Everyone must comply with government requests to disclose information. How far should one go when disclosing such information? This is up to the company. In a recent trend, several big IT companies including Apple, Facebook, Google and Microsoft among others teamed up to propose a change in US legislatures concerning governments spying on its citizens. The reform would make government surveillance “consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight”.
Posts Tagged ‘Elcomsoft iOS Forensic Toolkit’
It’s been a while since we updated Elcomsoft Phone Password Breaker, dedicating our efforts to physical acquisition of iOS devices instead. Well, now when the new iOS Forensic Toolkit is out, it is time to update our classic phone recovery tool.
The new version of Elcomsoft Phone Password Breaker is released! While you can read an official press-release to get an idea of what’s new and updated, you may as well keep reading this blog post to learn not only what is updated, but also why we did it.
Dedicated to iCloud Forensics
This new release is more or less completely dedicated to enhancing support for remote recovery of iOS devices via iCloud. Why do it this way?
Because iCloud analysis remains one of the most convenient ways to acquire iOS devices. You can read more about iCloud analysis in a previous post here. Let’s see what else is available.
Switching iPhones into a DFU (Device Firmware Update) mode is a hassle. Power off, press that and hold those that many seconds, release this but continue holding that until hopefully something happens on the phone. Many iPhone users have major troubles switching their iPhones into DFU mode. Luckily for them, they don’t have to do the Apple Dance too often.
Criminal investigators, police officers and workers of the intelligence are not as lucky. They have dozens of iPhones to process every day, hundreds every week. “When I get an iPhone, I only have two hours”, says a police officer who’s name we cannot disclose. “In 120 minutes, I have to acquire and process information from that phone. Honestly, I can rarely complete it in a proper way.”
Here at ElcomSoft, we’re trying to do everything to make the life of investigators easier. Performing a physical acquisition with EIFT, which is the only proper way to capture everything in the phone, only takes 20 to 40 minutes depending on the model. But here comes another pitfall. Unlike pickpockets and fraudsters with long, thin fingers, police officers have big hands and firm, strong fingers. Performing the Apple Dance is extremely frustrating and almost physically painful. “I have to try and try before I can twist my fingers to hold those damn buttons”, confesses another police officer. “These damn things are too small and slick”.
Visiting the EuroForensics conference a few days ago, I was demonstrating how easy it was to switch an iPhone into DFU mode. I did it right the first time, but on a second try I failed miserably. “I’m too old for this shtuff”, commented yet another visitor whose badge simply read “Special Agent”.
I passed my concerns to ElcomSoft R&D department, and they built a mockup of an ingenious device automating this sort of things. They called it “iOS DFU Mode Starter”. As a first mockup, it’s not yet perfect. It requires careful placement of the device, and you have to plug a USB cable by hand. Other than that, iOS DFU Mode Starter can switch the device into Debug Firmware Update mode with 100% reliability. “It’s almost infallible”, says Andrey Belenko, ElcomSoft leading researcher. “And it was incredible fun to build”.
Here’s a video demonstrating how the new device works:
I was shocked at first when I saw the robot. A LEGO? Are you guys kidding me? It turned out our R&D guys were serious as ever. Here’s what Andrey Belenko has to say about this robot.
“Constructing mockups and early prototypes with LEGO bricks is commonplace for building robots. Honestly, LEGO blocks are a godsend to all robot builders. Don’t be fooled with the look of the thing; these bricks are a serious prototyping tool.”
“LEGO bricks hold together amazingly well under low and medium load. LEGO blocks come in a wide assortment of shapes and sizes. They give a tight fit, they are reusable, and they save us a lot of time when prototyping. We’re not building an industrial piece; this robot simply handles a modern electronic device. No force is required.”
Whether or not this device goes into production, and what the price is going to be like if it does is yet to be determined.
Today, we released an updated version of iOS Forensic Toolkit. It’s not as much of an update to make big news shout, but the number of improvements here and there warrants a blog post, and is definitely worth upgrading to if you’re dealing with multiple iPhones on a daily basis.
The newly updated Elcomsoft iOS Forensic Toolkit now supports iOS 5.1 and adds a number of small and not-so-small enhancements to the already sound package. The ability to try top 100 most common passcodes gives a chance to recover a passcode in a matter of minutes. There’s one more thing new with the updated iOS Forensic Toolkit: an iPhone booted with iOS Forensic Toolkit now displays a small ElcomSoft logo instead of the default one.
Top 100 Passcodes
We’ve seen lots of iPhones. Most are locked with simple, easy to remember passcodes. We were able to compile a list of most commonly used passcodes. There are the obvious ones like 1111, 2222, 1234, 5555, vertical raw 2580, and there are many ‘convenience’ passcodes that are just easier to remember or enter on the iPhone’s screen. There’s a whole range of passcodes representing possible dates significant to iPhone owners; these passcodes range from early 1930 to 2020. The updated iOS Forensic Toolkit will now try these passcodes before launching a brute-force attack.
How good are the chances? A recent study demonstrated that as many as 15% of all passcode sets are represented by only 10 different passcodes (out of 10,000 possible combinations). That’s 1 in 7 iPhones unlocked within minutes or even seconds.
iPhones booted by iOS Forensic Toolkit will now display ElcomSoft logo when loading. Not a big deal, but a nice and pleasant for us visual effect
We also added a few other improvements and enhancements here and there, making the new version a recommended update.
It really takes willpower to control our excitement about the surprises we prepared for you these pre-holiday days. We arranged three ultra-appealing bundles and we can’t hide them any loger, so here they are:
Check out more info on our website:
Experience Elcomsoft Password Recovery Bundle which breaks all barriers, twice cheaper throughout December 2011. There is no substitute.
Don’t rush, take your time… till December 31.
SANS Information Security Reading Room has recently publicized a whitepaper about iOS security where they mentioned our software – Elcomsoft iOS Forensic Toolkit – in a section about encryption. Kiel Thomas, the author of the whitepaper, explained one more time the main principles of iOS 4 encryption, which became stronger in comparison with iOS 3.x and how our toolkit can bypass new strong algorithms.
In its next part about iTunes Backups Kiel touches upon Elcomsoft Phone Password Breaker which virtually crunches backup passwords at speed of 35000 passwords per second (with AMD Radeon HD 5970) using both brute force and dictionary attacks, here are some benchmarks.
It seems the paper does not miss out on any nuance about iOS 4 and provides practical advice to either avoid or prevent from the depressing outcomes, such as loss of data. Closer to the end of the paper you will also find several sagacious tips for using the devices within organizations, including passcode management, a so called “first line of defense” which according Kiel’s view “can be matched to existing password policies”, however he inclines to use passwords instead of 4 digit passcodes.
And in conclusion the author discovers that smartphone and tablet security measurements resemble the ones of laptops, because they all belong to mobile devices. Find out more details in the source itself: http://www.sans.org/reading_room/whitepapers/pda/security-implications-ios_33724