June 14, 2021

ElcomSoft Launches New Software To Crack BlackBerry Device Passwords

(LiveHacking.Com) – ElcomSoft have released a new version of their Phone Password Breaker (EPPB), with the ability to recover passwords protecting BlackBerry phones. Data on a BlackBerry can be protected using a password (known as the the device password) which needs to be entered every time the device it being switched on, or optionally, after a certain timeout. If the wrong password is entered more than 10 times in a row all the data on the phone is erased.

It was previously thought that cracking this device password was impossible, however now ElcomSoft say that it can be cracked in a matter of hours without any danger to the data on the phone.

However there is a caveat. To work, Media Card encryption needs to be configured and set to either “Security Password” or “Device Password” mode.

ElcomSoft estimates that about 30 per cent of all BlackBerry smartphone users opt to protect their media cards with this option, making their devices open to this attack.

To crack the password EPPB only needs the media card from the device. Using a PC with an Intel i7-970, EPPB can try 1.8 million passwords per second in wordlist mode, and about 5.9 million passwords per second in bruteforce mode.


Phone Password Breaker Cracks Open the BlackBerry Password Keeper

(LiveHacking.Com) – ElcomSoft Co. Ltd. has updated its Phone Password Breaker software and added the ability to recover the master password which locks the passwords stored in the BlackBerry Password Keeper app. The new version can also unlock the financial information kept in the BlackBerry Wallet app.

The BlackBerry Password Keeper and Wallet apps allow users to store their passwords and their financial information, like credit card numbers, in a password protected store. To unlock the Password Keeper, users must enter the master password.

Elcomsoft Phone Password Breaker can recover the master passwords for the Password Keeper and Wallet apps and so provide forensic investigators full access to stored login credentials and passwords in plain-text.

The Elcomsoft Phone Password Breaker allows forensic investigators to open a BlackBerry backup and then it uses brute-force to recover the master passwords by trying hundreds of thousands of passwords per second.

ElcomSoft Releases New Software to Recover Passwords on NIST Certified BlackBerry PlayBook Backups

(LiveHacking.Com) – Only a few days ago the BlackBerry PlayBook became the first tablet to be certified for US government use by passing the FIPS 140-2 certification from the National Institute of Standards and Technology (NIST). No other tablet, including the iPad, has gained this certification and the PlayBook is the only tablet ready for deployment within the U.S. federal government.

Since this particular FIPS (Federal Information Processing Standard) certification is about cryptography, you would think that any government data on a PlayBook would be secure… Not so… ElcomSoft has updated its Phone Password Breaker with the ability to recover passwords protecting BlackBerry PlayBook backups. This means that it can recover the original plain-text password protecting the PlayBook backups. Once the password is known the backup can be restored to and analyzed on another PlayBook device.

The result is that forensic investigators (or hackers, spies and foreign governments) can access email messages, call history, contacts, web browsing history, voicemail and email accounts stored in those backup files.

To crack the passwords on the Backups, ElcomSoft use GPU-accelerated attacks, offloading parts of the computation-intensive jobs onto highly parallel units available in today’s ATI and NVIDIA video cards. The result is that the Elcomsoft Phone Password Breaker can try tens of thousands of passwords per second.

ElcomSoft plans to add a PlayBook backup decryption module, which allows the backups to be cracked open without restoring them to another PlayBook device, to the next version of Elcomsoft Phone Password Breaker.

New Version of ElcomSoft iOS Forensic Toolkit Released: Supports iOS Keychain Decryption

(LiveHacking.Com) – ElcomSoft has released a major update of its iOS Forensic Toolkit, an all-in-one toolkit for iOS acquisition on both Windows and Mac.

ElcomSoft iOS Forensic Toolkit provides easy access to perform physical evidence acquisition to encrypted information stored in iOS base devices. This toolkit offers investigators the ability to access protected file system dumps extracted from iPhone and iPad devices even if the data has been encrypted by iOS 4.

According to the Elcomsoft blog, the decryption capability is unique and allows investigators to obtain a fully usable image of the device’s file system with the contElcomSoft iOS Forensic Toolkitents of each and every file decrypted and available for analysis.

New Features at a Glance:

  • The ability to decrypt contents of the device keychain
  • The ability to perform logical acquisition of the device
  • Logging of all operations performed within Toolkit
  • Support for iPhone 3G
  • Support for iOS 3.x on compatible devices
  • Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)

The new version of iOS Forensic Toolkit has the ability to extract and decrypt keychain data from iOS devices running iOS 3.x and 4.x. The keychain is a system-wide storage for users’ data to store sensitive information in protected mode.

Another new feature in this version is the audit trail capability. Unique log file will be created by the toolkit to keep the tracks of the activities and help the investigators for the integrity of their investigation.

More technical information is available at ElcomSoft Blog.

Facebook Account Password Extractor

ElcomSoft has announced the release of the Facebook Password Extractor, a free tool to recover Facebooks’ user credentials that are stored or cached in popular Web browsers.

The user credentials, such as user account and passwords, are routinely stored or cached in Web browsers to speed up access to protected resources. While it is possible to extract cached passwords from each of the popular Web browsers, it has never been an easy task. Mozilla Firefox, Apple Safari, Opera, Google Chrome and older versions of Microsoft Internet Explorer (v. 6 and earlier) use lighter security mechanisms that are easier to break. However, InternetExplorer 7, 8, and 9 employ an enhanced security model that makes extracting a cached password impossible without knowing the exact authorisation URL.

Facebook Password Extractor is the first free tool on the market to help users to recover lost and forgotten Facebook passwords from all popular Web browsers including enhanced-security Internet Explorer 7 to 9. This free for personal use (non-commercial) utility can instantly reveal cached login and password information to Facebook accounts. Supporting all versions of Microsoft Internet Explorer including IE9, Mozilla Firefox including Firefox 4, Apple Safari up to version 5, Opera up to version 11, and Google Chrome up to version 11, Facebook Password Extractor is the first free Facebook recovery tool to display multiple Facebook logins and passwords instantly and automatically.

Facebook Password Extractor supports the enhanced security model used in Internet Explorer 7 onwards, by including a small database containing exact Web addresses of all possible Facebook login pages.

Facebook Password Extractor can be downloaded now.

ElcomSoft Breaks iOS 4 Encryption – Offers New Forensic Service

ElcomSoft have succeeded in decrypting the iPhone’s encrypted file system under iOS 4 and are making it available exclusively to law enforcement, forensic and intelligence agencies.

This is a major feat as since the launch of the iPhone 3GS, Apple have included hardware encryption in all of its devices (including the iPhone 4 and iPad). iOS 4 enabled this hardware-based encryption to encrypt all user data stored using AES-256. This encryption was thought to be strong enough to resist even the best equipped adversaries, including forensic analysts and law enforcement agencies.

ElcomSoft have found a way to decrypt bit-to-bit images of iOS 4 devices. Decrypted images are perfectly usable, and can be analyzed with forensic tools. But decryption is only possible with the actual device available because the decryption relies on getting the keys that are stored on it.

What is interesting (and worrying) is what ElcomSoft found stored inside the iPhone. According to them “iPhone devices store or cache humungous amounts of information about how, when, and where the device has been used. The amount of sensitive information collected and stored in Apple smartphones is beyond what had previously been imaginable. Pictures, emails and text messages included deleted ones, calls placed and received are just a few things to mention. A comprehensive history of user’s locations complete with geographic coordinates and timestamps. Google maps and routes ever accessed. Web browsing history and browser cache, screen shots of applications being used, usernames, Web site passwords and the password to iPhone backups made with iTunes software, and just about everything typed on the iPhone is being cached by the device.”

Vulnerability in Nikon’s Image Authentication System

ElcomSoft Co. Ltd., a developer of computer forensics tools, has found a vulnerability in Nikon’s software suite that validates images to ensure that they have not been altered. The vulnerability is in the way the secure image signing key is handled by Nikon’s Image Authentication System. The result is that it is possible to produce manipulated images with a fully valid authentication signature.

ElcomSoft has produced a set of forged images that successfully pass validation with Nikon’s Image Authentication Software. The vulnerability exists in all current Nikon cameras supporting Nikon’s Image Authentication, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.

The authenticity of photographic evidence is paramount to everyone, from simple court cases to military operations. Recent history has shown that journalists aren’t imune from doctoring pictures to make a headline. In 2006 Adnan Hajj took a photo in Beirut just after the Israeli bombing. He altered the picture in Photoshop and sent it to Reuters, who then published it. In 2003 Brian Walski, a Los Angeles Times staff reporter, merged two photos together for “greater impact.” He was fired as a result.

Like MD5 it looks like Nikon’s Image Authentication System is a thing of the past.

New version of Elcomsoft Distributed Password Recovery

New version of Elcomsoft Distributed Password Recovery has released. The new version of Elcomsoft Distributed Password Recovery is able to create a queue for attack to multiple password-protected files.

Elcomsoft Distributed Password Recovery is a high-end solution for forensic and government agencies, data recovery and password recovery services and corporate users with multiple networked workstations connected over a LAN or the Internet.

More information is available here.

Canon Original Data Security System Compromised: ElcomSoft Discovers Vulnerability

ElcomSoft Co. Ltd. has discovered vulnerability in Canon Original Data Security, a verification system to provide image data verification features intended to authenticate image originality. The vulnerability allows extracting the original signing key from a Canon digital camera and using the key to put an authenticity signature to a photo or any digital image, which will be validated as an original and authentic.
The vulnerability discovered by ElcomSoft questions the authenticity of all Canon signed photographic evidence and published photos, and effectively proves the entire Canon Original Data Security system useless.

Canon Inc. introduced its Original Data Security system as means to securely verify credibility of image data and prove image originality. A supported Canon digital SLR signs pictures taken with the camera with a secure digital signature. Image verification data becomes embedded in every image shot with the camera, allowing to verify the authenticity and originality of an image with utmost accuracy. Unfortunately, this is not the case, according to recent findings by ElcomSoft, a leading information security company.

The Original Data Security system was intended to ensure that images, taken with a compatible Canon camera, are unaltered in any way and contain the original valid GPS data. The system was designed to prove image originality as well as time and place of the capture. The intent of the system was to protect the integrity of images shot as evidence. According to Canon official announcement, the credibility of photographic evidence is directly linked to its legitimacy when making legal decisions. The Canon data security system is being used by world leading news agencies including Associated Press as effective means to ensure that each agency’s photo manipulation policies are enforced.

Today, ElcomSoft has proven the system to be far from bullet-proof. The company was able to extract signing keys from Canon digital cameras, use the keys to sign an altered image and successfully validate fake photos with Canon Original Data Security Kit (OSK-E3). “The entire image verification system is proved useless”, says ElcomSoft CEO Vladimir Katalov. “It is hard to underestimate the significance of our discovery. The authenticity guarantee advertised by Canon data security system is truly worthless. If one company was able to produce fake images indistinguishable from originals, how do we know that others haven’t been doing this for years? ElcomSoft demonstrated that any photographic evidence authenticated by the Canon system is just as insecure as pictures not secured by the system.”

ElcomSoft has published a series of manipulated images that will successfully validate with Canon Original Data Security Kit (http://www.canon.co.jp/imaging/osk/osk-e3/index.html). The images are available at http://canon.elcomsoft.com/.