Archive for the ‘Security’ Category

Newer iOS Forensic Toolkit Acquires iPhones in 20 Minutes, Including iOS 5

Tuesday, November 1st, 2011

iOS 5 Support

When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

What does enhanced security mean for the user? With iOS 5, they are getting a bit more security. Their keychain items such as Web site, email and certain application passwords will remain secure even if their phone falls into the hands of a forensic specialist. That, of course, will only last till the moment investigators obtain the original device passcode, which is only a matter of time if a tool such as iOS Forensic Toolkit is used to recover one.

What does this mean for the forensics? Bad news first: without knowing or recovering the original device passcode, some of the keychain items will not be decryptable. These items include Web site passwords stored in Safari browser, email passwords, and some application passwords.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Faster Operation

Besides adding support for the latest iOS 5, Elcomsoft iOS Forensic Toolkit becomes 2 to 2.5 times faster to acquire iOS devices. When it required 40 to 60 minutes before, the new version will take only 20 minutes. For example, the updated iOS Forensic Toolkit can acquire a 16-Gb iPhone 4 in about 20 minutes, or a 32-Gb version in 40 minutes.

EPPB: Now Recovering BlackBerry Device Passwords

Thursday, September 29th, 2011

Less than a month ago, we updated our Elcomsoft Phone Password Breaker tool with the ability to recover master passwords for BlackBerry Password Keeper and BlackBerry Wallet. I have blogged about that and promised the “next big thing” for BlackBerry forensics to be coming soon. The day arrived.

(more…)

New version of EPPB: Recovering Master Passwords for BlackBerry Password Keeper and BlackBerry Wallet

Tuesday, August 30th, 2011

Conferences are good. When attending Mobile Forensics Conference this year (and demoing our iOS Forensic Toolkit), we received a lot of requests for tools aimed at BlackBerry forensics. Sorry guys, we can’t offer the solution for physical acquisition of BlackBerries (yet), but there is something new we can offer right now.

RIM BlackBerry smartphones have been deemed the most secure smartphones on the market for a long, long time. They indeed are quite secure devices, especially when it comes to extracting information from the device you have physical access to (i.e. mobile phone forensics). It is unfortunate, however, that a great deal of that acclaimed security is achieved by “security through obscurity”, i.e. by not disclosing in-depth technical information on security mechanisms and/or their implementation. The idea is to make it more difficult for third parties to analyze. Some of us here at Elcomsoft are BlackBerry owners ourselves, and we are not quite comfortable with unsubstantiated statements about our devices’ security and blurry “technical” documentation provided by RIM. So we dig. (more…)

iOS Forensic Toolkit: Keychain Decryption, Logical Acquisition, iOS 4.3.4, and Other Goodies

Monday, July 25th, 2011
 
You might have heard about our new product – iOS Forensic Toolkit. In fact, if you are involved in mobile phone and smartphone forensics, you almost certainly have. In case our previous announcements haven’t reached you, iOS Forensic Toolkit is a set of tools designed to perform physical acquisition of iPhone/iPad/iPod Touch devices and decrypt the resulting images. This decryption capability is unique and allows one to obtain a fully usable image of the device’s file system with the contents of each and every file decrypted and available for analysis. And the fact is, with today’s update, iOS Forensic Toolkit is much more than just that.
 
(more…)

How to trace criminals on Facebook

Thursday, June 2nd, 2011

Facebook lockThere has already been much said about enhanced federal activity in social networks “including but not limited to Facebook, MySpace, Twitter, Flickr” etc. in order to gather suspects’ information and use it as evidence in investigation. However, far not everybody can understand (neither do three-letter agencies I suppose) how they can represent such info in courts and to what extent it should be trusted. (more…)

Extracting the File System from iPhone/iPad/iPod Touch Devices

Monday, May 23rd, 2011

In our previous blog post we have described how we broke the encryption in iOS devices. One important thing was left out of that article for the sake of readability, and that is how we actually acquire the image of the file system of the device. Indeed, in order to decrypt the file system, we need to extract it from the device first.

(more…)

Nikon Image Authentication System: Compromised

Thursday, April 28th, 2011
ElcomSoft Co. Ltd. researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major flaw. The flaw allows anyone producing forged pictures that will successfully pass validation with Nikon’s Image Authentication Software. The weakness lies in the manner the secure image signing key is being handled in Nikon digital cameras.
 
The existence of the weakness allowed ElcomSoft to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images signed with a fully valid authentication signature.
(more…)

ElcomSoft Opens a Password Store to Sell Passwords Balancing Strength and Memorability

Friday, April 1st, 2011

Great news, ElcomSoft starts Elcomsoft Password Store, an online service to supply customers with guaranteed secure passwords. The new Password Store provides customers a variety of selections, and complies with all industrial and government requirements regarding the length and complexity of passwords being sold. As a value-added service, the company offers near-instant recovery of all passwords sold through its Password Store for a nominal fee.

The many different security policies and government regulations make standard practices of choosing passwords inadequate (passwords are too easy to break) or unfeasible (passwords are impossible to memorize, get written on yellow stickers, and get easily hijacked).  To facilitate the needs of its customers, ElcomSoft Co. Ltd. employed its extensive expertise in the areas of information security and password recovery, and offers a service to provide the perfect balance between password strength and memorability. After breaking millions of passwords, the company has inside information on what’s strong, what’s weak, and what’s adequate for every task.

Offering three strength levels and several additional options, ElcomSoft offers an economical way to create passwords perfect for the type of information they protect. Customers can choose passwords that are short and strong, long and extremely strong, or very long and guaranteed unbreakable. For a small extra fee, Password Store customers can choose passwords that are easy to pronounce or quick to memorize, without sacrificing a single bit of security. In addition, ElcomSoft offer a “gift-wrap” option that accompanies every password with a digital authenticity certificate.

As a value-added service, ElcomSoft offers exclusive password recovery service to all customers of its Password Store. For a nominal fee, forgotten passwords can be recovered in an instant. Under no circumstances will the company sell passwords to any third-parties or upload the lists to the three-letter agencies, government or law enforcement officials unless they become our clients and buy their own passwords.

More info at http://www.elcomsoft.com/password_store.html

Canon cannot or mustn’t provide image validation feature?

Tuesday, November 30th, 2010

A true security system cannot be so fragile: Canon Original Data Security broken…

Find 3 differences from original Now if your partner gets a compromising anonymous image where you are enjoying yourself with nice blond with blue eyes or charming young man, don’t panic and don’t get upset, you can easily prove it is just a fake (even if it’s not ;) ).  Seriously, how can we trust photographic evidence in the era of Photoshop and other designer tools? The genuineness of a digital image can only be proven by special digital tools…like OSK-E3?

Unfortunately or maybe fortunately, it turned out that OSK-E3 (Canon Original Data Security Kit) cannot guarantee image authenticity, because now it can recognize even fake images as true and genuine. However, the problem is not in OSK-E3, it is in Canon Original Data Security system implemented in most modern Canon DSLR (Digital Single-Lens Reflex) cameras.

Now it’s possible (well, Dmitry did it recently and who knows if somebody could do it earlier ;) ) to dump camera’s memory, extract secret keys from the camera, and calculate ODD (= Original Decision Data) which answer for any changes done to the image. And thus name the modified image as original one.

What Canon can do? It seems like Canon can nothing do with their models right now, because the fundamental problem lies not in the software. Changing the software could possibly solve the question, until someone again finds its vulnerability. But adding cryptoprocessors that won’t expose the secret key and thus will prevent from any penetrations from outside would close the loophole.

Have a look at some of our fake images that pass verification test by OSK-E3: http://www.elcomsoft.com/canon.html

So, can you now trust Canon’s OSK decision if an image is original or not?

Firefox, Safari, Opera, and Chrome Passwords Cracked

Thursday, November 11th, 2010

What is a Web browser for you? It’s virtually a whole world, all together: web sites, blogging, photo and video sharing, social networks, instant messaging, shopping… did I forget anything? Oh yes, logins and passwords. :)  Set an account here, sign in there, register here and sing up there – everywhere you need logins and passwords to confirm your identity.

Yesterday, we recovered login and password information to Internet Explorer only, but it was yesterday… Now, Mozilla Firefox, Apple Safari, Google Chrome and Opera Web browsers are at your disposal.

Let’s plunge into some figures…

(more…)