2 protection. In many companies, employees are likely to choose simple, easy to remember passwords, thus compromising their entire corporate network.

The New Attacks
The new attacks help Elcomsoft Wireless Security Auditor recover weak passwords, revealing existing weaknesses and vulnerabilities in companies’ wireless network infrastructure.

Word Attack
If it’s known that a password consists of a certain word, the Word attack will attempt to recover that password by trying heavily modified versions of that word. This attack only has two options: you can set the source word and you can disable all permutations except changing the letter case. In addition, we can apply permutations to the source word first, forming a small dictionary; then perform a full dictionary attack, applying various permutations to all words from the newly formed list.

Mask Attack
Certain passwords or password ranges may be known. The mask attack allows creating a flexible mask, brute-forcing the resulting limited combination of passwords very quickly. The masks can be very flexible. One can specify placeholders for static characters, letter case, as well as full or limited range of special characters, digits or letters. Think of the Mask attack as an easy (and very flexible) way to check all obvious passwords from Password000 to Password999.

Combination Attack
You have two dictionaries. We combine each word from one dictionary with every word from another. By default, the words are combined as is, but you can increase the number of possible combinations by allowing delimiters (such as space, underscore and other signs), checking upper/lower case combinations or using extra mutations.

Hybrid Attack
This is one of the more interesting attacks out there. In a sense, Hybrid attacks come very close to how real human intruders think. The Hybrid attacks integrates ElcomSoft’s experience in dealing with password recovery. We’ve seen many (think thousands) weak passwords, and were able to generalize ways people are making them. Dates, names, dictionary words, phrases and simple character substitutions are the most common things folks do to make their passwords ‘hard to guess’. The new Hybrid attack will handle the ‘hard’ part.

Technically, the Hybrid attack uses one or more dictionaries with common words, and one or more .rul files specifying mutation rules. We’re supplying a few files with the most commonly used mutation rules:

Common.rul – integrates the most commonly used mutations. In a word, we’ve seen those types of passwords a lot, so we were able to generalize and derive these rules.
Dates.rul – pretty much what it says. Combines dictionary words with dates in various formats. This is a pretty common way to construct weak passwords.
L33t.rul – the “leet” lingo. Uses various combinations of ASCII characters to replace Latin letters. C001 hackers make super-strong passwords with these… It takes minutes to try them all.
Numbers.rul – mixes dictionary words with various number combinations.

We runned yet another Password Usage Bahaviour survey on our Web site and gthered statistically significant data, reflected in the following charts. And the main conclusion was that most people working with sensitive information want stricter security policies but rarely bother changing default passwords.

Less than 50% of all respondents come from Computer Law, Educational, Financial, Forensics, Government, Military and Scientific organizations. The larger half of respondents comes from ‘Other’ type of organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

The quiz revealed a serious issue with how most respondents handle default passwords (passwords that are automatically generated or assigned to their accounts by system administrators). Only 28% of respondents would always change the default password, while more than 50% would usually keep the assigned one. In ElcomSoft’s view, this information should really raise an alert with IT security staff and call for a password security audit. ElcomSoft offers a relevant tool, Proactive Password Auditor, allowing organizations performing an audit of their network account passwords.

Unsurprisingly for a sample with given background, most respondents weren’t happy about their organizations’ security policies, being in either full or partial disagreement with their employer’s current policy (61%). 76% of all respondents indicated they wanted a stricter security policy, while 24% would want a looser one. The surprising part is discovered in the next chart: of those who are fully content with their employers’ security policies, only 11% would leave it as it is, 20% would vote for a looser policy, and 69% would rather have a stricter security policy.

The complete results and charts are available at http://www.elcomsoft.com/PR/quiz-charts.pdf

 

Dear friends,

It really takes willpower to control our excitement about the surprises we prepared for you these pre-holiday days.  We arranged three ultra-appealing bundles and we can’t hide them any loger, so here they are:

 

1. EPPB + EBBE = take two at the price of one!
2. EPPB + EBBE + EIFT = get EBBE & EPPB for free!
3. EPRB Forensic = special NY 2012 price! (twice less!!)

 Check out more info on our website:

http://www.elcomsoft.com/happy-new-year-2012.html

Experience Elcomsoft Password Recovery Bundle which breaks all barriers, twice cheaper throughout December 2011. There is no substitute. 

Don’t rush, take your time… till December 31. 😉

 

iOS 5 Support

When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

What does enhanced security mean for the user? With iOS 5, they are getting a bit more security. Their keychain items such as Web site, email and certain application passwords will remain secure even if their phone falls into the hands of a forensic specialist. That, of course, will only last till the moment investigators obtain the original device passcode, which is only a matter of time if a tool such as iOS Forensic Toolkit is used to recover one.

What does this mean for the forensics? Bad news first: without knowing or recovering the original device passcode, some of the keychain items will not be decryptable. These items include Web site passwords stored in Safari browser, email passwords, and some application passwords.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Faster Operation

Besides adding support for the latest iOS 5, Elcomsoft iOS Forensic Toolkit becomes 2 to 2.5 times faster to acquire iOS devices. When it required 40 to 60 minutes before, the new version will take only 20 minutes. For example, the updated iOS Forensic Toolkit can acquire a 16-Gb iPhone 4 in about 20 minutes, or a 32-Gb version in 40 minutes.

Yet again, we are back from a couple of conferences organized specially for heavy computer users like us. We are particularly happy that our company was again warmly welcomed by the overseas hacking community – thank you for accepting and visiting our talk – and that FBI didn’t bother us too much during our stay, though they didn’t miss a chance to scare the crap out of Andrey and Vladimir right before their departure back to Moscow.  Apart from that little episode with three-letter guys everything went smoothly.

At Black Hat Andrey made his presentation about iOS encryption and as you may guess it was not the only one talk about iOS on the conference, as the topic is quite popular now.

(more…)

SANS Information Security Reading Room has recently publicized a whitepaper about iOS security where they mentioned our software – Elcomsoft iOS Forensic Toolkit – in a section about encryption. Kiel Thomas, the author of the whitepaper, explained one more time the main principles of iOS 4 encryption, which became stronger in comparison with iOS 3.x and how our toolkit can bypass new strong algorithms.

In its next part about iTunes Backups Kiel touches upon Elcomsoft Phone Password Breaker which virtually crunches backup passwords at speed of 35000 passwords per second (with AMD Radeon HD 5970) using both brute force and dictionary attacks, here are some benchmarks.

It seems the paper does not miss out on any nuance about iOS 4 and provides practical advice to either avoid or prevent from the depressing outcomes, such as loss of data. Closer to the end of the paper you will also find several sagacious tips for using the devices within organizations, including passcode management, a so called “first line of defense” which according Kiel’s view “can be matched to existing password policies”, however he inclines to use passwords instead of 4 digit passcodes.

And in conclusion the author discovers that smartphone and tablet security measurements resemble the ones of laptops, because they all belong to mobile devices.  Find out more details in the source itself: http://www.sans.org/reading_room/whitepapers/pda/security-implications-ios_33724
 

ElcomSoft had a great time overseas in the US, first at Techno Security Conference in Myrtle Beach, SC and later at AMD Fusion Developer Summit in Bellevue, WA. So it happened to be quite a long visit to the US full of preparations, talks, meetings, new acquaintances, parties and positive emotions (sun and ocean did their work). 

At Techno Security it seemed like we were the only newcomers (maybe partly due to this fact we were so warmly welcomed), as practically everybody knew each other (even visitors) and the whole situation resembled an alumni party in a very positive and friendly atmosphere. (more…)