Well, it seems some further explanation is needed. If you are already using EPPB (and this feature in particular) you will find some useful tips for future interaction with iCloud, or even if you don’t have an iOS device (you loser! just kidding ) please go ahead and learn how iCloud can be helpful and dangerous at the same time.

There is no magic here at all. I simply purchased a new iPhone and restored it from backup saved in the iCloud. As already noted, I did not have computer handy, and never cared to connect my phone to anything but the charger and Wi-Fi (or sometimes 3G only). Backups were created automatically, over the air, thanks to iCloud. Local backups are good (at least they’re faster), but in many situations iCloud backup comes like a life-saver. There are some security risks there (we will back to this later), but still it is extremely convenient. Please believe the owner of the 8th iPhone

There is a lot of valuable information about iCloud backups on Apple website; I would recommend you to start reading from the following articles:

• Creating an iCloud account: Frequently Asked Questions
• iCloud support – Account
• iCloud support – Backup

However, all you can do with iCloud backup is just restoring your device from it. The same (well, similar) device; you can restore from iPhone to iPad (or from iPad to iPod and vice versa), but some information will not be available then. And this process only goes over the air, which means Wi-Fi. You should either get a new iPhone, or completely reset an available one. During the setup, you will be ask to enter your Apple ID and password to get the backup loaded into it. So, if you have both local (offline) and iCloud backups, you can choose between them to restore the most recent or complete one.

But what if you have Apple ID and password, but don’t have an appropriate i-device at hand or Wi-Fi connection? Well, almost nothing (it’s so typical of Apple. I really love them, but sometimes they think they know better what I really need, like my mom). You know that your information is stored in a safe place (well, the term “safe” is questionable, but that’s the other story: yes, Apple do have access to your backups, because though they are encrypted – read the iCloud: iCloud security and privacy overview – but the encryption key is stored along with the backup; the only exception is keychain encryption, see below). But you cannot reach it. You can only get to www.icloud.com and get your contacts, notes and documents, that’s all – you can get neither SMS conversations nor call logs, for example.

And what can you do using the EPPB? Simply download the whole backup. It is stored (and encrypted) the other way than the local one, but we do convert it to the same format as iTunes uses (well, in fact it creates hundreds of files with long unreadable names and encrypted contents, but keep on reading). Another option available in EPPB is to rename the files to their real names — so you will easily get your pictures, as well as SQLite databases with SMS and iMessages and whatever else you have.

By the way, did I also mention that EPPB downloads iCloud backups using any available (not just wireless) Internet connection? Well, now you know .

However, using iTunes format is preferable, because instead of wasting your time browsing through hundreds or even thousands of files, it’s much easier to use a special software that works with iTunes backups. Here are my two favorite programs: Oxygen Forensic Suite and iBackupBot.

The first one is for professionals. It gets everything from backups, even some data you never thought would be there). Not just the contacts, messages, and pictures, but also conversations in different messengers such as WhatsApp and Skype, GPS location data, deleted conversations, and much more. If you never used this excellent package before, you will be really surprised. Especially when looking at the contents of someone else’s iPhone (just kidding ). This is probably the best software of this kind on the market – it just extracts everything and shows it in a very convenient way.

iBackupBot (available for both Windows and Mac, btw) is not so advanced as Oxygen software but still extremely worthy. This small goodie only shows SMS messages (including iMessage conversations, of course), as well as contact list, call logs, notes and media (pictures and videos). A must-have tool if you need to get the most important information from backup in just seconds.

There is one more important point worth mentioning: iCloud stores not just one backup, but the latest three – and EPPB can get all three backups. Backup process, btw, is very intelligent, for they are incremental. Once a backup is created, next time this smart device backs up only the changes, saving your time and traffic. So, downloading backups with EPPB also gets faster – you should be patient only when downloading your backup the very first time; after that it only gets the latest changes.

We also get questions how to get the password to someone else’s Apple account. Sorry, but we only give such advices to law enforcement. All I can say is that in most cases a password is stored in the device (particularly, in the keychain), and once you have the local backup (which should be password-protected, and you should know the password – if you do not, EPPB can help you to crack this password, too), you can extract it easily. That may sound like a “chicken and egg” problem, and sometimes it is, but there is still one of the ways to get the password – better than nothing.

Oh, one more thing, now it’s time for some bad news, sorry. In iCloud backup keychain is encrypted the same way as in local backup without password, i.e. using the hardware key unique for the device. That means that you cannot get some data from it, such as saved passwords to mail accounts, Wi-Fi access points, web sites etc.

And the last for today. How can you protect yourself from downloading your backup by someone else (from law enforcement agencies to your curious girlfriend)? Just keep your password safe. Nothing new. It should be long, complex, unique (that’s probably the most important!), with good security questions, and it is a good idea to change it from time to time; some tips are available at  iCloud: Change your iCloud account password article on Apple web site. Moreover, Apple has very strict requirements to passwords, as described in Frequently asked questions about Apple ID article:

(Interestingly, these requirements have been strengthened only recently. I still have one very old Apple ID with simple password that contains lowercase letters only, and it works just fine; however, I cannot use iCloud services with it)

You can even use different Apple IDs for Store purchases and iCloud services. Or you can just neglect iCloud backups at all and keep only the local ones, but as previously noted, this is not so convenient. As always, you should find your best balance between convenience and security – you can never have both to the full degree.

To my mind, Apple has done everything right – iCloud security is good enough. There are no vulnerabilities or security holes there. However, if I were Apple, I would add an extra layer of security by allowing users to set an additional password to iCloud backup, so even if someone knows your Apple ID and password, they still would not be able to access your backup. And though I personally trust Apple, they will not have a chance to read your private data either.

Conclusions? Please make them yourself. We only give you the tool, and that’s your choice how to use it. May be you don’t need it at all. In an ideal world, nobody loses or breaks their iPhones or forgets passwords. And there are no bad guys trying to get access to your private data. But once you find this world, please let us know – I have my credit card ready to get one-way ticket to this magic place .

Apple iCloud is a popular service providing Apple users the much needed backup storage space. Using the iCloud is so simple and unobtrusive that more than 190 million customers (as of November, 2012) are using the service on regular basis.

Little do they know. The service opens governments a back door for spying on iOS users without them even knowing. ElcomSoft researchers discovered that information stored in the iCloud can be retrieved by anyone without having access to a physical device, provided that the original Apple ID and password are known. The company even built the technology for accessing this information in one of its mobile forensic products, Elcomsoft Phone Password Breaker, allowing investigators accessing backup copies of the phone’s content via iCloud services.

The newly discovered backdoor allows anyone having the money to buy Elcomsoft Phone Password Breaker and having a way to discover the original Apple ID and password of the user accessing information from all iOS devices belonging to a user with that particular Apple ID. The user will never know that their data has been accessed as no access to the physical device is required. At this time, information about recent iCloud activities is not reported to the owner of the device, so it will be impossible to learn about someone accessing information in the iCloud. Information from the iCloud can be transferred to any remote computer with an Internet connection.

Interestingly, unlike offline backups that feature a rather strong protection making ElcomSoft’s own recovery tools spend hours guessing the original password, data stored in the iCloud is stored unprotected. Other than the combination of a unique Apple ID and password, nothing protects the data on its way to an intruder except some encryption (which could not be easier to circumvent because the decryption key is available along with the data).

Yet Another Backdoor. So What?

There are so many ways to retrieve information from mobile devices that yet another backdoor may not seem like a big deal. However, there is something making this one different.

In order to obtain information from a phone backup, investigators need access to a PC that has those backups. Acquiring information from an iOS device requires physical access to that device. Either way, a corresponding warrant must be issued in order to seize the computer and/or the iOS device in question.

Employing Apple iCloud for spying on users of iOS devices are not restricted with such pesky obstacles. After September 11th, “warrantless wiretapping” of Internet communications, as well as many other intrusions into personal privacy have become a fact of life. US National Security Agency (NSA) gained powers to access American telephone, cable and satellite networks. Since then, pretty much all providers of digital communications are legally obligated to provide the ability to deliver their customer’s personal information to special services regardless of what’s written in their end-user service agreements and privacy policies.

One example. Recently, Skype was included as part of Windows 8. Skype made agreements with special services of many countries to provide wiretapping access to users’ communications without a legal warrant. Apple iCloud does not have a similar clause in its end-user agreement. However, based on legislations introduced after September 11th, the intelligence can gain access to information about a user based in a given country without a warrant – if such access is deemed to the interests of national security.

This leads to a very important conclusion. End-user service agreements, privacy policies and legislations are no longer the determining factor of the privacy or personal information. Instead, the leading role in determining whether or not personal information is protected is now given to intelligence and homeland security  agencies. Privacy advocates can spend hours (literally) just citing examples of how extremely broad these “interests of national security” can be, how far stretched and how excessively executed they can become.

What exactly can become a matter of national security? Well, if you follow the news, you can recall how an Apple director handed an iPhone to Dmitry Medvedev, who served as a president of Russia at the time. After just a little while, the official Kremlin reported that some “spyware” was discovered in that device. While that “spyware” could be anything, we have no doubts it was the iCloud service transferring phone’s usage information to a certain online cloud service coincidentally based in the US. Apparently, the Russian intelligence did not like the idea.

Want another example? The IBM Corporation was quick to ban the use of iCloud on their employees’ iPhones soon after ElcomSoft whitepaper on breaking iCloud was released. If IBM employees want to bring in their devices to work, they must first hand them to IBM’s IT department to remove what they believe can  invite a trouble – like Apple iCloud.

The Bad News

Another one of bad news just came at the time of this writing. There are reports in Norwegian newspapers of teenagers hacking Apple accounts by exploiting the “lost password” function. Apparently, they were hacking into accounts of their classmate teenage girls, recovering their passwords by supplying Apple their correct names and birthdates. And then they were on their way to illegally downloading and extracting their victims’ photos and videos, then offering them for sale online.

Cases like this will continue happening. There is little to no protection available for data stored in the iCloud. Even choosing a long and secure password (which would be unlikely when teenage girls are concerned) would not help much, if at all.

Not Being a Victim

As demonstrated in this article, your data is no longer protected by privacy laws, regardless of what’s said in privacy policies or end-user agreements. Apple devices collect information about their usage, and have the ability to upload that information into the cloud the very moment the device registers onto a Wi-Fi network. Moreover, iOS devices are equipped with the ability to track geolocation coordinates, saving the data into a log file.

If you do  care about the privacy of your data, make sure you are not using the iCloud.

1. The least you can do is disabling the ability to create iCloud backups in the configuration options of your iPhone/iPad. However, it is not yet known if this process can be initiated from the outside.
2. Transmitting large amounts of information wirelessly is an extremely power-intensive process that will drain your device’s battery very quickly. Having the GPS unit enabled and transmitting information wirelessly all the time will put a lot of load on your phone’s battery, making it lose charge much faster than it normally does. If your battery starts living for far less than it usually does, do check your phone for spyware.

• January 2012: Zappos hacked, 24 million accounts accessed
• June 2012: 6.5 Million encrypted LinkedIn passwords leaked online
• July 2012: 420,000 Formspring passwords compromised in security breach
• July 2012: Yahoo! Mail hacked
• August 2012: Dropbox hacked, user accounts database leaked.
• August 2012: Blizzard Battle.net hacked, user accounts leaked.
• September 2012: Private BitTorrent tracker hacked, passwords leaked by Afghani hackers
• September 2012: Over 30,000 usernames and passwords leaked from private torrent tracker RevolutionTT
• September 2012: IEEE admits password leak, says problem fixed
• November 2012: Adobe Connect Security Breach Exposes Personal Data of 150K Users
• November 2012: Security breach hits Amazon.co.uk , 628 user id and password leaked
• November 2012: Anonymous claims they hacked PayPal’s servers, leaks thousands of passwords online
• December 2012: 100 million usernames and passwords compromised in a massive hack of multiple popular Chinese Web sites
• January 2013: Yahoo! Mail hacked (again).
• February 2013: Twitter breach leaks emails, passwords of 250,000 users

 Re-Using Passwords: a Really Bad Idea

Using the same password or simple variations of the same password for securing access to different accounts has never been a good idea. However, today it’s a worse idea than ever. Major hacks and security breaches happen all the time. Occurring quickly one after another, there is little doubt the hackers are using databases of previously harvested passwords in order to try breaking into a variety of services. Would it be possible to break into Battle.net so quickly if hackers had to brute-force passwords for each and every account? Blizzard does not think so.

According to Blizzard [ http://us.blizzard.com/en-us/company/press/pressreleases.html?id=6940026 ], the hackers gained unauthorized access to email addresses, the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators, and what the company refers to as “cryptographically scrambled versions of passwords (not actual passwords)”. All this information, in Blizzard’s opinion, is not enough to gain access to Battle.net accounts.

However, in ElcomSoft’s opinion, it is much, much easier and way faster to recover the original plain-text password by attacking a large database of “cryptographically scrambled versions of passwords” on a local workstation rather than attempting to brute-force a password to a single account on a remote server.

This, however, is only part of a problem. What if an attacker uses a dictionary of known passwords (obtained from another hack of a different service, for example) to attack these “cryptographically scrambled versions of passwords”? How long will it take to break into at least one user account? In ElcomSoft’s opinion, it will only take seconds.

According to recent researches, the password reuse rate among user accounts on different services was at least 31 percent, but could be as much as 43 percent – or 49 percent if the use of similar passwords is counted. Technically, this means that hackers obtaining a user accounts database from one service could very quickly attack another service, and again, and again, creating a chain reaction. Such a reaction would be extremely difficult to stop unless the users finally start using not necessarily complex but truly unique passwords.

This is probably the reason Blizzard advises their users to change their Battle.net passwords immediately.

 Reverse Brute Force Attack

A SQL injection can return hackers password hashes for off-line processing. Brute-forcing passwords online is no longer a valid idea when online accounts are concerned. Service providers will normally lock the account after several unsuccessful login attempts if wrong password is used. This is classic brute force. The new, “reverse” type brute force attack does quite the opposite: it tries multiple account logins with the same popular password (e.g. “password1”). Account names can be guessed by the dictionary, or harvested from popular forums and other open resources. Of course, providers can also stop this type of attack by blocking numerous login attempts from the same IP address, but then there are botnets running coordinated distributed attacks from thousands different computers, all with unique IP addresses. At this time, there is no protection against this type of an attack other than not using common, popular, simple to guess passwords.

 Using Unique Passwords Is Not Enough

Compromised Yahoo! Mail accounts. Why is this important? Information stolen from Yahoo! accounts is not only dangerous because it contains highly sensitive personal data, and not just because it contains account credentials that can be reused to hack user accounts on other services. By accessing actual email messages stored in users’ Yahoo! Mail accounts, hackers can retrieve registration information from other services such as confirmation emails. Needless to say, such confirmation emails almost always contain the user’s login name, and often even include a password in plain-text form. What other fuel do we need to keep the chain reaction going?

 Stopping the Chain Reaction: The To Do List

1. Use unique passwords for different online services.
   With today’s secure remote password authentication algorithms such as Secure Remote Password Protocol, which enables strong security using weak passwords, user passwords don’t necessarily have to be extremely complex. 7-9 characters of a fairly random mix of letters and numbers is mostly good enough. However, it is essential to make sure you don’t use the same password, or variations of the same password (e.g. “hello”, “Hello”, or “Hello1”) to secure different accounts.
2. Always change default passwords when opening a new account.
   Many online services will send your complete account credentials to an email account specified during the registration. If your email would ever become compromised, this information will leak into wrong hands. Do make a habit of changing your default passwords immediately after logging in to your newly created account for the very first time.
3. Use a secure email service.
   Try not using online email services with marginal reputation and less than adequate protection. This may lead to your other accounts being hacked (by e.g. invoking a “password reset” operation). Sticking to Google Mail, MSN or even Yahoo! is still safer than using homegrown services with an unknown degree of protection.
4. Use two-step authentication if available.
   Many services are introducing two-step authentication. For example, Dropbox is about to start authorizing each login operation with not only a password, but a unique code sent to the user’s mobile phone via an SMS. This type of authentication is usually much more difficult to circumvent than password alone. If your service provider offers two-step authentication, use it!
5. Be aware if your online service provider is hacked.
   It may sound like wishful thinking, but it’s a good idea to try keeping up with the news – or at least the Leaked Passwords page. If your email provider was hacked, take measures by changing your password immediately! Reacting quickly is often more important than coming up with a long, secure password.
6. Vary login names.
   Using the same login name across various services is just as bad an idea as reusing the same password. Leaving privacy concerns aside, reusing the login makes hackers’ lives so much easier.
7. Don’t use personal information for security questions.
   It’s been said more than once that choosing obvious security questions (often used for resetting lost password) is never a good idea. Mother’s maiden name, names of your children or pets’ names are all too easy to guess. Hackers can and do target these types of questions – just as in the recent iCloud break-in. Choose non-obvious questions and imaginary answers that only you will know.
8. If you don’t trust the source, don’t trust it with your personal information.
   Does a Web site attempt to collect more information from you than your common sense tells you is reasonable? Fake it: it’s not illegal to fake your personal information when opening an email account or registering in a multi-player online game. Your personal information can be misused in so many ways it’s not even funny. This does not apply to registering for electricity services or getting a local phone line, but trusting your correct date of birth and social security number to a Web forum or chat room? Just say “no”.

There are reports in some of the largest newspapers here in Norway of teenagers (or young male adults) hacking Apple accounts of teenage girls through the “lost password” function by correctly answering the reset questions such as the victims’ names and  birthdates. I’ve found at least one who is using Elcomsoft Phone Password Breaker to illegally download and extract images & videos of teenage girls like this, and then offering them for sale online.

Due to laws and regulations, it is hard for the police to investigate these cases (logs that connect people to IP addresses are only stored for 21 days at ISPs here).

Relevant news stories (in Norwegian, use google translate):

http://www.aftenposten.no/okonomi/Stjeler-bilder-av-unge-jenter-fra-Apples-nettsky-7109783.html

http://www.aftenposten.no/okonomi/Sporet-nettkriminell-til-liten-nytte-7110318.html

Example forum where this is being discussed:

www.anonib.com/nor/res/14621.html
<…>

Perhaps I could get a statement from you/Elcomsoft on this, and that you/I will offer our assistance to the Norwegian police if needed?

This news is disturbing. We’re always concerned when our products end up in the wrong hands. Elcomsoft works in IT security for more than 15 years already and it has always been our aim to explain users hidden rocks, and we are always assist law enforcement in their workflow both with our tools and our advice.

However, the bad guys can also take advantage of available tools – including tools made by our company. We have to admit that that once you let the genie out of the bottle there’s no way back.

We are concerned and very disappointed with what has happened in this very case. If only we could, we’d be happy to help users safeguard their iCloud accounts against this type of attack. Unfortunately, Apple has an inherent problem at the level of data authentication, so there’s actually very little that can be done except not using the iCloud at all or faking registration details with Apple.

iCloud stores huge amounts of information. Access to this information is provided to either iOS devices linked to the account, or to anyone who uses a Web browser and supplies the correct Apple ID and password. Of course there is also transport layer security (via the use of HTTPS communication protocol), and only three attempts to enter a password are allowed before the account is locked. But this is nothing more than anyone does. Here at ElcomSoft, we strongly believe that outsourcing the storage of personal information to a cloud bears significant risks. It is essential for the consumer to understand exactly the risks involved. Many corporations with concise security policies already ban cloud storages such as Apple iCloud from their networks (e.g. IBM).

As for Elcomsoft Phone Password Breaker, the tool is most definitely not intended to commit crime. The use of the tool requires the correct user credentials (Apple ID and password) and/or the device itself in order to get access to the data. Unfortunately, it is difficult to stop intruders from exploiting all the tools available to forensic and law enforcement customers to extract as much data as they can.

In this particular case, what seems to be happening is teenage hackers are using their classmates’ names, dates of birth and answers to “secret” questions to “recover” (or, actually, reset) their iCloud passwords. This type of attack is called “social engineering”, and it does not take much for teenagers to guess (or know) the answer to teenage girls’ “security” questions.

Due to what’s been done, the usual advice of “choosing a long, complex password” and “not sharing it with strangers” will not work, as the vulnerability targeted here lies in the way Apple authenticates account holders.

Our recommendations here could be as follows. iPhone and iPad users should be doing the following from the very beginning:

1. Avoid using iCloud services to back up information from the phone. As ElcomSoft demonstrated multiple times, information stored in the iCloud is NOT secure, and is prone to eavesdropping and spying upon without the user even knowing.
2. Choose secure verification questions *and* provide unexpected or illogical answers. This will make it difficult for anyone to “recover” your password by guessing the right answer.
3. Choose a secure device password, a long and complex one, which is NOT a 4 digit passcode which can be cracked within half an hour, the longer password the better – train your memory if you want to keep your privacy! Brute forcing the device password is very slow which makes a real problem for the intruder, if it’s long.
4. Choose a secure Apple ID password, long and complex. Never key in your Apple ID on laptops and computers you don’t trust and even if you do so, make sure the computer is totally under your control which practically means never leaving it unprotected or unattended.
5. Choose login names that aren’t obvious, which is not your name and surname in all their variations. This will make it harder to guess.
6. Never use the same password as one protecting your email account!
7. Link your Apple ID account only to an e-mail account also protected with a secure password and control questions with unexpected answers.
8. Never re-use passwords, this is extremely dangerous thing today, when new databases with passwords are made public after every new hack.
9. Do not jailbreak your iPhone unless you clearly understand all consequences. Why should you willingly unsecure it?
10. Finally, do not use iCloud.

We regularly hear most people care about security only when it touches their financial side of life. However, today in the age of information technologies losing one’s identity may lead to a number of sequential mischiefs, as a lot of information is interconnected and its threads are running to numerous endpoints that are not always securely protected. Unfortunately, security and convenience don’t walk together, so you have to balance between security and convenience.

We have just updated Advanced Office Password Recovery and Distributed Password Recovery with NVIDIA Tesla K20 support, enabling world’s fastest password recovery with NVIDIA’s latest supercomputing platform. Elcomsoft Advanced Office Password Recovery removes document restrictions and recovers passwords protecting Microsoft Office documents, while Elcomsoft Distributed Password Recovery can quickly break a wide range of passwords on multiple workstations with near zero scalability overhead.

GPU-accelerated password recovery dramatically reduces the time required to break long and complex passwords, offering more than 20-fold performance gain over CPU-only operations (compared to a quad-core Intel i7 CPU). NVIDIA’s latest Tesla K20 platform further increases the performance, delivering a nearly 1.5x performance increase compared to the use of a dual-core NVIDIA GeForce GTX 690 board.

A workstation equipped with an NVIDIA Tesla K20 unit can crunch as many as 27500 Office 2007 passwords per second, or 13500 passwords per second in the case of Microsoft Office 2010. In comparison, the next-best solution, a dual-core GeForce GTX 690 board, can try some 19000 Office 2007 or 9000 Office 2010 passwords per second.

The updated Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery now fully support the latest NVIDIA supercomputing hardware, enabling users to gain unrestricted access to many types of documents in far less time.

Three and a half years ago (in April 2009) our company took part in InfoSecurity Europe in London. I should confess that London is one of my favourite cities; besides, I love events on security — so that I was really enjoying that trip (with my colleagues). But something happened.

Here is how it is started: From InfoSecurity, “the number One in Europe”.

In brief: we have added support for PGP to our Distributed Password Recovery product, so allowing to break passwords on PGP private keys, PGP archives and PGP disks, and while the recovery speed was very low, it is still better than nothing — many passwords can be cracked with a dictionary attack. And one of the panels of our booth had a slogan The only way to break into PGP.

[Un]fortunately, our booth or InfoSecurity was right opposite the PGP one. And one of their employees decided that our booth did not look well and might confuse their customers, so they complained to exhibition organizers, and they destroyed a part of our booth.

The next day, Jon Callas, CTO of PGP has made a post to their (PGP) blog, saying that it is pure marketing, and ElcomSoft lies. There is no PGP company anymore; they were acquired by Symantec a year ago, and so the original link does not work anymore. However, you can still find it at WebArchive:

http://web.archive.org/web/20100621004200/http://blog.pgp.com/index.php/2009/04/lies-damned-lies-and-marketing/

That made me angry. And I made another post into our blog: What does “The only way to break into PGP” mean?.

You know what? I have déjà vu. I think you’re aware of our latest release, Elcomsoft Forensic Disk Decryptor; here is our blog post about it: ElcomSoft Decrypts BitLocker, PGP and TrueCrypt Containers.

If you read our press release on EFDD, you can see that we never said anything about revolutionary research, dangerous vulnerabilities, holes in encryption or whatever. Moreover, our software is not even the first of that kind: there were a few both free and commercial tools on the market. We just made a convenient, fast and affordable solution many forensic organizations asked for.

Nevertheless, our release got some attention from Symantec (current owners of PGP), in particular Mr. Kelvin Kwan (technical support specialist?):

The Latest Urban Legend: Cracking PGP Whole Disk Encryption (again… and again…)

Here is the only significant part of his post (the rest is something weird about using the laptop in the toilet or something like that):

I was made aware of a claim made by ElcomSoft that their product could decrypt PGP containers (as well as other Full Disk Encryption competitors). After reading through their blog and discussing my thoughts with the Symantec Encryption Engineering team, we have come to the conclusion that this claim is false! There’s truly nothing to see here.

When a system is encrypted with PGP WDE, it is NOT possible to access encryption keys from the hibernation file when the system is in its hibernation state or shut down. PGP WDE encrypts the entire disk, including any hibernation partition or hibernation file.

It seems that either PGP employee does not completely understand how their own product works, or so to say forgot that there could be more than one partition in the system. His statement (about encryption of hibernation file) is true only if bootable/system partition is encrypted, which is not always the case. The obvious example is: one may have the system installed on the first disk (e.g. fast SSD), and all the data on the secondary drive (large HDD), and use PGP WDE for this second drive only. That means that hibernation file will NOT be encrypted. Voila!

Also, there are other ways to get the encryption keys — by performing memory dump. Obviously, he is aware of it, but doesn’t see what’s the point :

In an ideal situation you could potentially retrieve the keys when the system is powered on. But at this point you already have access to the system. Why would you bother retrieving the keys when you could simply copy the data then and there?

First, it is much easier and more convenient to get the keys, and then completely decrypt the drive (at any time, now or later), or just mount it — for further analysis. The source drive will remain intact. Also, you will be able to use data carving technologies, e.g. to analyse spare space. And last but not least, you will also be able to analyse the files locked by the operating system.

Finally, don’t forget about FireWire attack (of course it is not always applicable, but we never said that it is a panacea).

After all, a couple of words about PGP itself. I have been using it for 15 years or so, since version 2.6 for DOS — an excellent piece of software. Used to be. But it became much worse when released by PGP Corporation, and now (by Symantec) it is even more disappointing, especially when officials do such strong but silly statements. Usability raises a lot of questions, design is like Chinese-made shareware from mid-90′s, poor performance. And high price. So for last few years, I use (free) TrueCrypt — much faster, much more convenient, full-featured, and in fact more secure. And btw,  it is able to automatically dismount all mounted TrueCrypt volumes and erase their master keys stored in RAM before the computer hibernates: read more here.

Normally, information stored in any of these containers is impossible to retrieve without knowing the original plain-text password protecting the encrypted volume. The very nature of these crypto containers suggests that their target audience is likely to select long, complex passwords that won’t be easy to guess or brute-force. And this is exactly the weakness we’ve targeted in our new product: Elcomsoft Forensic Disk Decryptor.

The Weakness of Crypto Containers

The main and only weakness of crypto containers is human factor. Weak passwords aside, encrypted volumes must be mounted for the user to have on-the-fly access to encrypted data. No one likes typing their long, complex passwords every time they need to read or write a file. As a result, keys used to encrypt and decrypt data that’s being written or read from protected volumes are kept readily accessible in the computer’s operating memory. Obviously, what’s kept readily accessible can be retrieved near instantly by a third-party tool. Such as Elcomsoft Forensic Disk Decryptor.

Retrieving Decryption Keys

In order to access the content of encrypted containers, we must retrieve the appropriate decryption keys. Elcomsoft Forensic Disk Decryptor can obtain these keys from memory dumps captured with one of the many forensic tools or acquired during a FireWire attack. If the computer is off, Elcomsoft Forensic Disk Decryptor can retrieve decryption keys from a hibernation file. It’s important that encrypted volumes are mounted at the time a memory dump is obtained or the PC goes to sleep; otherwise, the decryption keys are destroyed and the content of encrypted volumes cannot be decrypted without knowing the original plain-text password.

“The new product includes algorithms allowing us to analyze dumps of computers’ volatile memory, locating areas that contain the decryption keys. Sometimes the keys are discovered by analyzing byte sequences, and sometimes by examining crypto containers’ internal structures. When searching for PGP keys, the user can significantly speed up the process if the exact encryption algorithm is known.”

It is essential to note that Elcomsoft Forensic Disk Decryptor extracts all the keys from a memory dump at once, so if there is more than one crypto container in the system, there is no need to re-process the memory dump.

Using forensic software for taking snapshots of computers’ memory is nothing new. The FireWire attack method existed for many years, but for some reason it’s not widely known. This method is described in detail in many sources such as http://www.securityresearch.at/publications/windows7_firewire_physical_attacks.pdf or http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation

The FireWire attack method is based on a known security issue that impacts FireWire / i.LINK / IEEE 1394 links. One can take direct control of a PC or laptop operating memory (RAM) by connecting through a FireWire. After that, grabbing a full memory dump takes only a few minutes. What made it possible is a feature of the original FireWide/IEEE 1394 specification allowing unrestricted access to PC’s physical memory for external FireWire devices. Direct Memory Access (DMA) is used to provide that access. As this is DMA, the exploit is going to work regardless of whether the target PC is locked or even logged on. There’s no way to protect a PC against this threat except explicitly disabling FireWire drivers. The vulnerability exists for as long as the system is running. There are many free tools available to carry on this attack, so Elcomsoft Forensic Disk Decryptor does not include a module to perform one.

If the computer is turned off, there are still chances that the decryption keys can be retrieved from the computer’s hibernation file. Elcomsoft Forensic Disk Decryptor comes with a module analyzing hibernation files and retrieving decryption keys to protected volumes.

Complete Decryption and On-the-Fly Access

With decryption keys handy, Elcomsoft Forensic Disk Decryptor can go ahead and unlock the protected disks. There are two different modes available. In complete decryption mode, the product will decrypt everything stored in the container, including any hidden volumes. This mode is useful for collecting the most evidence, time permitting.

In real-time access mode, Elcomsoft Forensic Disk Decryptor mounts encrypted containers as drive letters, enabling quick random access to encrypted data. In this mode files are decrypted on-the-fly at the time they are read from the disk. Real-time access comes handy when investigators are short on time (which is almost always the case).

We are also adding True Crypt and Bitlocker To Go plugins to Elcomsoft Distributed Password Recovery, enabling the product to attack plain-text passwords protecting the encrypted containers with a range of advanced attacks including dictionary, mask and permutation attacks in addition to brute-force.

Unique Features

The unique feature of Elcomsoft Forensic Disk Decryptor is the ability to mount encrypted disks as a drive letter, using any and all forensic tools to quickly access the data. This may not seem secure, and may not be allowed by some policies, but sometimes the speed and convenience is everything. When you don’t have the time to spend hours decrypting the entire crypto container, simply mount the disk and run your analysis tools for quick results!

More Information

More information about Elcomsoft Forensic Disk Decryptor is available on the official product page at http://www.elcomsoft.com/efdd.html

[That was one *awesome* passphrase! ]

Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a ‘scrambled’ format in registry. This allows an attacker through different entry points to get easy access to a users Windows password. I have no reason not to believe Elcomsoft in their claims, but UPEK/Autentec seriously disagrees. In the middle of this I happen to have some questions, and an opinion regarding biometric software today.

Background

I have lost count of all the times colleagues have approached me with a big smile, challenging me to break into their work laptops now that they have enabled fingerprint authentication. Pressing Esc to get the normal logon prompt and then entering my AD username & password logged me in. Having local admin rights made things even easier to conduct pass-the-hash of their locally cached credentials, and smile turned to sadness. Hey, I have even been accused of cheating when I did that.

I purchased my first fingerprint reader back somewhere in 1999. It was complete crap. Many years later I purchased a Microsoft keyboard with integrated fingerprint reader:

I still remember a very clear warning in their documentation: the fingerprint reader should not be trusted for security. It should be considered as a toy. Oh well.

Today the integrated fingerprint readers in many laptops is the most common place we interact with biometric solutions. IF we choose to use it of course – there is no requirement to do so from the vendor. Enter Elcomsoft.

Security vs Convenience

Lots of people – including infosec professionals, doesn’t see the difference  between using biometric authentication as a security feature, and as a convenience feature. Simply explained for the home user:

1. If you use biometric authentication to logon to your laptop, but can bypass it by pressing Esc and enter your username & password, you are using biometrics as a convenience feature.
2. If you have removed any and all possibilities to logon except by using/including biometrics, you are using biometrics as a security feature.

The differences here are … well… BIG, at least in theory. But wait; that was for the home user. I don’t care much about your private pictures, christmas wish list and facebook account anyway, so lets look at it from a corporate perspective:

There is no integrated support for replacing passwords with biometric authentication within Microsoft Windows.

This means that any kind of authentication addition or replacement you set up on laptops, tablets or desktop computers in a corporate enviroment with Active Directory, a password still has to be configured for a user in a domain, and that password is what authenticates the user throughout the domain. Using highly advanced visualization tools, hours and hours of hard work and a colorful palette, I made this infographic to explain what happens:

Using biometric logon, we add another step in the authentication process in a corporate environment. Please note; we added one more step, we didn’t necessarily add one more layer of security.

I blogged about upcoming password security features in Windows 8 Password Security. Please observe that using picture password and/or a PIN is an addition to having a password. They are quite simply convenience features. Having said that, I would like to give kudos to Microsoft for doing quite a bit of research into picture passwords and presenting it in such a detailed form that we can make up an opinion about the security it provides.

What did Elcomsoft discover?

Well, they claim that certain versions of the software in question stores your Windows password using weak protection locally (see step 2 in the biometric chain above). Using a simple PoC, they have successfully extracted the stored Windows password from registry by the biometric software and “decrypted” it.

Since the biometric software is local only, it needs to know your Windows password to properly give you both local and domain access. To repeat; your username and password gives you access, not your fingerprint or any other biometric ID. If your password is changed, either locally or in the domain, you will have to provide your new password to the biometric software.

Is this such a big deal?
Yes.

Why?

Good practice is to store passwords using hash irreversible algorithms, preferably strong types such as PBKDF2, Bcrypt or Scrypt. The draft cheat sheet from OWASP on password storage gives more information about such algorithms, and more. Even though Microsoft doesn’t use salting or key stretching in their LM/NTLM algorithms, they are still hash algorithms. You cannot “reverse” the process to get the plaintext password, you have to

My Authentec (Thinkpad) fingerprint software, which is NOT affected by Elcomsofts findings, knows my password (or passphrase in my case), and there is an option in the software to display it on screen, as the video on top shows you.

But I can do pass-the-hash/ticket and more, why is this a big deal?  

Sure you can. But you cannot do those attacks against a Outlook Web Access configuration from the Internet using SSL. You don’t know the users actual password when you do pass-the-hash attacks, so you cannot check if the user uses the same password on other services, at work or on a personal basis.

If my fingerprint – my biometric template – was the secret key to unlock the password using reversible encryption like AES, things could perhaps be considered a bit better, but it would still not be good practice to store any users password using reversible encryption. Which is exactly what is evidenced by my video above.

Now if claims by Elcomsoft are true, malware could easily exploit the weakness found to extract users Windows plaintext passwords in yet another way, adding to the already existing ways of doing so.

I haven’t twisted my mind long enough on this to figure out ways of improving this, but I am open for suggestions.

Source article: http://securitynirvana.blogspot.com/2012/09/elcomsoft-upek-more.html

ElcomSoft has recently updated two products recovering Microsoft Office passwords with Office 2013 support. Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery received the ability to recover plain-text passwords used to encrypt documents in Microsoft Office 2013 format. Initially, we are releasing a CPU-only implementation, with support for additional hardware accelerators such as ATI and NVIDIA video cards scheduled for a later date.

Stronger Protection

In version 2013, Microsoft used an even tighter encryption compared to the already strong Office 2010. To further strengthen the protection, Microsoft replaced SHA1 algorithm used for calculating hash values with a stronger and slower SHA512. In addition, the encryption key is now 256 bits long, while the previous versions of Microsoft Office were using ‘only’ 128 bits. While the length of the encryption key has no direct effect on the speed of password recovery, the slower and stronger hash calculation algorithm does. It’s obvious that Microsoft is dedicated to making subsequent Office releases more and more secure.

No Brute Force

While we continue supporting brute force attacks, brute force becomes less and less efficient with every new release of Microsoft Office even with full-blown hardware acceleration in place. Office 2013 sets a new standard in document encryption, pretty much taking brute force out of the question. This is why we continue relying on a variety of smart attacks that include a combination of dictionary attacks, masks and advanced permutations. Brute-forcing SHA512 hashes with 256-bit encryption key is a dead end. Smart password attacks are pretty much the only way to go with Office 2013.