In light of recent security outbreaks, Apple introduced a number of changes to its security policies. As one of the leading security companies and a major supplier of forensic software for iOS devices, ElcomSoft is being constantly approached by IT security specialists, journalists and forensic experts. The most common question is: how will the new security measures affect iOS forensics? (more…)
Archive for the ‘General’ Category
Do you think you know everything about creating and using backups of Apple iOS devices? Probably not. Our colleague and friend Vladimir Bezmaly (MVP Consumer security, Microsoft Security Trusted Advisor) shares some thoughts, tips and tricks on iTunes and iCloud backups.
Mobile phones are everywhere. They are getting increasingly more complex and increasingly more powerful, producing, consuming and storing more information than ever. Today’s smart mobile devices are much more than just phones intended to make and receive calls. Let’s take Apple iPhone. The iPhone handles our mail, plans our appointments, connects us to other people via social networks, takes and shares pictures, and serves as a gaming console, eBook reader, barcode scanner, Web browser, flashlight, pedometer and whatnot. As a result, your typical iPhone handles tons of essential information, keeping the data somewhere in the device. But what if something happens to the iPhone? Or what if nothing happens, but you simply want a newer-and-better model? Restoring the data from a backup would be the simplest way of initializing a new device. But wait… what backup?
Users in general are reluctant to make any sort of backup. They could make a backup copy once after reading an article urging them to back up their data… but that would be it. Apple knows its users, and decided to explore the path yet unbeaten, making backups completely automatic and requiring no user intervention. Two options are available: local backups via iTunes and cloud backups via Apple iCloud.
With most waited winter holidays just around the corner, now is the best time to take care of your easy after-holidays start at work with less headache, more pleasure, and all your passwords in place.
We give you 35% discount for our product releases of 2013 starting from today and available till 16th December, 2013. This offer is valid for direct online purchases only, with help of your special coupon code NY2014-OFF35 (enter the code while placing your order) for the following products:
Elcomsoft Password Recovery Bundle includes all our software (except for Elcomsoft iOS Forensic Toolkit) and embraces all updates of the year.
Elcomsoft Distributed Password Recovery, a high-end solution for big networked workstations added hardware acceleration for a number of file formats(see www.elcomsoft.com/edpr.html) on AMD Radeon HD cards (including 7000 series) and support for Tesla K20.
Elcomsoft iOS Forensic Toolkit, an all-in-one solution for bit-precise physical acquisition of iOS devices got more flexibility on cracking the passcode in ‘Guided’ mode allowing you to detect the passcode type or perform the brute-force or dictionary attack with selected options. The toolkit also supports iPhone 5S and iPad 4 (jailbroken without passcode, non-jailbroken with passcode) for complete forensic analysis of devices’ contents.
Elcomsoft Phone Password Breaker, an ideal solution for investigation of Apple and BlackBerry mobile devices added support for iOS 7 iTunes and iCloud backups, including keychain decryption and flexible iCloud downloading and quick downloading of iCloud backup data by selected categories.
Advanced Office Password Recovery, an irreplaceable utility for home and corporate usage was speeded up in password recovery for MS Office 2007/2010 and 2013 with AMD OpenCL, NVIDIA CUDA, and NVIDIA Tesla K20.
Elcomsoft Wireless Security Auditor, a unique tool to recover the original WPA/WPA2-PSK text passwords also added support for latest AMD Radeon R2xx cards, NVIDIA graphic cards, and NVIDIA Tesla K20.
All our team wishes you a lot of new successful opportunities and greatest accomplishments in 2014!
This fall has been quite rich in IT security events for ElcomSoft. We managed to visit a number of conferences and trade shows in order to, as we say in Russia, see the others and be seen
it-sa in Nuremberg welcomed us with a few warm sunny days and a lot of IT-security experts at the event. Being a regular exhibitor at the trade show we were happy to yet again satisfy visitor’s curiosity about our products and represent our recent achievements in password recovery at our booth and technical forum.
Hack In The Box in Malaysia was a new event to us, as we’ve never been there before, but the first impression was nonetheless very positive. Vladimir Katalov pointed out super interesting talks and excellent organization of the event and also expressed his strong will to come to the event once again, next time in Amsterdam. Vlad’s talk titled “Cracking and Analyzing Apple’s iCloud Protocols” had genuine interest of both security professionals and media representatives. Violet Blue from ZDNet covered our talk in her glittering article “Apple’s iCloud cracked: Lack of two-factor authentication allows remote data download”.
The e-Crime’s e-Discovery and e-Investigations Forum in London went as always very smoothly with “well over 400 senior end users from the Private Sector” as noted by the organizers “creating easily the largest gathering of senior infosec and risk executives in the UK. The conference was full to capacity.”
Ruxcon in Melbourne extended a warm welcome to us not only by wonderful weather but also by undivided attention to Vladimir Katalov’s presentation on modern smartphone forensics, as the room was totally packed, to which SC Magazine has its own evidence. Slides of the talk can be found at the conference page http://ruxcon.org.au/slides/
More events are to follow, so please have a look at our calendar of events at http://www.elcomsoft.com/events.html and come along with us!
We’ve just returned from Karlsruhe, Germany from an event named FTDay. Hosted by mh-Service, a long-time ElcomSoft partner in Germany, this was a small but quality event. The first day was packed with sessions. The second day was dedicated to practical workshops.
During the first day, we talked about the acquisition methods for iOS devices. Physical, logical or iCloud? Apparently, physical acquisition still rules: this topic is still hot, even though the latest iPhones and iPads are only conditionally acquirable. The iCloud? Great for the corporate guys, but I’ve been told in private that German police has its hands tied when it comes to acquiring data from the cloud.
Karlsruhe is a relatively small city on the south-west of Germany. City center surprisingly crowded. Lots of shopping, old ruins not so much. Beautiful palace and gardens. Bought a great “Der kleine Maulwurf puzzlebuch” for my little one. Good food with prices on a relatively high side (compared to east of Germany). Going there as a tourist? This ain’t Montreal!
This is the second part of Elcomsoft Phone Password Breaker Enhances iCloud Forensics and Speeds Up Investigations article.
Extracting the content of an iPhone is only half the job. Recovering meaningful information from raw data is yet another matter. The good news is there are plenty of powerful tools providing iOS analytics. The bad news? You’re about to spend a lot of time analyzing the files and documenting the findings. Depending on the purpose of your investigation, your budget and your level of expertise using forensic tools, you may want using one tool or the other. Let’s see what’s available.
It’s been a while since we updated Elcomsoft Phone Password Breaker, dedicating our efforts to physical acquisition of iOS devices instead. Well, now when the new iOS Forensic Toolkit is out, it is time to update our classic phone recovery tool.
The new version of Elcomsoft Phone Password Breaker is released! While you can read an official press-release to get an idea of what’s new and updated, you may as well keep reading this blog post to learn not only what is updated, but also why we did it.
Dedicated to iCloud Forensics
This new release is more or less completely dedicated to enhancing support for remote recovery of iOS devices via iCloud. Why do it this way?
Because iCloud analysis remains one of the most convenient ways to acquire iOS devices. You can read more about iCloud analysis in a previous post here. Let’s see what else is available.
I’ve just returned from REcon 2013 held in Montreal, where I talked about breaking iCloud services (everyone: the slides from that presentation are available right here, and the organizers promised a video soon). I spoke about WHY breaking the iCloud, HOW we did it and WHO can use it. I can briefly stop here, and elaborate the points.
Apparently, more than half of REcon participants are using iPhones (I asked). Some of them are even making backups. And some of those who make backups do them over the iCloud. Now that’s a good reason to want to break in, isn’t it?
So then I talked a little about how we did it. We used the classic man-in-the-middle attack, intruding into the private domain of a doomed electronic device bought in the nearest iStore on a cold Russian night… Well, except for the “night” part, it was exactly like that.
And then we discussed a little about who can use our tools. “Is it legal?” I expected that question. Always asked, even at underground hackers’ meetings. Well, it’s certainly legal in Russia, and none of our US customers complained either. I mean, we have US Secret Services, the FBI, Army and Navy and multiple police departments all over the US and Canada as our valued customers, and they never suggested we’re doing something wrong, so it must be legal. Right?
Montreal is a beautiful city. Loved it! The old town, the pier, the underground city… it’s vivid and relaxed, old and modern at the same time. It so happened they hosted a French music festival right at the doorsteps of our hotel (the 25th FrancoFolies), so I enjoyed a beautiful city during the day and relaxed to wonderful music at night. I’ll be sure to put Montreal onto a shortlist when planning my next trip!
The CEIC 2013 conference is over. We were happy to connect with our partners and customers at our booth during the show hours. We’d like to thank everyone who stopped by, and give our special thanks to those providing valuable feedback and suggestion on our products. (To those who wanted to see our tools settled under a single roof: we’re working on it!)
At our booth, we had a Treasury Chest raffle demonstrating the concept of brute force recovery. Visitors were asked to unlock a chest by trying three keys one after another. The tricky part: a bowl with a thousand keys only had a single real thing. The chance of winning now seems pretty slim, does it not? Well, we are happy to tell that both prizes were won!
The first prize, Kindle Fire HD, went to Calgary, Canada. The second Kindle Fire HD went to Alabama. Congratulations to both winners!
We received lots of valuable feedback from our customers and resellers. Rest assured we’ll be working hard to implement these suggestions!
See You Next Year at CEIC 2014!
Meet us next year in Las Vegas during CEIC 2014 show at booth #212! It’s too early to book a flight yet, but make sure to mark the dates: May 19-22, 2014!
Some time ago, I wrote a blog post on hacked Yahoo!, Dropbox and Battle.net accounts, and how this can start a chain reaction. Companies seem to begin recognizing the threat, and are starting to protect their customers with today’s cutting edge security: two-factor authentication.
A word on two-factor authentication. In Europe, banks and financial institutions have been doing this for decades. Clients needed to enter an extra piece of information from a trusted media in addition to their account credentials in order to authorize a transaction such as transferring money out of their account. For many years, bank used printed lists of numbered passcodes serving as Transaction Authentication Numbers (TAN). When attempting to transfer money out of your bank account, you would be asked to enter a passcode number X. If you did not come up with the right code, the transfer would not execute. There are alternatives to printed TAN’s such as single-use passwords sent via a text message to a trusted mobile number or interactive TANs generated with a trusted crypto token or a software app installed onto a trusted phone.
Online services such as Microsoft or Google implement two-factor authentication in a different manner, asking their customers to come up with a second piece of an ID when attempting to access their services from a new device. This is supposed to prevent anyone stealing your login and password information from gaining access to your account from devices other than your own, verified PC, phone or tablet.
The purpose of two-factor authentication is to prevent parties gaining unauthorized access to your account credentials from taking any real advantage. Passwords are way too easy to compromise. Social engineering, keyloggers, trojans, password re-use and other factors contribute to the number of accounts compromised every month. An extra step in the authorization process involving a trusted device makes hackers lives extremely tough.
At this very moment, two-step authentication is being implemented by major online service companies. Facebook, Google and Microsoft already have it. Twitter is ‘rolling out two-factor authentication too.
A recent story about a journalist’s Google, Twitter and Apple accounts compromised and abused seems to have Apple started on pushing its own implementation of two-factor authentication.
Two-Factor Authentication: The Apple Way
Apple’s way of doing things is… different. Let’s look at their implementation of two-factor authentication.