Apple iWork, an inexpensive office productivity suite for the Mac and iOS platforms, has been around since 2005 and 2011 respectively. The iWork suite consists of three apps: Numbers, Pages, and Keynotes, and gained quite some popularity among Apple followers. Yet, for all this time, no one came out with a feasible password recovery solution for the iWork document format.

The reason for the lack of a password recovery solution for the iWork format is extremely slow recovery speed. This owes to Apple’s implementation of encryption: the company used an industry-standard AES algorithm with strong, 128-bit keys. Brute-forcing a 128-bit number on today’s hardware remains impossible. The original, plain-text password has to be recovered in order to decrypt protected iWork documents.

However, recovering that plain-text password is also very slow. Apple used the PBKDF2 algorithm to derive an encryption key from plain-text passwords, with some 4000 iterations of a hash function (SHA1). While it takes only a hundredth of a second to verify a single password, an attack would be speed-limited to about 500 passwords per second on today’s top hardware. This is extremely slow considering the number of possible password combinations.

Distributed Attacks

When starting considering the addition of Apple iWork to the list of supported products, we quickly recognized the speed bottleneck. With as slow a recovery, a distributed attack on the password would be the only feasible one. Indeed, using multiple computers connected to a large cluster gives us more speed, breaking the barrier of unreasonable and promising realistic recovery timeframe. Brute-forcing is still not a good option, but ElcomSoft’s advanced dictionary attack with customizable masks and configurable permutations is very feasible if we consider one thing: the human factor.

The Human Factor

Let’s look at the product one more time. Apple iWork is sold to mobile users for $9.99. Mac customers can purchase the suite for $79. These price points clearly suggest that Apple is targeting the consumer market, not government agencies and not corporations with established security policies enforcing the use of long, complex, strong passwords.

Multiple researches confirm it’s a given fact that most people, if not enforced by a security policy, will choose simple, easy to remember passwords such as ‘abc’, ‘password1’ or their dog’s name. In addition, it’s in the human nature to reduce the number of things to remember. Humans are likely to re-use their passwords, with little or no variation, in various places: their instant messenger accounts, Web and email accounts, social networks and other places from which a password can be easily retrieved.

Considering all this, 500 passwords per second doesn’t sound that bad anymore. Which brings us to the announcement: Elcomsoft Distributed Password Recovery now supports Apple iWork, becoming an industry-first tool and the only product so far to recover passwords for Numbers, Pages and Keynotes apps. It’s the human factor and advanced dictionary attacks that help it recover a significant share of iWork passwords in reasonable time.

Read the official press-release on Elcomsoft Distributed Password Recovery recovering Apple iWork passwords.

Dear friends,

It really takes willpower to control our excitement about the surprises we prepared for you these pre-holiday days.  We arranged three ultra-appealing bundles and we can’t hide them any loger, so here they are:

1. EPPB + EBBE = take two at the price of one!
2. EPPB + EBBE + EIFT = get EBBE & EPPB for free!
3. EPRB Forensic = special NY 2012 price! (twice less!!)

 Check out more info on our website:

http://www.elcomsoft.com/happy-new-year-2012.html

Experience Elcomsoft Password Recovery Bundle which breaks all barriers, twice cheaper throughout December 2011. There is no substitute. 

Don’t rush, take your time… till December 31.

When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

What does enhanced security mean for the user? With iOS 5, they are getting a bit more security. Their keychain items such as Web site, email and certain application passwords will remain secure even if their phone falls into the hands of a forensic specialist. That, of course, will only last till the moment investigators obtain the original device passcode, which is only a matter of time if a tool such as iOS Forensic Toolkit is used to recover one.

What does this mean for the forensics? Bad news first: without knowing or recovering the original device passcode, some of the keychain items will not be decryptable. These items include Web site passwords stored in Safari browser, email passwords, and some application passwords.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Faster Operation

Besides adding support for the latest iOS 5, Elcomsoft iOS Forensic Toolkit becomes 2 to 2.5 times faster to acquire iOS devices. When it required 40 to 60 minutes before, the new version will take only 20 minutes. For example, the updated iOS Forensic Toolkit can acquire a 16-Gb iPhone 4 in about 20 minutes, or a 32-Gb version in 40 minutes.

Today we are releasing a new version of Phone Password Breaker, this time adding the ability to recover security passwords protecting BlackBerry handsets. Yes, that is the very password used to lock and unlock the device. And yes, no one has done that before (well, at least not publicly).

Before you get too excited, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode. If this condition is met, EPPB will be able to run password recovery against device security password. What is also important and rather exciting is that you don’t need the BlackBerry device itself. All that is needed is a media card that was used in that device. Actually, we only need one specific file from that media card, so yes, the recovery can be off-loaded and the password can be recovered offline.

So how does this feature work? It’s pretty straightforward: launch Elcomsoft Phone Password Breaker, click Open and specify that you want to recover a BlackBerry security password. After that, you’ll need to navigate to the info.mkf file from the encrypted media card. It is located in BlackBerry/system directory on the media card, and is marked as hidden. Once you open the file (and only if the file comes from the card encrypted using the “Security Password” or “Device Password” option) you will be able to start the recovery as usual. The good news is that recovery rate is amazingly fast by today’s standards: it tries several million passwords per second on a modern multi-core CPU equipped with AES-NI instructions. With Intel i7-970, I am getting 1.8 million passwords per second in wordlist mode, and about 5.9 million passwords per second in bruteforce mode. Compare that to iPhone passcode recovery rate of less than six passcodes per second for iPhone 4, and try to think hard about BlackBerry having better security.

Among other changes in this version is preliminary support for iOS 5 backups. As Apple readies its newest and most advanced mobile OS yet, we have updated EPPB to make it compatible with backups produced by the latest beta of iOS 5. All the usual features (password recovery, backup decryption, and Keychain explorer) are available for iOS 5 backups.

Speaking of iOS backup decryption, we added another option demanded by our customers. EPPB can now recover original file names when decrypting a backup. That means you will get a directory structure and meaningful file names, making it easier to explore and analyze backup contents.

I really hope you will enjoy the new features.

RIM BlackBerry smartphones have been deemed the most secure smartphones on the market for a long, long time. They indeed are quite secure devices, especially when it comes to extracting information from the device you have physical access to (i.e. mobile phone forensics). It is unfortunate, however, that a great deal of that acclaimed security is achieved by “security through obscurity”, i.e. by not disclosing in-depth technical information on security mechanisms and/or their implementation. The idea is to make it more difficult for third parties to analyze. Some of us here at Elcomsoft are BlackBerry owners ourselves, and we are not quite comfortable with unsubstantiated statements about our devices’ security and blurry “technical” documentation provided by RIM. So we dig.

Our first two targets are the apps providing secure storage of sensitive data: BlackBerry Password Keeper and BlackBerry Wallet. These applications are provided by RIM for free; Password Keeper is even included with each installation of BlackBerry OS. The two apps are the recommended way to store login credentials and other sensitive data such as credit card numbers. The data stored in those two apps could also be a wealth of information for investigators. According to RIM, all data is securely encrypted with AES-256. The encryption key is derived from user-specified master password, which can be different from device password. Password Keeper and Wallet master passwords can also be different.

Another notable fact is that Password Keeper and Wallet databases are included in the backup produced by BlackBerry Desktop Software. This means that, as a mobile forensics investigator, you can access those databases (containing encrypted data at this point) by either connecting suspects’ handset and running Desktop Software (if there is no password protection on the device) or by looking for stored device backups on suspects’ computer(s). And even if the backup you’ve been able to get a hold of is encrypted, our Elcomsoft Phone Password Breaker can recover the password for it .

Once you’ve got the (unencrypted) backup, Password Keeper and Wallet databases are accessible. The problem is that their data are still encrypted. And this is exactly what today’s EPPB release is about: recovering master passwords for Password Keeper and Wallet databases. Now you can load a BlackBerry device backup into EPPB and run password recovery against Password Keeper and Wallet databases. And what’s really good about this is that password recovery rate is great – hundreds of thousands and up to several millions passwords per second on modern CPU, depending on BlackBerry OS version. To the best of our knowledge, there were no tools capable of doing this until now, so we're proud to be the world’s first again, offering our customers unique functionality that’s not available in other vendors’ products.

So, you were able to discover the master password, what's next? Right now you have two options:

• Use BlackBerry Simulator, restore the backup to it, and use the recovered master password(s) to enter Password Keeper and/or Wallet. Access stored data as usual.
• Use Elcomsoft BlackBerry Backup Explorer, which can now show Password Keeper and Wallet data (as of version 9.61 being released today).

The third option to view Password Keeper and Wallet data within EPPB itself will be probably added with the next update. Speaking of updates, I'd like to tell you that this BlackBerry-related addition is really small compared to what's in the queue. If things go well, we hope to release "the next big thing" within 1-1.5 months from now. You're going to love it, I promise .

P.S. For those technically inclined out there, here’s a brief summary:

BlackBerry Password Keeper database format and protection is the same for OS 5, OS 6, and OS7. Per-item encryption key is derived by computing 3 (three) iterations of PBKDF2-SHA1 with master password and per-item salt.

Wallet database format and protection differs between OS 5 and OS 6/7.

For Wallet in OS 5, per-item encryption key is derived by computing 3 (three) iterations of PBKDF2-SHA1 with SHA-256 hash of master password and per-item salt.

For Wallet in OS 6 and OS 7, per-item encryption key is derived by computing a random number of iterations (between 50 and 100) of PBKDF2-SHA1 with SHA-512 hash of master password and per-item salt.

Encryption in all above formats is AES-256 in ECB (!) mode, SHA-1 hash of the data is appended before encrypting; data is padded as per PKCS #5.

In my opinion, should RIM have opted to be more open about their security mechanisms, someone (maybe even someone from their own team) could possibly point out that the level of protection against password recovery attacks is not sufficient for 2011.

At Black Hat Andrey made his presentation about iOS encryption and as you may guess it was not the only one talk about iOS on the conference, as the topic is quite popular now.

Later guys visited our partners’ booths and were interviewed by Ira_Victor from the CyberJungle in a not-so-easily-found quiet corner, which resulted in one article and one podcast. 

After Black Hat we moved to DefCon where the most pleasant thing was meeting a professional of social engineering and security expert Kevin Mitnick. Kevin showed real interest in our iOS Forensic Toolkit, so we gladly shared our achievements and demonstrated how it works.

We also got his new book Ghost in the Wires signed by the author. I’ve almost finished the book. It’s really exciting to learn how it all started for an insatiable phone addict like Kevin

After all meetings a business trip of the two turned into sessions of sightseeing and relaxing outdoors visiting Utah, Arizona, and other States and flying…a helicopter.

In its next part about iTunes Backups Kiel touches upon Elcomsoft Phone Password Breaker which virtually crunches backup passwords at speed of 35000 passwords per second (with AMD Radeon HD 5970) using both brute force and dictionary attacks, here are some benchmarks.

It seems the paper does not miss out on any nuance about iOS 4 and provides practical advice to either avoid or prevent from the depressing outcomes, such as loss of data. Closer to the end of the paper you will also find several sagacious tips for using the devices within organizations, including passcode management, a so called “first line of defense” which according Kiel’s view “can be matched to existing password policies”, however he inclines to use passwords instead of 4 digit passcodes.

And in conclusion the author discovers that smartphone and tablet security measurements resemble the ones of laptops, because they all belong to mobile devices.  Find out more details in the source itself: http://www.sans.org/reading_room/whitepapers/pda/security-implications-ios_33724
 

• The ability to decrypt contents of the device keychain
• The ability to perform logical acquisition of the device
• Logging of all operations performed within Toolkit
• Support for iPhone 3G
• Support for iOS 3.x on compatible devices
• Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)
• Let me give a short description of each of the new features.

Keychain Decryption

Logical Acquisition

Logging

iPhone 3G and iOS 3.x Support

Compatibility with iOS 4.3.4 and iOS 4.2.9

At Techno Security it seemed like we were the only newcomers (maybe partly due to this fact we were so warmly welcomed), as practically everybody knew each other (even visitors) and the whole situation resembled an alumni party in a very positive and friendly atmosphere.

We had a literally overloaded lecture-room during Andrey’s talk, people were even standing along the walls. Actually, at first I was really happy with this fact. Our talk was about locating disk decryption keys in memory which was announced and printed in event agenda. It’s something new for our company, but it’s no breakthrough in the industry, and so we didn’t expect too many people to come. However, against all my expectations, during the speech listeners were taking notes, typing something in their laptops, and looking angrily at me when I was trying to take some pictures producing though very little noise, – I gave up quite soon.

Interestingly, after Andrey’s speech most visitors that came up to the booth had questions about our new iPhone toolkit or sometimes about Elcomsoft Blackberry Backup Extractor and very few had a disk decryption or key mining related questions. I suppose some of listeners were probably hoping Andrey would touch upon iPhone toolkit as well. I’m so sorry we had to choose the topic of our speech so in advance that we couldn’t fix it later. But we did our best to answer all your questions and demo the software at our booth, if you still have any, feel free to ask right here!

You can find more pictures in our facebook.

UPDATE: Here is Andrey's presentation 'Faster Password Recovery with Modern GPUs' in PDF and video format.

The Onion News Network has a news webcast about Facebook program and its use in acquiring information during federal investigations and how greatly this project can save federal expenses:

CIA's 'Facebook' Program Dramatically Cut Agency's Costs

Joking aside, although Facebook was not presupposed to carry out any federal mission like this, the fact is that Feds can very well use Facebook to gather more details of people they are looking for. The question is: how can they do this (if, of course, that’s not the ‘special project’ itself)? One of possible ways to get necessary data would be to set an account and make friends with the suspect, however there are some hidden rocks in it. First, the suspect might not like to make friends with “camouflaged” feds; second, even if you managed to get friends, your access to suspects’ details can be restricted.  Obviously, this is not an easy way to chase a criminal, on the other hand it provides an opportunity to establish and initiate personal contact with the suspect if that’s required.

What else can be done? Well, getting access to suspects’ computer is not a bad idea and most probably this would be point number one. There are many ways to seize and arrest suspects’ computers and as soon as it is accessible computer specialists start scrutinizing its content in search of any evidence. Here all ElcomSoft password recovery tools come into action and now also Facebook Password Extractor designed exclusively for Facebook accounts. 

The new utility gets Facebook account passwords saved in Web browsers on the local computer.  Pleasant thing is that ElcomSoft decided to help saving federal costs as well and made the software free of charge: “This is our duty!”, says unnamed ElcomSoft representative. The main Facebook Passwords Extractor features:

• The utility is absolutely free
• Easy exploitation – you simply start the program and it takes over the rest of work
• Supports all popular Web browsers and their versions: Internet Explorer till v. 9, Mozilla Firefox till v. 4, Opera till v. 11.10, Google Chrome till v. 11, Apple Safari till v. 5
• Works almost instantly
• Finds unlimited (i.e. all) number of logins and passwords stored in Web browsers on local computer.
• Does not matter how long and complex the passwords are and what languages they're in

N.B. Passwords stored in Mozilla Firefox and Opera protected with master password, cannot be recovered with this tool. For the first one (Firefox), however, we do have the solution: Elcomsoft Distributed Password Recovery. Let us know if you're interested in Opera master password recovery, too!

Working with it is quite simple. Right after you start Facebook Password Extractor, it searches Web browsers installed in the system and analyses data stored in every of the installed browsers, local databases, and cache. This allows finding all account information (login – password) that has ever been saved in Web browsers as autocomplete and/or authentication data. All found passwords to Facebook accounts are being decrypted and displayed in convenient form.

There is one “problem” with Facebook Password Extractor, though. It works with Facebook only  . If you need to reveal passwords to other social networks, get the Elcomsoft Internet Password Breaker instead. It is not free, but you always get what you paid for – not just [saved] passwords to social networks, but also the contents of ‘autocomplete’ fields (an extremely good source of information, including passwords), Windows Live Mail credentials and more.