Archive for the ‘Security’ Category

New Features in EPPB

Thursday, April 5th, 2012

When it comes to adding new features to our products we try to focus on our customers’ needs and it is my pleasure today to announce a preview (or beta) version of our Phone Password Breaker tool with new features requested (or inspired) by our valued customers users :)

Here’s the wrap-up of new features.

(more…)

Mobile password keepers don’t keep the word

Friday, March 16th, 2012

We’ve analyzed 17 popular password management apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single password keeper app provides a claimed level of protection. None of the password keepers except one are utilizing iOS or BlackBerry existing security model, relying on their own implementation of data encryption. ElcomSoft research shows that those implementations fail to provide an adequate level of protection, allowing an attacker to recover encrypted information in less than a day if user-selectable Master Password is 10 to 14 digits long.

The Research

Both platforms being analyzed, BlackBerry and Apple iOS, feature comprehensive data security mechanisms built-in. Exact level of security varies depending on which version of Apple iOS is used or how BlackBerry users treat memory card encryption. However, in general, the level of protection provided by each respective platform is adequate if users follow general precautions.

The same cannot be said about most password management apps ElcomSoft analyzed. Only one password management app for the iOS platform, DataVault Password Manager, stores passwords in secure iOS-encrypted keychain. This level of protection is good enough by itself; however, that app provides little extra protection above iOS default levels. Skipping the complex math (which is available in the original whitepaper), information stored in 10 out of 17 password keepers can be recovered in a day – guaranteed if user-selectable master password is 10 to 14 digits long, depending on application. What about the other seven keepers? Passwords stored in them can be recovered instantly because passwords are either stored unencrypted, are encrypted with a fixed password, or are simply misusing cryptography.

Interestingly, BlackBerry Password Keeper and Wallet 1.0 and 1.2 offer very little protection on top of BlackBerry device password. Once the device password is known, master password(s) for Wallet and/or Password Keeper can be recovered with relative ease.

In the research we used both Elcomsoft Phone Password Breaker and Elcomsoft iOS Forensic Toolkit.

Recommendations

Many password management apps offered on the market do not provide adequate level of security. ElcomSoft strongly encourages users not to rely on their advertised security, but rather use iOS or BlackBerry built-in security features.

In order to keep their data safe, Apple users should set up a passcode and a really complex backup password. The unlocked device should not be plugged to non-trusted computers to prevent creation of pairing. Unencrypted backups should not be created.

BlackBerry users should set up a device password and make sure media card encryption is off or set to “Encrypt using Device Key” or “Encrypt using Device Key and Device Password” in order to prevent attackers from recovering device password based on what’s stored on the media card. Unencrypted device backups should not be created.

The full whitepaper is available at http://www.elcomsoft.com/WP/BH-EU-2012-WP.pdf

ElcomSoft Discovers Most of Its Customers Want Stricter Security Policies but Won’t Bother Changing Default Passwords

Wednesday, February 22nd, 2012

We runned yet another Password Usage Bahaviour survey on our Web site and gthered statistically significant data, reflected in the following charts. And the main conclusion was that most people working with sensitive information want stricter security policies but rarely bother changing default passwords.

Less than 50% of all respondents come from Computer Law, Educational, Financial, Forensics, Government, Military and Scientific organizations. The larger half of respondents comes from ‘Other’ type of organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

The quiz revealed a serious issue with how most respondents handle default passwords (passwords that are automatically generated or assigned to their accounts by system administrators). Only 28% of respondents would always change the default password, while more than 50% would usually keep the assigned one. In ElcomSoft’s view, this information should really raise an alert with IT security staff and call for a password security audit. ElcomSoft offers a relevant tool, Proactive Password Auditor, allowing organizations performing an audit of their network account passwords.

Unsurprisingly for a sample with given background, most respondents weren’t happy about their organizations’ security policies, being in either full or partial disagreement with their employer’s current policy (61%). 76% of all respondents indicated they wanted a stricter security policy, while 24% would want a looser one. The surprising part is discovered in the next chart: of those who are fully content with their employers’ security policies, only 11% would leave it as it is, 20% would vote for a looser policy, and 69% would rather have a stricter security policy.

The complete results and charts are available at http://www.elcomsoft.com/PR/quiz-charts.pdf

Newer iOS Forensic Toolkit Acquires iPhones in 20 Minutes, Including iOS 5

Tuesday, November 1st, 2011

iOS 5 Support

When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

What does enhanced security mean for the user? With iOS 5, they are getting a bit more security. Their keychain items such as Web site, email and certain application passwords will remain secure even if their phone falls into the hands of a forensic specialist. That, of course, will only last till the moment investigators obtain the original device passcode, which is only a matter of time if a tool such as iOS Forensic Toolkit is used to recover one.

What does this mean for the forensics? Bad news first: without knowing or recovering the original device passcode, some of the keychain items will not be decryptable. These items include Web site passwords stored in Safari browser, email passwords, and some application passwords.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Faster Operation

Besides adding support for the latest iOS 5, Elcomsoft iOS Forensic Toolkit becomes 2 to 2.5 times faster to acquire iOS devices. When it required 40 to 60 minutes before, the new version will take only 20 minutes. For example, the updated iOS Forensic Toolkit can acquire a 16-Gb iPhone 4 in about 20 minutes, or a 32-Gb version in 40 minutes.

EPPB: Now Recovering BlackBerry Device Passwords

Thursday, September 29th, 2011

Less than a month ago, we updated our Elcomsoft Phone Password Breaker tool with the ability to recover master passwords for BlackBerry Password Keeper and BlackBerry Wallet. I have blogged about that and promised the “next big thing” for BlackBerry forensics to be coming soon. The day arrived.

(more…)

New version of EPPB: Recovering Master Passwords for BlackBerry Password Keeper and BlackBerry Wallet

Tuesday, August 30th, 2011

Conferences are good. When attending Mobile Forensics Conference this year (and demoing our iOS Forensic Toolkit), we received a lot of requests for tools aimed at BlackBerry forensics. Sorry guys, we can’t offer the solution for physical acquisition of BlackBerries (yet), but there is something new we can offer right now.

RIM BlackBerry smartphones have been deemed the most secure smartphones on the market for a long, long time. They indeed are quite secure devices, especially when it comes to extracting information from the device you have physical access to (i.e. mobile phone forensics). It is unfortunate, however, that a great deal of that acclaimed security is achieved by “security through obscurity”, i.e. by not disclosing in-depth technical information on security mechanisms and/or their implementation. The idea is to make it more difficult for third parties to analyze. Some of us here at Elcomsoft are BlackBerry owners ourselves, and we are not quite comfortable with unsubstantiated statements about our devices’ security and blurry “technical” documentation provided by RIM. So we dig. (more…)

iOS Forensic Toolkit: Keychain Decryption, Logical Acquisition, iOS 4.3.4, and Other Goodies

Monday, July 25th, 2011
 
You might have heard about our new product – iOS Forensic Toolkit. In fact, if you are involved in mobile phone and smartphone forensics, you almost certainly have. In case our previous announcements haven’t reached you, iOS Forensic Toolkit is a set of tools designed to perform physical acquisition of iPhone/iPad/iPod Touch devices and decrypt the resulting images. This decryption capability is unique and allows one to obtain a fully usable image of the device’s file system with the contents of each and every file decrypted and available for analysis. And the fact is, with today’s update, iOS Forensic Toolkit is much more than just that.
 
(more…)

How to trace criminals on Facebook

Thursday, June 2nd, 2011

Facebook lockThere has already been much said about enhanced federal activity in social networks “including but not limited to Facebook, MySpace, Twitter, Flickr” etc. in order to gather suspects’ information and use it as evidence in investigation. However, far not everybody can understand (neither do three-letter agencies I suppose) how they can represent such info in courts and to what extent it should be trusted. (more…)

Extracting the File System from iPhone/iPad/iPod Touch Devices

Monday, May 23rd, 2011

In our previous blog post we have described how we broke the encryption in iOS devices. One important thing was left out of that article for the sake of readability, and that is how we actually acquire the image of the file system of the device. Indeed, in order to decrypt the file system, we need to extract it from the device first.

(more…)

Nikon Image Authentication System: Compromised

Thursday, April 28th, 2011
ElcomSoft Co. Ltd. researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major flaw. The flaw allows anyone producing forged pictures that will successfully pass validation with Nikon’s Image Authentication Software. The weakness lies in the manner the secure image signing key is being handled in Nikon digital cameras.
 
The existence of the weakness allowed ElcomSoft to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images signed with a fully valid authentication signature.
(more…)