Archive for the ‘Clouds’ category

Today, we have an important date. It’s been 13 years since we invented a technique that reshaped the landscape of modern password recovery. 13 years ago, we introduced GPU acceleration in our then-current password recovery tool, enabling the use of consumer-grade gaming video cards for breaking passwords orders of magnitude faster.

Everyone’s iPhones contain overwhelming amounts of highly sensitive personal information. Even if some of that data is not stored on the device, the iPhone itself or the data inside can work as a key to other many things from bank accounts to private family life. While there are many possible vectors of attack, the attacker will always try exploiting the weakest link. Learn to think like one, find the weakest link and eliminate the potential vulnerabilities before they are exploited. This guide comes from the forensic guys making tools for the law enforcement, helping the good guys break into the bad guys’ iPhones.

iOS 14 is officially out. It’s a big release from the privacy protection standpoint, but little had changed for the forensic expert. In this article, we’ll review what has changed in iOS 14 in the ways relevant for the forensic crowd.

The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by Apple. We are also excited to become the first forensic company to offer support for iCloud backups saved by iOS 14 beta devices, all while supporting the full spectrum of two-factor authentication methods. We are proud to provide the most comprehensive forensic support of Apple iCloud with unmatched performance, accelerating forensic investigations and providing access to critical evidence stored in the cloud.

Location data is one of the most sensitive pieces of personal information. In today’s world, aggregated location data is as sensitive and as valuable as the user’s passwords. Once this data is transmitted to the OS manufacturer’s cloud service or any of the third-party vendors, the user has the right to know exactly what information is collected; who, when, and how has access to it. In today’s article, we will talk about one of the iOS lesser known features called “Significant locations”.

How can you obtain the highest amount of data from an iPhone, iPad, Apple TV or Apple Watch? This is not as simple as it may seem. Multiple overlapping extraction methods exist, and some of them are limited to specific versions of the OS. Let’s go through them and summarize their availability and benefits.

Apple iCloud contains massive amounts of data, which may become highly valuable evidence. The oldest and most frequently mentioned are iCloud backups, which ElcomSoft were the first to extract back in 2012. A lot has changed since then. Today, iCloud backups account for a very minor part of the evidence available in iCloud. Learn what types of data are stored in iCloud, how Apple protects the data with end-to-end encryption, and how to access that valuable evidence with the updated Elcomsoft Phone Breaker.

Since iOS 5, Apple allows users to back up their phones and tablets automatically into their iCloud account. Initially, iCloud backups were similar in content to local (iTunes) backups without the password. However, the introduction of iCloud sync has changed the rules of the game. With more types of data synchronized through iCloud as opposed to being backed up, the content of iCloud backups gets slimmed down as synchronized information is excluded from cloud backups (but still present in local backups).

Multi-factor authentication is the new reality. A password alone is no longer considered sufficient. Phishing attacks, frequent leaks of password databases and the ubiquitous issue of reusing passwords make password protection unsafe. Adding “something that you have” to “something that you know” improves the security considerably, having the potential of cutting a chain attack early even in worst case scenarios. However, not all types of two-factor authentication are equally secure. Let’s talk about the most commonly used type of two-factor authentication: the one based on text messages (SMS) delivered to a trusted phone number.

When attacking a password, the traditional forensic workflow requires uploading the entire encrypted file or document into a password recovery tool. This approach, while simple and intuitive, has one major drawback if you are using remote computers or cloud instances to perform an attack. If the remote computer is compromised, the entire file or document is leaked complete with its (still encrypted) contents. Learn how to overcome this issue and perform remote attacks without the reason of leaking personal information.