18 June, 2014 | CIO - http://www.cio.com.au/
Russian forensic firm's tool snags iCloud backups without an Apple IDMoscow-based Elcomsoft has developed a tool to collect iCloud backup files without knowing a person's Apple ID, a development intended to help law enforcement analyze seized computers.
18 June, 2014 | Computerworld - http://blogs.computerworld.com/
Forensic tool cracks into iCloud data with no password or Apple ID requiredSome people pay little attention when there’s a new password cracker because they think along the “bite me” lines of “big deal ‘cause I have a 30-character password securing my account; good luck cracking that.” Other folks are on the other side of the spectrum, knowing a rainbow table isn’t exactly necessary for a highly guessable password like “password” or “123456.” But if you are a big fan of Apple and of iCloud storage, then you might be interested to learn there’s a new forensic tool capable of “over-the-air acquisition of iCloud data without having the original Apple ID and password.”
18 June, 2014 | PFhub - http://www.pfhub.com/
Russian company Elcomsoft develops method to compromise Apple (AAPL) iCloud backupsProving once again that Russian software experts make superb hackers, Elcomsoft Proactive Software of Moscow, Russia has created a tool that enables accessing the iCloud backups of users who are logged in to their iCloud account, without their cooperation or consent. The tool takes advantage of the method Apple Inc. uses to keep users logged in over an extended period of time without needing to re-enter their passwords.
12 March, 2014 | CIO - http://www.cio.com.au/
How Forensic Tools Unearth Deleted Text MessagesUnlike work email, most mobile text messages don't flow through the corporate network except for the rare exception when employees use a company-deployed texting app. This means text messages are a blind spot for IT -- that is, impossible to monitor.
4 March, 2014 | Macworld - http://www.macworld.co.uk/
How to hack an iPad or iPhone passcode: bypass iOS password security and remove the iPad's lockIt is possible to hack the iPad passcode, but you need serious software to do so. This is known as forensics software because law enforcement agencies use them when analysing a mobile phone. We tested Elcomsoft iOS Forensic Toolkit and found it a reliable means of cracking an iPad’s passcode.
28 October, 2013 | SearchEnterpriseDesktop - http://searchenterprisedesktop.techtarget.com/
Windows 8.1 biometrics support increases security, but do you need it?Windows 8.1 Preview comes with the software necessary to register and manage fingerprint-based authentication on the desktop. This removes the need for hardware manufacturers to provide their own apps, helping to avoid problems introduced with third-party software. For example, in the past, a number of computer manufacturers -- including Acer, Dell, Gateway, Lenovo and Toshiba -- had shipped their laptops with UPEK's scanner and software. Last year, ElcomSoft, a certified Microsoft partner in Russia, discovered that UPEK's fingerprint-reader program was storing Windows account passwords in the registry as plain text. The passwords were scrambled, but not encrypted, making them an easy target for hackers and cybercriminals.
26 October, 2013 | SCMagazine - http://www.scmagazine.com.au/
Researcher says iCloud backups have security shortfallsThe Elcomsoft chief executive found that Apple did not extend its two-factor authentication to protect the online backups which were stored on Microsoft and Amazon servers.
24 October, 2013 | Naked Security - http://nakedsecurity.sophos.com/
Apple's iCloud iConundrum - does convenience mean insecurity?In his talk, "Cracking and Analyzing Apple's iCloud Protocols", Katalov showed how Apple's optional two-factor authentication is selective in its application, even where it is available.
21 October, 2013 | iMore - http://www.imore.com/
Researcher continues exploring iCloud security, some media outlets continue to overreactRussian security researcher Vladimir Katalov gave a talk last week at Hack in the Box security conference detailing his findings on Apple's iCloud protocols. Katalov's research highlights several shortcomings in iCloud's security model, including the fact that iCloud data is not protected by the two-step verification system Apple rolled out earlier this year.
17 October, 2013 | Help Net Security - http://www.net-security.org/
Apple's iCloud protocols cracked and analyzedSmartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods. In his presentation at the Hack in the Box Conference, co-founder and CEO of Russian password-cracking / recovery company ElcomSoft Vladimir Katalov has shared the results of their efforts in cracking and the discoveries they made by analysing Apple's iCloud protocols, as well as those used for Windows Phone and BlackBerry backups.