In light of recent security outbreaks, Apple introduced a number of changes to its security policies. As one of the leading security companies and a major supplier of forensic software for iOS devices, ElcomSoft is being constantly approached by IT security specialists, journalists and forensic experts. The most common question is: how will the new security measures affect iOS forensics? Read the rest of this entry »
|December 17th, 2014 by Vladimir Katalov|
|October 2nd, 2014 by Vladimir Katalov|
Two years ago, ElcomSoft analyzed some 17 password management applications for mobile platforms only to discover that no single app was able to deliver the claimed level of protection. The majority of the apps relied upon proprietary encryption models rather than utilizing iOS exemplary security model. As a result, most applications were either plain insecure or provided insufficient security levels, allowing a competent intruder to break into the encrypted data in a matter of hours, if not minutes. Full report (PDF) is available here.
Today, we need stronger security more than ever. Was the urge for stronger security recognized by software makers, or are they still using the same inefficient techniques? In order to find out, we decided to re-test some of the previously analyzed products. Keeper® Password Manager & Digital Vault will the first subject for dissection.
Back in 2012, we weren’t much impressed by security in any of the apps we analyzed. Two years later, Keeper developers claimed they’ve successfully implemented the suggestions we made during the last analysis. The developers claim to have used 256-bit AES encryption, PBKDF2 key generation, BCrypt, and SHA-1 among other things. Let’s see if these improvements lead to stronger security.
|June 17th, 2014 by Vladimir Katalov|
With little news on physical acquisition of the newer iPhones, we made every effort to explore the alternatives. One of the alternatives to physical acquisition is over-the-air acquisition from Apple iCloud, allowing investigators accessing cloud backups stored in the cloud. While this is old news (we learned to download data from iCloud more than two years ago), this time we have something completely different: access to iCloud backups without a password! The latest release of Phone Password Breaker is all about password-free acquisition of iCloud backups. Read the rest of this entry »
|May 8th, 2014 by Vladimir Katalov|
This time, we are updating our bread-and-butter mobile forensic tool, Elcomsoft Phone Password Breaker, to version 3.0 (beta). This new version has many things that are new or have changed. Let’s see what’s new, and why. Read the rest of this entry »
|March 31st, 2014 by Vladimir Katalov|
Do you think you know everything about creating and using backups of Apple iOS devices? Probably not. Our colleague and friend Vladimir Bezmaly (MVP Consumer security, Microsoft Security Trusted Advisor) shares some thoughts, tips and tricks on iTunes and iCloud backups.
Mobile phones are everywhere. They are getting increasingly more complex and increasingly more powerful, producing, consuming and storing more information than ever. Today’s smart mobile devices are much more than just phones intended to make and receive calls. Let’s take Apple iPhone. The iPhone handles our mail, plans our appointments, connects us to other people via social networks, takes and shares pictures, and serves as a gaming console, eBook reader, barcode scanner, Web browser, flashlight, pedometer and whatnot. As a result, your typical iPhone handles tons of essential information, keeping the data somewhere in the device. But what if something happens to the iPhone? Or what if nothing happens, but you simply want a newer-and-better model? Restoring the data from a backup would be the simplest way of initializing a new device. But wait… what backup?
Users in general are reluctant to make any sort of backup. They could make a backup copy once after reading an article urging them to back up their data… but that would be it. Apple knows its users, and decided to explore the path yet unbeaten, making backups completely automatic and requiring no user intervention. Two options are available: local backups via iTunes and cloud backups via Apple iCloud.
|December 12th, 2013 by Olga Koksharova|
With most waited winter holidays just around the corner, now is the best time to take care of your easy after-holidays start at work with less headache, more pleasure, and all your passwords in place.
We give you 35% discount for our product releases of 2013 starting from today and available till 16th December, 2013. This offer is valid for direct online purchases only, with help of your special coupon code NY2014-OFF35 (enter the code while placing your order) for the following products:
Elcomsoft Password Recovery Bundle includes all our software (except for Elcomsoft iOS Forensic Toolkit) and embraces all updates of the year.
Elcomsoft Distributed Password Recovery, a high-end solution for big networked workstations added hardware acceleration for a number of file formats(see www.elcomsoft.com/edpr.html) on AMD Radeon HD cards (including 7000 series) and support for Tesla K20.
Elcomsoft iOS Forensic Toolkit, an all-in-one solution for bit-precise physical acquisition of iOS devices got more flexibility on cracking the passcode in ‘Guided’ mode allowing you to detect the passcode type or perform the brute-force or dictionary attack with selected options. The toolkit also supports iPhone 5S and iPad 4 (jailbroken without passcode, non-jailbroken with passcode) for complete forensic analysis of devices’ contents.
Elcomsoft Phone Password Breaker, an ideal solution for investigation of Apple and BlackBerry mobile devices added support for iOS 7 iTunes and iCloud backups, including keychain decryption and flexible iCloud downloading and quick downloading of iCloud backup data by selected categories.
Advanced Office Password Recovery, an irreplaceable utility for home and corporate usage was speeded up in password recovery for MS Office 2007/2010 and 2013 with AMD OpenCL, NVIDIA CUDA, and NVIDIA Tesla K20.
Elcomsoft Wireless Security Auditor, a unique tool to recover the original WPA/WPA2-PSK text passwords also added support for latest AMD Radeon R2xx cards, NVIDIA graphic cards, and NVIDIA Tesla K20.
All our team wishes you a lot of new successful opportunities and greatest accomplishments in 2014!
|November 6th, 2013 by Olga Koksharova|
This fall has been quite rich in IT security events for ElcomSoft. We managed to visit a number of conferences and trade shows in order to, as we say in Russia, see the others and be seen
it-sa in Nuremberg welcomed us with a few warm sunny days and a lot of IT-security experts at the event. Being a regular exhibitor at the trade show we were happy to yet again satisfy visitor’s curiosity about our products and represent our recent achievements in password recovery at our booth and technical forum.
Hack In The Box in Malaysia was a new event to us, as we’ve never been there before, but the first impression was nonetheless very positive. Vladimir Katalov pointed out super interesting talks and excellent organization of the event and also expressed his strong will to come to the event once again, next time in Amsterdam. Vlad’s talk titled “Cracking and Analyzing Apple’s iCloud Protocols” had genuine interest of both security professionals and media representatives. Violet Blue from ZDNet covered our talk in her glittering article “Apple’s iCloud cracked: Lack of two-factor authentication allows remote data download”.
The e-Crime’s e-Discovery and e-Investigations Forum in London went as always very smoothly with “well over 400 senior end users from the Private Sector” as noted by the organizers “creating easily the largest gathering of senior infosec and risk executives in the UK. The conference was full to capacity.”
Ruxcon in Melbourne extended a warm welcome to us not only by wonderful weather but also by undivided attention to Vladimir Katalov’s presentation on modern smartphone forensics, as the room was totally packed, to which SC Magazine has its own evidence. Slides of the talk can be found at the conference page http://ruxcon.org.au/slides/
More events are to follow, so please have a look at our calendar of events at http://www.elcomsoft.com/events.html and come along with us!
|September 27th, 2013 by Oleg Afonin|
We’ve just returned from Karlsruhe, Germany from an event named FTDay. Hosted by mh-Service, a long-time ElcomSoft partner in Germany, this was a small but quality event. The first day was packed with sessions. The second day was dedicated to practical workshops.
During the first day, we talked about the acquisition methods for iOS devices. Physical, logical or iCloud? Apparently, physical acquisition still rules: this topic is still hot, even though the latest iPhones and iPads are only conditionally acquirable. The iCloud? Great for the corporate guys, but I’ve been told in private that German police has its hands tied when it comes to acquiring data from the cloud.
Karlsruhe is a relatively small city on the south-west of Germany. City center surprisingly crowded. Lots of shopping, old ruins not so much. Beautiful palace and gardens. Bought a great “Der kleine Maulwurf puzzlebuch” for my little one. Good food with prices on a relatively high side (compared to east of Germany). Going there as a tourist? This ain’t Montreal!
|September 3rd, 2013 by Vladimir Katalov|
This is the second part of Elcomsoft Phone Password Breaker Enhances iCloud Forensics and Speeds Up Investigations article.
Extracting the content of an iPhone is only half the job. Recovering meaningful information from raw data is yet another matter. The good news is there are plenty of powerful tools providing iOS analytics. The bad news? You’re about to spend a lot of time analyzing the files and documenting the findings. Depending on the purpose of your investigation, your budget and your level of expertise using forensic tools, you may want using one tool or the other. Let’s see what’s available.
|August 22nd, 2013 by Vladimir Katalov|
It’s been a while since we updated Elcomsoft Phone Password Breaker, dedicating our efforts to physical acquisition of iOS devices instead. Well, now when the new iOS Forensic Toolkit is out, it is time to update our classic phone recovery tool.
The new version of Elcomsoft Phone Password Breaker is released! While you can read an official press-release to get an idea of what’s new and updated, you may as well keep reading this blog post to learn not only what is updated, but also why we did it.
Dedicated to iCloud Forensics
This new release is more or less completely dedicated to enhancing support for remote recovery of iOS devices via iCloud. Why do it this way?
Because iCloud analysis remains one of the most convenient ways to acquire iOS devices. You can read more about iCloud analysis in a previous post here. Let’s see what else is available.