Archive for the ‘Software’ Category

Extracting Text Messages from Google Accounts

Wednesday, April 26th, 2017

Elcomsoft Cloud Explorer 1.30 can now pull SMS (text) messages straight off the cloud, and offers enhanced location processing with support for Routes and Places. In this article, we’ll have a close look at the new features and get detailed instructions on how to use them. The first article will discuss the text messages, while enhanced location data will be covered in the one that follows.

Text Messages: Part of Android Backups (sort of)

Before we begin extracting text messages, let us check where they come from. As you may know, Android 6.0 has finally brought automated data backups. While Android backups are not nearly as complete or as comprehensive as iOS backups, they still manage to save the most important things such as device settings, the list of installed apps and app data into the cloud. Being a Google OS, Android makes use of the user’s Google Account to store backups. Unlike Apple, Google does not count the space taken by these backups towards your Google Drive allotment. At the same time, Google allows for a very limited data set to be saved into the cloud, so you can forget about multi-gigabyte backups you have probably seen in iOS.

(more…)

Routes and Places: Obtaining Enhanced Location Data from Google Accounts

Wednesday, April 26th, 2017

Even before we released Elcomsoft Cloud Explorer, you’ve been able to download users’ location data from Google. What you would get then was a JSON file containing timestamped geolocation coordinates. While this is an industry-standard open data format, it provides little insight on which places the user actually visits. A full JSON journal filled with location data hardly provides anything more than timestamped geographic coordinates. Even if you pin those coordinates to a map, you’ll still have to scrutinize the history to find out which place the user has actually gone to.

Google has changed that by introducing several mapping services running on top of location history. With its multi-million user base and an extremely comprehensive set of POI, Google can easily make educated guesses on which place the user has actually visited. Google knows (or makes a very good guess) when you eat or drink, stay at a hotel, go shopping or do other activities based on your exact location and the time you spent there. This extra information is also stored in your Google account – at least if you use an Android handset and have Location History turned on.

Elcomsoft Cloud Explorer 1.30 can now process Google’s enhanced location data, which means we can now correctly identify, extract and process user’s routes and display places they visited (based on Google’s POI). This significantly improves readability of location data, providing a list of places (such as restaurants, landmarks or shops) instead of plain numbers representing geolocation coordinates. In this article, we’ll figure out how to obtain that data and how to analyze it. (more…)

ElcomSoft Extracts Deleted Safari Browsing History from iCloud

Thursday, February 9th, 2017

Your browsing history represents your habits. You are what you read, and your browsing history reflects that. Your Google searches, visits to news sites, activities in blogs and forums, shopping, banking, communications in social networks and other Web-based activities can picture your daily activities. It could be that the browsing history is the most intimate part of what they call “online privacy”. You wouldn’t want your browsing history become public, would you?

“When I die, delete my browsing history”. This is what many of us want. However, if you’re an iPhone user, this is not going to work. Apple may hide your browsing history but still keep your records in the cloud, and someone (maybe using ElcomSoft tools) could eventually download your browsing history. How could this happen? Read along to find out!

(more…)

How to Break 30 Per Cent of Passwords in Seconds

Monday, February 6th, 2017

This article opens a new series dedicated to breaking passwords. It’s no secret that simply getting a good password recovery tool is not enough to successfully break a given password. Brute-force attacks are inefficient for modern formats (e.g. encrypted Office 2013 documents), while using general dictionaries can still be too much for speedy attacks and too little to actually work. In this article, we’ll discuss the first of the two relatively unknown vectors of attack that can potentially break 30 to 70 per cent of real-world passwords in a matter of minutes. The second method will be described in the follow-up article. (more…)

The Ugly Side of Two-Factor Authentication

Tuesday, December 20th, 2016

Two-factor authentication is great when it comes to securing access to someone’s account. It’s not so great when it gets in the way of accessing your account. However, in emergency situations things can turn completely ugly. In this article we’ll discuss steps you can do to minimize the negative consequences of using two-factor authentication if you lose access to your trusted device and your trusted phone number. In order to keep the size of this text reasonable we’ll only talk about Apple’s implementation, namely Two-Step Verification and Two-Factor Authentication. You can read more about those in our previous blog post.

(more…)

Microsoft Two-Factor Authentication: Always There

Monday, December 19th, 2016

Beginning with Windows 8.1 and Windows Phone 8.1, Microsoft started unifying its mobile and desktop operating systems. No wonder the two versions of Microsoft’s latest OS, Windows 10, share the same approach to two-factor authentication.

Microsoft employs a somewhat unique approach to two-factor authentication. Even if the user does not want to use two-factor authentication and does not set up any secondary authentication methods, in some circumstances Microsoft would still prompt to confirm account login. Just like Google, the company would verify unusual sign-in activities occurring from a new device in another country. However, it’s not just that. Microsoft would also try to verify Microsoft Account activities once the user attempts to restore a new phone (Windows Phone 8.1 or Windows 10 Mobile) from OneDrive backup. Interestingly, Microsoft would do exactly the same verification if one sets up an account on a new PC (desktop, laptop or tablet) and attempts to restore from OneDrive backup.

(more…)

Bypassing Apple’s Two-Factor Authentication

Friday, December 16th, 2016

Two-factor authentication a roadblock when investigating an Apple device. Obtaining a data backup from the user’s iCloud account is a common and relatively easy way to acquire evidence from devices that are otherwise securely protected. It might be possible to bypass two-factor authentication if one is able to extract a so-called authentication token from the suspect’s computer.

Authentication tokens are used by iCloud Control Panel that comes pre-installed on macOS computers, as well as iCloud for Windows that can be installed on Windows PCs. Authentication tokens are very similar to browser cookies. They are used to cache authentication credentials, facilitating subsequent logins without asking the user for login and password and without prompting for secondary authentication factors. Authentication tokens do not contain the user’s password, and not even a hash of the password. Instead, they are randomly generated sequences of characters that are used to identify authorized sessions.

Tip: The use of authentication tokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is available.

(more…)

Exploring Two-Factor Authentication

Thursday, December 15th, 2016

In this article we’ll discuss the differences between implementations of two-factor authentication in popular mobile platforms. We’ll research how two-factor authentication is implemented in Android, iOS and Windows 10 Mobile, and discuss usability and security implications of each implementation.

What Is Two-Factor Authentication?

Two-factor authentication is an additional security layer protecting access to user accounts in addition to their username and password. In two-factor authentication an extra verification step is required that is separate from the password. Ideally, two-factor authentication schemes would be based on verifying “something you have” in addition to “something you know”. In practical terms this is not always convenient for the end user, so very few straightforward implementations exist (mostly in the banking industry in Europe).

Using the extra verification step based on a piece of information that only the user knows or has access to makes it significantly harder for potential intruders to break in.

(more…)

Elcomsoft Wireless Security Auditor Gets Wi-Fi Sniffer

Thursday, December 1st, 2016

We released a major update to Elcomsoft Wireless Security Auditor, a tool for corporate customers to probe wireless network security. Major addition in this release is the new Wi-Fi sniffer, which now supports the majority of general-use Wi-Fi adapters (as opposed to only allowing the use of a dedicated AirPCap adapter). The built-in Wi-Fi sniffer is a component allowing the tool to automatically intercept wireless traffic, save Wi-Fi handshake packet and perform an accelerated attack on the original WPA/WPA2-PSK password.

(more…)