In the world of no jailbreak, acquisition opportunities are limited. Experts are struggling to access more information from those sources that are still available. Every little bit counts. In Elcomsoft Phone Viewer 3.0, we’ve added what might appear like a small bit: the ability to view undismissed iOS notifications. Unexciting? Hardly. Read along to discover how extracting notifications from iOS backups can make all the difference in an investigation! Read the rest of this entry »
 |
Extracting Unread Notifications from iOS Backups |
| March 2nd, 2017 by Oleg Afonin |
|
How to Break 70% of Passwords in Minutes |
| February 14th, 2017 by Oleg Afonin |
According to surveys, the average English-speaking consumer maintains around 27 online accounts. Memorizing 27 unique, cryptographically secure passwords is nearly impossible for a person one could reasonably call “average”. As a result, the average person tends to reuse passwords, which means that a single password (or its simple variations) can be used to protect multiple online accounts and services. The same passwords are very likely to be chosen to protect access to offline resources such as encrypted archives and documents. In fact, several independent researches published between 2012 and 2016 suggest that between 59 and 61 per cent of consumers reuse passwords.
Considering how consistent the numbers are between multiple researches carried out over the course of four years, we can safely assume that around 60% of consumers reuse their passwords. How can this data help us break passwords, and how did we arrive to the value of 70% in the title? Read along to find out! Read the rest of this entry »
 |
ElcomSoft Extracts Deleted Safari Browsing History from iCloud |
| February 9th, 2017 by Vladimir Katalov |
Your browsing history represents your habits. You are what you read, and your browsing history reflects that. Your Google searches, visits to news sites, activities in blogs and forums, shopping, banking, communications in social networks and other Web-based activities can picture your daily activities. It could be that the browsing history is the most intimate part of what they call “online privacy”. You wouldn’t want your browsing history become public, would you?
“When I die, delete my browsing history”. This is what many of us want. However, if you’re an iPhone user, this is not going to work. Apple may hide your browsing history but still keep your records in the cloud, and someone (maybe using ElcomSoft tools) could eventually download your browsing history. How could this happen? Read along to find out!
|
How to Break 30 Per Cent of Passwords in Seconds |
| February 6th, 2017 by Oleg Afonin |
This article opens a new series dedicated to breaking passwords. It’s no secret that simply getting a good password recovery tool is not enough to successfully break a given password. Brute-force attacks are inefficient for modern formats (e.g. encrypted Office 2013 documents), while using general dictionaries can still be too much for speedy attacks and too little to actually work. In this article, we’ll discuss the first of the two relatively unknown vectors of attack that can potentially break 30 to 70 per cent of real-world passwords in a matter of minutes. The second method will be described in the follow-up article. Read the rest of this entry »
|
Extracting WhatsApp Conversations from Android Smartphones |
| February 2nd, 2017 by Oleg Afonin |
As you may already know, we’ve added Android support to our WhatsApp acquisition tool, Elcomsoft Explorer for WhatsApp. While the updated tool can now extract WhatsApp communication histories directly from Android smartphones with or without root access, how do you actually use it, and how does it work? In this blog post we’ll be looking into the technical detail and learn how to use the tool.
|
iOS 10 Physical Acquisition with Yalu Jailbreak |
| January 30th, 2017 by Vladimir Katalov |
Just a few days ago we updated iOS Forensic Toolkit with iOS 10 support. At that time, no jailbreak was available for iOS 10.2. As a consequence, physical acquisition was impossible.
A working jailbreak materialized much sooner than we could’ve hoped. Luca Todesco released a working Yalu102 jailbreak, allowing enthusiasts to mod their devices and enabling forensic experts perform physical acquisition of select iOS devices.
|
How Can I Break Into a Locked iOS 10 iPhone? |
| January 26th, 2017 by Oleg Afonin |
Each iteration of iOS is getting more secure. With no jailbreak available for the current version of iOS, what acquisition methods are available for the iPhone 7, 7 Plus and other devices updating to iOS 10? How does the recent update of Elcomsoft iOS Forensic Toolkit help extracting a locked iOS 10 iPhone? Read along to find out!
iOS 10: The Most Secure iOS
When iOS 8 was released, we told you that physical acquisition is dead. Then hackers developed a jailbreak, and we came up with an imaging solution. Then it was iOS 9 that nobody could break for a while. The same thing happened: it was jailbroken, and we made a physical acquisition tool for it. Now it’s time for iOS 10.2 and no jailbreak (again). While eventually it might get a jailbreak, in the meanwhile there is no physical acquisition tool for iOS 10 devices. Considering that iPhone 7 and 7 Plus were released with iOS 10 onboard, your acquisition options for these devices are somewhat limited.
Plan “B”
With no jailbreak available for iOS 10, what are your options? If you have the latest Elcomsoft iOS Forensic Toolkit, use “plan B” instead!
|
Who and Why Spies on Android Users, And What They Do With the Data |
| January 25th, 2017 by Oleg Afonin |
If you’ve been following the news, you may already know about the many cases where companies, big and small, were caught spying on their users. It might appear that just about everyone making a phone or an app is after your personal information. In this article we’ll try to figure out who collects your personal data, why they do it and what they do with the data they collect.
They Are Watching You
Android is a Google OS. Google has access to every part of the device down to the last sensor. “To better serve its customers”, Google collects, transmits, stores and processes overwhelming amounts of data including personal and sensitive information. In particular, Google stores your browsing history (Chrome) and Google search requests (Chrome or any other browser if you are signed in to your Google Account); it syncs your logins and passwords, has access to your Gmail messages, contacts, call logs and text messages. Google Drive is available to store your files and backups, while Google Photos is there to take care of your photos. Google logs and transmits information about nearby cellular towers, Wi-Fi and Bluetooth networks, which helps the company track your location even if high-accuracy and battery-hogging GPS receiver is turned off.
|
Inside ElcomSoft Lab. Part 1 |
| January 20th, 2017 by Oleg Afonin |
Staying on the bleeding edge of today’s technologies requires constant work. ElcomSoft lab is one of the busiest places in the company. Last year, we had dozens of devices passing through our lab. This publication opens the series of articles in which we’ll share insider’s information on what we do, what we are about to do, and how we do that. So let’s shed some light on what’s going on inside ElcomSoft lab.
Android
|
Fingerprint Readers in pre-Android 6 Smartphones: A Call for Disaster |
| January 19th, 2017 by Oleg Afonin |
Back in 2013, Apple has added a fingerprint reader to its then new iPhone 5s. Around that time, OEMs manufacturing Android devices have also started equipping their devices with fingerprint sensors. It turned out that Apple and Android OEMs came to severely different results. In this article, we’ll have a look at fingerprint reader implementations in pre-Marshmallow Android devices and see why they were a terrible idea. Read the rest of this entry »
