Archive for the ‘Elcom-News’ Category

« Older Entries

Peeking Inside Keychain Secrets

Thursday, August 5th, 2010

Today we have released Elcomsoft iPhone Password Breaker 1.20 which introduces two new features and fixes few minor issues.

Keychain Explorer

This feature allows to view contents of keychain included with encrypted device backup.

Mac users are probably familiar with concept of keychain — it is a centralized, system-wide storage where application can store information they consider sensitive. Typically, such information includes passwords, encryption keys and certificates, but in principle it can be anything. Data in keychain is cryptographically protected by OS and user password is required to access it. The closest Windows equivalent for keychain is probably Data Protection API.

iOS-based devices also have a keychain, but instead of user password, embedded cryptographic key is used to protect its contents. This key is unique to each device and so far there are no way to reliably extract it from the device.

Apple recommends iOS application developers to use keychain for storing passwords and other sensitive information, and one reason for this is that it never leaves device unencrypted. Here’s an excerpt from Keychain Service Programming Guide:

In iOS, an application always has access to its own keychain items and does not have access to any other application’s items. The system generates its own password for the keychain, and stores the key on the device in such a way that it is not accessible to any application. When a user backs up iPhone data, the keychain data is backed up but the secrets in the keychain remain encrypted in the backup. The keychain password is not included in the backup. Therefore, passwords and other secrets stored in the keychain on the iPhone cannot be used by someone who gains access to an iPhone backup. For this reason, it is important to use the keychain on iPhone to store passwords and other data (such as cookies) that can be used to log into secure web sites.

Prior to iOS 4 keychain was also included in the backup ‘”as is”, i.e. all data inside was encrypted using unique device key. This meant that it was not possible to restore keychain onto another device — it will try to decrypt data with key which is different from one used to encrypt data. Naturally, this will fail and all data in keychain will be lost.

To address this issue, Apple changed the way keychain backup works in iOS 4. Now, if you’re creating encrypted backup (i.e. you’ve set up a password to protect backup) then keychain data will be re-encrypted using encryption key derived from backup password and thus ca be restored on another device (provided backup password, of course). If you haven’t set backup password, then everything works like before iOS 4 — keychain encrypted on device key is included in the backup.

Elcomsoft iPhone Password Breaker now allows you to view contents of keychain from encrypted backup of devices running iOS 4. You will need to provide password, of course. Here’s screenshot of Keychain Explorer showing (some) contents of my iPhone’s keychain:

Keychain Explorer 

There are passwords for all Wi-Fi hotspots I have ever joined (and haven’t pushed “Forget this Network” button), for my email, Twitter, and WordPress accounts, as well as Safari saved passwords and even my Lufthansa frequent flyer number and password! :) And I don’t use Facebook/LinkedIn/anything else on my phone — otherwise I guess credentials for those will be also included in the keychain.

Keychain Explorer will work only against backup which is encrypted. If you happen to have an iOS 4 device and want to get password from it — set a backup password in iTunes, backup device, use Keychain Explorer to view and/or export keychain passwords, and, finally, remove backup password in iTunes.

Password Cache

This feature is far less exciting than Keychain Explorer, but we believe it should improve user experience with Elcomsoft iPhone Password Breaker.

The idea is simple: all passwords which are found by EPPB or which are used to open backup in Keychain Explorer are stored in password cache. When you later try to open backup in Keychain Explorer or recover a backup password, program first checks password cache for correct password.

Passwords in cache are stored using secure encryption.

 

Also, there is a new EPPB FAQ online. Worth reading if you’re thinking of purchasing EPPB or want to learn more about it.

There is at least one really big update for EPPB coming in September or October, so stay tuned!

Tags: , , ,
Posted in Cryptography, Elcom-News, Security, Software | No Comments »

International System Administrator Appreciation Day

Friday, July 30th, 2010

Click to enlarge

Today we congratulate all system administrators and those substituting them when these are busy with "the most important problem" of someone else's. We wish you great health and nerve in your multi-tasking job.

Thank you!!

Our P.U.B. survey goes on, we'll be very much obliged for your ticks

Posted in Elcom-News, General | No Comments »

Something new….

Thursday, July 15th, 2010

According to the preliminary results of our latest questionnaire (ElcomSoft Customer Reference program Questionnaire) the majority of people forget their passwords when returned from holidays, thus being blocked out from the precious information they have on the PC.
I bet that lots of people found themselves or those around in a similar situation at least once. Let me share my personal experience with you. One of my friends, having returned from the vacation in a tropical paradise, was pleased to see a new computer at her desk (while she was away the company renewed some of the machines) and at the same time very much discouraged and upset to find out that many of her passwords remained in her old pc and she didn't bother herself to save them anywhere else. So the access to the mail account from her new modern PC was forbidden, as well as access to several password-protected websites (from social networks to online banking).  Nothing to be happy with, isn’t it?!! But such a story no longer has a sad ending due to the release of Elcom’s new recovery tool, namely ElcomSoft Internet Password Breaker. In the above described situation EINPB revealed necessary passwords stored in the old computer, thus letting a person replace the password-protected data from one machine to another.  One more important remark in this respect is that my friend didn’t have to seek help of the “user-unfriendly sysadmin” :)

What’s special about EINPB? Let’s have a quick jog through some of its features. Our new tool instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox & identity passwords in lots of Microsoft versions. It as well supports the new security model employed by Microsoft Internet Explorer 7 and 8.

Think it can be of any interest for you, please visit our site http://www.elcomsoft.com & learn more about EINPB at http://einpb.elcomsoft.com.

Tags: ,
Posted in Elcom-News, General, Software | No Comments »

0-day

Monday, June 21st, 2010

It’s been two weeks since Steve Jobs has announced release of new iPhone 4 and iOS 4 operating system during his keynote on WWDC’2010. New iPhone will begin shipping on Thursday, 24th of June, and new iOS will become available for download today, just few hours are left.

iOS 4 comes packed with a lot of nice features (long-awaited multitasking, background location services, iBooks and much improved Mail app  just to name a few) and we are very pleased to announce today the release of the new version of Elcomsoft iPhone Password Breaker with support for iTunes 9.2 and iOS 4.

Elcomsoft iPhone Password Breaker (or EPPB for short) is a utility to recover passwords for encrypted and password-protected iPhone/iPod/iPad backups created with iTunes (please note that it’s not meant to recover or remove passcode lock on the device).

With iOS 4 Apple has completely changed the way backups are encrypted and stored. Backup and restore processes are way much faster now. Apple have also improved protection against password recovery attacks, thus making our job harder (password recovery is about 5x slower for new backups than for older ones).

We at Elcomsoft try our best to keep up with the times, so most of our tools & programs are adjusted to the latest technologically advanced features. The EPPB is not an exception, new version of EPPB fully supports both old and new backup formats. It also supports hardware acceleration using NVIDIA and ATI GPUs and Tableau TACC1441.

Tags: , ,
Posted in Elcom-News, General, Software | No Comments »

Password Usage Behavior Survey, Take 2

Tuesday, June 15th, 2010

Hello! Yet again, we have launched a survey on password usage behavior.

As our previous survey went like a breeze (you will find the report in our archives), it is a logical next step that we decide to try one more time. From the very first survey we gained curious info, which was also interesting to publicity. Naturally questions about password protection are numerous and some of them remain dark, possibly a little too much so, that is why we are tempted to undertake one more “investigation”.

This time we expanded on questions and made some of them hypothetical, where you are put into a situation to find a way out. It is interesting to trace your way of thinking on both hypothetical and actual matters, so other questions are suggested to understand your attitude to real everyday situations you have to deal with.

As usually, survey completion will be finalized by a report.

We tried not to inundate our questionnaire with baffling questions, but if you still consider it time-consuming, you are welcome to answer one absurdly simple question on home page of ElcomSoft website.

C’mon you are within an ace of getting 10% discount for all our software; just find a little will-power to put a couple of ticks. Again, thank you for taking time from your busy day and completing our questionnaire.  And feel free to channel this survey to your friends and colleagues.

Best of luck!

Tags: , ,
Posted in Elcom-News, General, Human Factor | No Comments »

Elcomsoft iPhone Password Breaker

Friday, May 7th, 2010

Last week we have released our new product, EPPB, out of beta. We have fixed some bugs, polished GPU acceleration support, added support for Tableau TACC1441 hardware accelerator, making this program the world's first program capable of utilizing computing power of GPUs both from ATI and NVIDIA as well as dedicated hardware accelerators aimed primarily on computer forensics specialists. We have also included ability to run brute-force attacks and not only wordlist-based attacks. Latter were improved with ability to enable/disable individual types of password mutations and set customized level to any of them.

The last, but not the least, we have found that EPPB can handle encrypted backups from Apple's newest tablet, iPad (thanks to Apple for using the same underlying technologies for iPhone, iPod Touch and iPad).

Apple iPad

P.S. If anyone's interested, we think that iPad is really cool gadget. It's not a substitute for a laptop, but it's great for catching on emails, surfing web, watching photos or videos or movies and for reading books. And multitouch on 10'' screen is awesome :) .

P.P.S. Yes, this blog post was originally created on iPad.

Tags: , ,
Posted in Elcom-News, Software | No Comments »

Back from Infosec

Thursday, May 6th, 2010

 

It was the third time we participated in Infosecurity Europe. The whole affair was in jeopardy due to volcanic ash paralyzing all major European airports but we did it. And everything went smoothly as planned.

We presented several latest developments at Infosecurity. First, two of our products, Elcomsoft Wireless Security Auditor and Elcomsoft iPhone Password Breaker, now support Tableau TACC1441.  These hardware accelerators are widely used in digital forensics to recover passwords and gather evidence from encrypted files. They consume considerably less power than GPUs and can be easily plugged and unplugged.

Second, the sales of Elcomsoft iPhone Password Breaker have started. The product is already quite popular and now it is finally out of beta. We expect it to gain even more popularity as it now supports Tableau as well as NVIDIA CUDA and ATI Stream acceleration technologies.

Quite often people ask us why we go to exhibitions and what benefits we see in such events. I’m not going to put any marketing or brand-awareness considerations into this post, although the visibility at major events is always a grand factor. For us as a company, the most important thing is that we can meet our customers in person at such global events as Infosecurity Europe. We get feedback from our customers by e-mail but personal feedback is a thing one could not underestimate.

 I would like to thank everyone who visited ElcomSoft’s stand at Infosecurity for your tips, ideas and feedback on our products. You could also send your suggestions to info at elcomsoft dot com. Tell us what we should improve or what features add.

And see you next year in London at the 16th Infosecurity Europe.

The pics will follow soon.

Posted in Elcom-News | No Comments »

ElcomSoft at EuroForensics 2010 in Turkey

Friday, April 2nd, 2010

Hurrying to inform you about our adventures in one of the most beautiful cities of Euro-Asian region, Istanbul. This March we were lucky to have a chance of participating in a big forensics and security focused international event in Turkey, namely EuroForensics 2010, thanks to our Turkish partners Forensic People, organizers & hosts of the event.

The city gave us a warm and sunny welcome, regarding its weather, so since the arrival we were filled with positive energy & cheerful mood. We were not only exhibiting, but delivering a presentation as well (however it had been cut in time because of the previous speaker). The exhibition/conference took part in the Military Museum of Istanbul, highly-protected military zone, so that to enter the exhibition area one should have all his belongings scanned. But it wasn’t that annoying, we respected local rules & policies (obedient guys).

Now, a few words about the conference itself. We arrived in Istanbul the day before the event in order to have time to see the city a bit and to organize our booth, want to notice that we were one of the first exhibitors to have our stand constructed in time, can’t resist praising ourselves in this respect :) .

The first day of the exhibition was busy: hundreds of visitors, most of them were really interested and were in the topic of the show, which was actually a surprising fact for us. The rest two days were not that lively, to say the least of it, only the most forensics-obsessed people sacrificed their weekend to visit the exhibition, hope, it came up to their expectations :) .

On the whole, it was worthwhile experiments for us, next year we think of having another go at it. Want to thank everybody who visited our booth & took interest in our software.

(more…)

Tags:
Posted in Elcom-News, General | 1 Comment »

iPhone/iPod Backup Password Recovery

Thursday, February 4th, 2010

ElcomSoft iPhone Password BreakerToday we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.

In case you do not know, iTunes routinely makes backups of iPhones and iPods being synced to it. Such backups contain a plethora of information, essentially all user-generated data from the device in question. Contacts, calendar entries, call history, SMS, photos, emails, application data, notes and probably much more. Not surprisingly, such information manifests significant value for investigators. To make their job easier there are tools to read information out of iTunes backups, one example of such tool being Oxygen Forensic Suite (http://www.oxygen-forensic.com/). Such tools can not deal with encrypted backups, though.

(more…)

Tags: , , , , ,
Posted in Elcom-News, Security, Software | No Comments »

The 5th China Computer Forensics Conference

Thursday, December 17th, 2009

So, they are back from CCFC  (Beijing) where Vladimir, Andrew, and Dmitry made their speeches and listened to those given by other reps.  Here is a follow-up of the conference with nice shots kindly taken by a keen “shooter” Dmitry Sklyarov ;) But first of all, we’d like to thank Sprite Guo for taking care of all preparations and perfect managing throughout the whole conference – our BIG thank you!

Remarkably, on guys’ returning there was no need to ask them about their trip, it was clearly seen on their fresh faces they are full of new ideas which is the most intrinsic value of all.

So, here is a photo-reportage…

  (more…)

Tags: , , ,
Posted in Elcom-News, General | No Comments »

« Older Entries