Apple iCloud is a popular service providing Apple users the much needed backup storage space. Using the iCloud is so simple and unobtrusive that more than 190 million customers (as of November, 2012) are using the service on regular basis.
Little do they know. The service opens governments a back door for spying on iOS users without them even knowing. ElcomSoft researchers discovered that information stored in the iCloud can be retrieved by anyone without having access to a physical device, provided that the original Apple ID and password are known. The company even built the technology for accessing this information in one of its mobile forensic products, Elcomsoft Phone Password Breaker, allowing investigators accessing backup copies of the phone’s content via iCloud services.
There are reports in some of the largest newspapers here in Norway of teenagers (or young male adults) hacking Apple accounts of teenage girls through the “lost password” function by correctly answering the reset questions such as the victims’ names and birthdates. I’ve found at least one who is using Elcomsoft Phone Password Breaker to illegally download and extract images & videos of teenage girls like this, and then offering them for sale online.
Due to laws and regulations, it is hard for the police to investigate these cases (logs that connect people to IP addresses are only stored for 21 days at ISPs here).
Relevant news stories (in Norwegian, use google translate):
Perhaps I could get a statement from you/Elcomsoft on this, and that you/I will offer our assistance to the Norwegian police if needed?
This news is disturbing. We’re always concerned when our products end up in the wrong hands. Elcomsoft works in IT security for more than 15 years already and it has always been our aim to explain users hidden rocks, and we are always assist law enforcement in their workflow both with our tools and our advice.
However, the bad guys can also take advantage of available tools – including tools made by our company. We have to admit that that once you let the genie out of the bottle there’s no way back.
We are concerned and very disappointed with what has happened in this very case. If only we could, we’d be happy to help users safeguard their iCloud accounts against this type of attack. Unfortunately, Apple has an inherent problem at the level of data authentication, so there’s actually very little that can be done except not using the iCloud at all or faking registration details with Apple.
iCloud stores huge amounts of information. Access to this information is provided to either iOS devices linked to the account, or to anyone who uses a Web browser and supplies the correct Apple ID and password. Of course there is also transport layer security (via the use of HTTPS communication protocol), and only three attempts to enter a password are allowed before the account is locked. But this is nothing more than anyone does. Here at ElcomSoft, we strongly believe that outsourcing the storage of personal information to a cloud bears significant risks. It is essential for the consumer to understand exactly the risks involved. Many corporations with concise security policies already ban cloud storages such as Apple iCloud from their networks (e.g. IBM).
As for Elcomsoft Phone Password Breaker, the tool is most definitely not intended to commit crime. The use of the tool requires the correct user credentials (Apple ID and password) and/or the device itself in order to get access to the data. Unfortunately, it is difficult to stop intruders from exploiting all the tools available to forensic and law enforcement customers to extract as much data as they can.
In this particular case, what seems to be happening is teenage hackers are using their classmates’ names, dates of birth and answers to “secret” questions to “recover” (or, actually, reset) their iCloud passwords. This type of attack is called “social engineering”, and it does not take much for teenagers to guess (or know) the answer to teenage girls’ “security” questions.
Due to what’s been done, the usual advice of “choosing a long, complex password” and “not sharing it with strangers” will not work, as the vulnerability targeted here lies in the way Apple authenticates account holders.
Our recommendations here could be as follows. iPhone and iPad users should be doing the following from the very beginning:
Avoid using iCloud services to back up information from the phone. As ElcomSoft demonstrated multiple times, information stored in the iCloud is NOT secure, and is prone to eavesdropping and spying upon without the user even knowing.
Choose secure verification questions *and* provide unexpected or illogical answers. This will make it difficult for anyone to “recover” your password by guessing the right answer.
Choose a secure device password, a long and complex one, which is NOT a 4 digit passcode which can be cracked within half an hour, the longer password the better – train your memory if you want to keep your privacy! Brute forcing the device password is very slow which makes a real problem for the intruder, if it’s long.
Choose a secure Apple ID password, long and complex. Never key in your Apple ID on laptops and computers you don’t trust and even if you do so, make sure the computer is totally under your control which practically means never leaving it unprotected or unattended.
Choose login names that aren’t obvious, which is not your name and surname in all their variations. This will make it harder to guess.
Never use the same password as one protecting your email account!
Link your Apple ID account only to an e-mail account also protected with a secure password and control questions with unexpected answers.
Never re-use passwords, this is extremely dangerous thing today, when new databases with passwords are made public after every new hack.
Do not jailbreak your iPhone unless you clearly understand all consequences. Why should you willingly unsecure it?
Finally, do not use iCloud.
We regularly hear most people care about security only when it touches their financial side of life. However, today in the age of information technologies losing one’s identity may lead to a number of sequential mischiefs, as a lot of information is interconnected and its threads are running to numerous endpoints that are not always securely protected. Unfortunately, security and convenience don’t walk together, so you have to balance between security and convenience.
We have just updated Advanced Office Password Recovery and Distributed Password Recovery with NVIDIA Tesla K20 support, enabling world’s fastest password recovery with NVIDIA’s latest supercomputing platform. Elcomsoft Advanced Office Password Recovery removes document restrictions and recovers passwords protecting Microsoft Office documents, while Elcomsoft Distributed Password Recovery can quickly break a wide range of passwords on multiple workstations with near zero scalability overhead.
GPU-accelerated password recovery dramatically reduces the time required to break long and complex passwords, offering more than 20-fold performance gain over CPU-only operations (compared to a quad-core Intel i7 CPU). NVIDIA’s latest Tesla K20 platform further increases the performance, delivering a nearly 1.5x performance increase compared to the use of a dual-core NVIDIA GeForce GTX 690 board.
A workstation equipped with an NVIDIA Tesla K20 unit can crunch as many as 27500 Office 2007 passwords per second, or 13500 passwords per second in the case of Microsoft Office 2010. In comparison, the next-best solution, a dual-core GeForce GTX 690 board, can try some 19000 Office 2007 or 9000 Office 2010 passwords per second.
The updated Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery now fully support the latest NVIDIA supercomputing hardware, enabling users to gain unrestricted access to many types of documents in far less time.
BitLocker, PGP and TrueCrypt set industry standard in the area of whole-disk and partition encryption. All three tools provide strong, reliable protection, and offer a perfect implementation of strong crypto.
Normally, information stored in any of these containers is impossible to retrieve without knowing the original plain-text password protecting the encrypted volume. The very nature of these crypto containers suggests that their target audience is likely to select long, complex passwords that won’t be easy to guess or brute-force. And this is exactly the weakness we’ve targeted in our new product: Elcomsoft Forensic Disk Decryptor.
The Weakness of Crypto Containers
The main and only weakness of crypto containers is human factor. Weak passwords aside, encrypted volumes must be mounted for the user to have on-the-fly access to encrypted data. No one likes typing their long, complex passwords every time they need to read or write a file. As a result, keys used to encrypt and decrypt data that’s being written or read from protected volumes are kept readily accessible in the computer’s operating memory. Obviously, what’s kept readily accessible can be retrieved near instantly by a third-party tool. Such as Elcomsoft Forensic Disk Decryptor.
Retrieving Decryption Keys
In order to access the content of encrypted containers, we must retrieve the appropriate decryption keys. Elcomsoft Forensic Disk Decryptor can obtain these keys from memory dumps captured with one of the many forensic tools or acquired during a FireWire attack. If the computer is off, Elcomsoft Forensic Disk Decryptor can retrieve decryption keys from a hibernation file. It’s important that encrypted volumes are mounted at the time a memory dump is obtained or the PC goes to sleep; otherwise, the decryption keys are destroyed and the content of encrypted volumes cannot be decrypted without knowing the original plain-text password.
“The new product includes algorithms allowing us to analyze dumps of computers’ volatile memory, locating areas that contain the decryption keys. Sometimes the keys are discovered by analyzing byte sequences, and sometimes by examining crypto containers’ internal structures. When searching for PGP keys, the user can significantly speed up the process if the exact encryption algorithm is known.”
It is essential to note that Elcomsoft Forensic Disk Decryptor extracts all the keys from a memory dump at once, so if there is more than one crypto container in the system, there is no need to re-process the memory dump.
The FireWire attack method is based on a known security issue that impacts FireWire / i.LINK / IEEE 1394 links. One can take direct control of a PC or laptop operating memory (RAM) by connecting through a FireWire. After that, grabbing a full memory dump takes only a few minutes. What made it possible is a feature of the original FireWide/IEEE 1394 specification allowing unrestricted access to PC’s physical memory for external FireWire devices. Direct Memory Access (DMA) is used to provide that access. As this is DMA, the exploit is going to work regardless of whether the target PC is locked or even logged on. There’s no way to protect a PC against this threat except explicitly disabling FireWire drivers. The vulnerability exists for as long as the system is running. There are many free tools available to carry on this attack, so Elcomsoft Forensic Disk Decryptor does not include a module to perform one.
If the computer is turned off, there are still chances that the decryption keys can be retrieved from the computer’s hibernation file. Elcomsoft Forensic Disk Decryptor comes with a module analyzing hibernation files and retrieving decryption keys to protected volumes.
Complete Decryption and On-the-Fly Access
With decryption keys handy, Elcomsoft Forensic Disk Decryptor can go ahead and unlock the protected disks. There are two different modes available. In complete decryption mode, the product will decrypt everything stored in the container, including any hidden volumes. This mode is useful for collecting the most evidence, time permitting.
In real-time access mode, Elcomsoft Forensic Disk Decryptor mounts encrypted containers as drive letters, enabling quick random access to encrypted data. In this mode files are decrypted on-the-fly at the time they are read from the disk. Real-time access comes handy when investigators are short on time (which is almost always the case).
We are also adding True Crypt and Bitlocker To Go plugins to Elcomsoft Distributed Password Recovery, enabling the product to attack plain-text passwords protecting the encrypted containers with a range of advanced attacks including dictionary, mask and permutation attacks in addition to brute-force.
The unique feature of Elcomsoft Forensic Disk Decryptor is the ability to mount encrypted disks as a drive letter, using any and all forensic tools to quickly access the data. This may not seem secure, and may not be allowed by some policies, but sometimes the speed and convenience is everything. When you don’t have the time to spend hours decrypting the entire crypto container, simply mount the disk and run your analysis tools for quick results!
Dear friends, we are happy to suggest you our special seasonal daily offers till New Year’s Eve 2013. In our festive calendar every following day you will be offered a very special New Year discount for one of our numerous products. Hurry, there is a new offer every new day! Every offer is valid during one day only!
Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a ‘scrambled’ format in registry. This allows an attacker through different entry points to get easy access to a users Windows password. I have no reason not to believe Elcomsoft in their claims, but UPEK/Autentec seriously disagrees. In the middle of this I happen to have some questions, and an opinion regarding biometric software today.
I have lost count of all the times colleagues have approached me with a big smile, challenging me to break into their work laptops now that they have enabled fingerprint authentication. Pressing Esc to get the normal logon prompt and then entering my AD username & password logged me in. Having local admin rights made things even easier to conduct pass-the-hash of their locally cached credentials, and smile turned to sadness. Hey, I have even been accused of cheating when I did that.
I purchased my first fingerprint reader back somewhere in 1999. It was complete crap. Many years later I purchased a Microsoft keyboard with integrated fingerprint reader:
I still remember a very clear warning in their documentation: the fingerprint reader should not be trusted for security. It should be considered as a toy. Oh well.
Today the integrated fingerprint readers in many laptops is the most common place we interact with biometric solutions. IF we choose to use it of course – there is no requirement to do so from the vendor. Enter Elcomsoft.
Security vs Convenience
Lots of people – including infosec professionals, doesn’t see the difference between using biometric authentication as a security feature, and as a convenience feature. Simply explained for the home user:
If you use biometric authentication to logon to your laptop, but can bypass it by pressing Esc and enter your username & password, you are using biometrics as a convenience feature.
If you have removed any and all possibilities to logon except by using/including biometrics, you are using biometrics as a security feature.
The differences here are … well… BIG, at least in theory. But wait; that was for the home user. I don’t care much about your private pictures, christmas wish list and facebook account anyway, so lets look at it from a corporate perspective:
There is no integrated support for replacing passwords with biometric authentication within Microsoft Windows.
This means that any kind of authentication addition or replacement you set up on laptops, tablets or desktop computers in a corporate enviroment with Active Directory, a password still has to be configured for a user in a domain, and that password is what authenticates the user throughout the domain. Using highly advanced visualization tools, hours and hours of hard work and a colorful palette, I made this infographic to explain what happens:
Using biometric logon, we add another step in the authentication process in a corporate environment. Please note; we added one more step, we didn’t necessarily add one more layer of security.
I blogged about upcoming password security features in Windows 8 Password Security. Please observe that using picture password and/or a PIN is an addition to having a password. They are quite simply convenience features. Having said that, I would like to give kudos to Microsoft for doing quite a bit of research into picture passwords and presenting it in such a detailed form that we can make up an opinion about the security it provides.
What did Elcomsoft discover?
Well, they claim that certain versions of the software in question stores your Windows password using weak protection locally (see step 2 in the biometric chain above). Using a simple PoC, they have successfully extracted the stored Windows password from registry by the biometric software and “decrypted” it.
Since the biometric software is local only, it needs to know your Windows password to properly give you both local and domain access. To repeat; your username and password gives you access, not your fingerprint or any other biometric ID. If your password is changed, either locally or in the domain, you will have to provide your new password to the biometric software.
Is this such a big deal? Yes.
Good practice is to store passwords using hash irreversible algorithms, preferably strong types such as PBKDF2, Bcrypt or Scrypt. The draft cheat sheet from OWASP on password storage gives more information about such algorithms, and more. Even though Microsoft doesn’t use salting or key stretching in their LM/NTLM algorithms, they are still hash algorithms. You cannot “reverse” the process to get the plaintext password, you have to
My Authentec (Thinkpad) fingerprint software, which is NOT affected by Elcomsofts findings, knows my password (or passphrase in my case), and there is an option in the software to display it on screen, as the video on top shows you.
But I can do pass-the-hash/ticket and more, why is this a big deal?
Sure you can. But you cannot do those attacks against a Outlook Web Access configuration from the Internet using SSL. You don’t know the users actual password when you do pass-the-hash attacks, so you cannot check if the user uses the same password on other services, at work or on a personal basis.
If my fingerprint – my biometric template – was the secret key to unlock the password using reversible encryption like AES, things could perhaps be considered a bit better, but it would still not be good practice to store any users password using reversible encryption. Which is exactly what is evidenced by my video above.
Now if claims by Elcomsoft are true, malware could easily exploit the weakness found to extract users Windows plaintext passwords in yet another way, adding to the already existing ways of doing so.
I haven’t twisted my mind long enough on this to figure out ways of improving this, but I am open for suggestions.
ElcomSoft has recently updated two products recovering Microsoft Office passwords with Office 2013 support. Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery received the ability to recover plain-text passwords used to encrypt documents in Microsoft Office 2013 format. Initially, we are releasing a CPU-only implementation, with support for additional hardware accelerators such as ATI and NVIDIA video cards scheduled for a later date.
In version 2013, Microsoft used an even tighter encryption compared to the already strong Office 2010. To further strengthen the protection, Microsoft replaced SHA1 algorithm used for calculating hash values with a stronger and slower SHA512. In addition, the encryption key is now 256 bits long, while the previous versions of Microsoft Office were using ‘only’ 128 bits. While the length of the encryption key has no direct effect on the speed of password recovery, the slower and stronger hash calculation algorithm does. It’s obvious that Microsoft is dedicated to making subsequent Office releases more and more secure.
No Brute Force
While we continue supporting brute force attacks, brute force becomes less and less efficient with every new release of Microsoft Office even with full-blown hardware acceleration in place. Office 2013 sets a new standard in document encryption, pretty much taking brute force out of the question. This is why we continue relying on a variety of smart attacks that include a combination of dictionary attacks, masks and advanced permutations. Brute-forcing SHA512 hashes with 256-bit encryption key is a dead end. Smart password attacks are pretty much the only way to go with Office 2013.
Most laptops today ship with a fingerprint reader. Most likely, you have a laptop with one. Until very recently, most major manufacturers such as Acer, ASUS, Dell, Gateway, Lenovo, MSI, NEC, Samsung, SONY, Toshiba, and many others were using fingerprint readers manufactured by a single company: UPEK.
ElcomSoft discovered a major flaw with UPEK Protector Suite, which was the software shipped with the majority of laptops equipped with UPEK fingerprint readers until the company was acquired by Authentec and switched to different software. Even today, when UPEK is acquired by Authentec which now uses TrueSuite® software, many (or most) existing laptop users will simply stay with the old flawed software, not feeling the need to upgrade.
Does Fingerprinting the User Lead to Tighter Security?
Laptops normally come loaded with pre-installed software. Among other things manufacturers install on your brand-new laptop is software communicating with UPEK readers: UPEK Protector Suite. The suite manages fingerprint reading hardware, offering users the convenience of substituting the typing of passwords with a single swipe of a finger. Ultimately, UPEK Protector Suite caches your passwords, offering near-instant login to Web sites and Windows itself.
Logging into Windows by swiping a finger instead of clicking and typing a (probably long and complex) password sounds tempting. And, it works. A simple swipe of your finger, and you’re in. Wonderful; but what about security?
Here’s what UPEK says on its Web site about the Windows login: “Protector Suite QL allows for secure access to Windows by swiping your finger instead of typing a password.” Notice the “secure” part? Well, we found out UPEK makes Windows login anything but secure. In fact, the UPEK’s implementation is nothing but a big, glowing security hole compromising (and effectively destroying) the entire security model of Windows accounts.
The Issue with UPEK Protector Suite
After analyzing a number of laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite, we found that your Windows account passwords are stored in Windows registry almost in plain text, barely scrambled but not encrypted. Having physical access to a laptop running UPEK Protector Suite, we could extract passwords to all user accounts with fingerprint-enabled logon. Putting things into perspective: Windows itself never stores account passwords unless you enable “automatic login”, which is discouraged by Microsoft. If you use the Windows auto-logon feature, you’ll see a message saying “Using automatic logon can pose a security risk because anyone that has access to your computer will have access to your programs and personal files.” Simply said, no corporate user will ever use this “automatic logon” feature, which is often banned by corporate security policies.
However, fingerprint logon is rarely, if ever, barred. The common perception is that biometric logon is just as, or maybe more secure than password-based one. While biometric logon could be implemented that way, UPEK apparently failed. Instead of using a proper technique, they preferred the easy route: UPEK Protector Suite simply stores the original password to Windows account, making it possible for an intruder to obtain one.
Storing Windows account passwords in plain text is bad practice. It defeats the entire purpose of enhanced security. In fact, with current implementation, we cannot speak of any security as the entire PC becomes extremely easy to exploit to anyone aware of this vulnerability. This time around, UPEK made it completely wrong, introducing a paper link to a stainless steel chain.
If Your Windows Logon Password Is Compromised
What happens if someone gets to know your Windows account password? First, they obviously gain access to all your files and documents. Of course, if they had your laptop and its hard drive at their disposal, they could to that anyway – with one exception: they would not be able to read EFS-encrypted files (those that have the “Encrypt contents to secure data” checkbox ticked in the file properties – Attributes – Advanced). EFS encryption is extremely strong and impossible to break without knowing the original Windows account password.
And here comes UPEK Protector Suite. Conveniently storing your plain-text account password, the suite gives the intruder the ability to access your used-to-be-protected EFS encrypted files. Bummer.
The Scope of the Issue
The scope of this issue is extremely broad. It is not limited to a certain laptop model or manufacturer. All laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite are susceptible. If you ever registered your fingerprints with UPEK Protector Suite for accelerated Windows logon and typed your account password there, you are at risk.
Course of Action
If you care about security of your Windows account, launch UPEK Protector Suite and disable the Windows logon feature. That should clear the stored password for your account. Note that you should clear all stored account passwords to protect all user accounts.
What We Did
ElcomSoft will not disclose full detail in the interests of public responsibility. We notified former UPEK about the issue (but sure enough they know about it). We also prepared a demo application, which displays partial login credentials of users who enabled fingerprint login. We won’t give it away to general public; only a limited number of hi-tech journalists will receive this software.
Back in 2008, ElcomSoft started using consumer-grade video cards to accelerate password recovery. The abilities of today’s GPU’s to perform massively parallel computations helped us greatly increase the speed of recovering passwords. Users of GPU-accelerated ElcomSoft password recovery tools were able to see the result 10 to 200 times (depending on system configuration) sooner than the users of competing, non-accelerated products.
With FPGA support, ElcomSoft products now support a wide range of hardware acceleration platforms including Pico FPGA’s, OpenCL compliant AMD video cards, Tableau TACC, and NVIDIA CUDA compatible hardware including conventional and enterprise-grade solutions such as Tesla and Fermi.
Hardware Acceleration of Password Recovery
Today, no serious forensic user will use a product relying solely on computer’s CPU. Clusters of GPU-accelerated workstations are employed to crack a wide range of passwords from those protecting office documents and databases to passwords protecting Wi-Fi communications as well as information stored in Apple and BlackBerry smartphones. But can consumer-grade video cards be called the definite ‘best’ solution?
GPU Acceleration: The Other Side of the Coin
Granted, high-end gaming video cards provide the best bang for the buck when it comes to buying teraflops. There’s simply no competition here. A cluster of 4 AMD or NVIDIA video cards installed in a single chassis can provide a computational equivalent of 500 or even 1000 dual-core CPU’s at a small fraction of the price, size and power consumption of similarly powerful workstation equipped only with CPU’s.
However, GPU’s used in video cards, including enterprise-grade solutions such as NVIDIA Tesla, are not optimized for the very specific purpose of recovering passwords. They still do orders of magnitude better than CPU’s, but if one’s looking for a solution that prioritizes absolute performance over price/performance, there are alternatives.
How Would You Like Your Eggs?
A single top of the line video card such as AMD Radeon 7970 consumes about 300 W at top load. It generates so much heat you can literally fry an egg on it! A cluster of four gaming video cards installed into a single PC will suck power and generate so much heat that cooling becomes a serious issue.
Accelerating Password Recovery with FPGAs
High-performance password cracking can be achieved with other devices. Field Programmable Gate Arrays (FPGAs) will fit the bill just perfectly. A single 4U chassis with a cluster of FPGA’s installed can offer a computational equivalent of over 2,000 dual-core processors.
The power consumption of FPGA-based units is dramatically less than that of consumer video cards. For example, units such as Pico E-101 draw measly 2.5 W. FPGA-based solutions don’t even approach the level of power consumption and heat generation of gaming video cards, running much cooler and comprising a much more stable system.
GPU vs. FPGA Acceleration: The Battle
Both GPU and FPGA acceleration approaches have their pros and contras. The GPU approach offers the best value, delivering optimal price/performance ratio to savvy consumers and occasional users. Heavy users will have to deal with increased power consumption and heat generation of GPU clusters.
FPGA’s definitely cost more per teraflop of performance. However, they are better optimized for applications such as password recovery (as opposed to 3D and video calculations), delivering significantly better performance – in absolute terms – compared to GPU-accelerated systems. FPGA-based systems generate much less heat than GPU clusters, and consume significantly less power. In addition, an FPGA-based system fits perfectly into a single 4U chassis, allowing forensic users building racks stuffed with FPGA-based systems. This is the very reason why many government, intelligence, military and law enforcement agencies are choosing FPGA-based systems.