Off-the-shelf forensics tool slurps iPhone data via iCloud

May 21, 2012 NEWS, TECHNOLOGY, YOUR INTERNET No comments

ElcomSoft has updated its mobile forensics software to include the ability to retrieve online backups from Apple iCloud storage.

The enhancement to Elcomsoft Phone Password Breaker adds the capability to retrieve user data associated with iPhones from Apple’s iCloud online backup service. Backups to multiple devices registered with the same Apple ID can be retrieved using the technology, providing investigators has access to a user’s original Apple ID and password.

The approach means that investigators need not have physical access to Jesus phones in order to recover unencrypted copies of data they hold.

Elcomsoft Phone Password Breaker launched with the ability to retrieve user content from password-protected backups created on Apple iPhones and BlackBerry smartphones. The password breaker only facilitated the recovery of passwords protecting offline backups not data held in the cloud.

Access to data stored in iCloud online backup service is of interest to forensic investigators, not least because the facility has been used by millions of fanbois for data backup and device synchronisation since its introduction last June. Apple’s iCloud online backup service offers an alternative (or additional safety net) to backing up device data locally onto computers using iTunes.

iCloud backups offer a near real-time copy of information stored on iPhones including emails, call logs, text messages and website visits. iCloud backups are incremental. When set up to use the iCloud service, iPhones automatically connect to iCloud network and backup their content every time a docked device gets within reach of a Wi-Fi access point.

“While other methods require the presence of the actual iPhone device being analyzed or at least an access to device backups this is not the case with iCloud,” ElcomSoft chief exec Vladimir Katalov explained. “With a valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect.”

The technology is marketed to computer forensics consultants, law enforcement and intelligence organisations. Investigators using the technology still need iCloud login credentials, which can’t be obtained with Elcomsoft Phone Password Breaker alone. Logging into iCloud requires an Apple ID and password.

This password, if not already known, can be acquired from an offline backup produced with Apple iTunes, and “used by investigators to watch suspects’ activities by monitoring changes to their online iCloud backups,” Elcomsoft explains.

“If investigators don’t have Apple ID and password, they can always try to get them and there are plenty of scenarios (both more and less sophisticated) to do so,” Elcomsoft spokeswoman Olga Koksharova told El Reg. “Getting Apple ID credentials may be a challenge, however there are numerous ways and places to find them or their traces on all iCloud devices registered to the same Apple ID.”

“Investigators can try to get physical access to a left alone Apple gadget (including laptops) and search it (e.g. its FileVault, which can take less than a minute if it’s unlocked), or take a physical image of one of i-devices (e.g. there is EIFT to acquire iPhone contents within 20 minutes or so), or search any other private/corporate stationary PC/Mac because the credentials can also be cached in web browser when the suspect tried to enter iCloud from the web browser, or social engineer at least,” she added.

However they eventually manage to get iCloud login credentials, investigators are subsequently relieved of the need to crack backup encryption passwords. The data is smoothly downloaded directly onto their computers from Apple remote storage facilities in plain, unencrypted form.

A blog post by Elcomsoft explaining how the technology works can be found here

Americans More Worried About Cybersecurity Than Terrorism

May 16, 2012 DAILY RATBREAD, NEWS, YOUR INTERNET No comments

from the for-no-clear-reason dept

Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there’s no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading. Of course, this is mostly due to the work of a neat combination of ex-politicians/now lobbyists working for defense contractors who stand to make a ton of money from the panic — enabled by politicians who seem to have no shame in telling scary bedtime stories that have no basis in reality.

But it’s all working. And, by working, I mean scaring the public unnecessarily. As reported by Wired, a new survey from Unisys finds that Americans are more worried about cybersecurity threats than terrorism, and they seem pretty worried about those threats. When asked about which security issues were the highest priority, survey respondents noted:

  • Protecting government computer systems against hackers and criminals (74 percent)
  • Protecting our electric power grid, water utilities and transportation systems against computer or terrorist attacks (73 percent)
  • Homeland security issues such as terrorism (68 percent)

Of course, it’s likely that the vast majority of the American public has absolutely no idea what the actual risk is of any of these things happening. But they are familiar with computers, and there’s been a lot of talk about cybersecurity lately, so “ooooooh, scary!” Now, here’s where the mainstream press could come in and point out the lack of evidence for any real or significant cybersecurity threat and help people realize that they might be best off focusing their attention elsewhere. But talking about planes falling from the sky is much more fun.

Who Needs SOPA When Courts Will Pretend SOPA Already Exists?

May 16, 2012 DAILY RATBREAD, NEWS, TECHNOLOGY, YOUR INTERNET No comments

from the seems-unfortunate dept

Back in November, we wrote about one of a series of cases we had seen where trademark holders were going to court with a list of domain names that they insisted were selling counterfeit goods and getting the courts to issue injunctions that appeared to be quite similar to what SOPA would have allowed had it passed. That is, basically upon request, a trademark holder was able to get domain registrars to kill domain names, while forcing search engines and social networks to put in place blockades barring such sites from being listed. It appears that more trademark holders are taking notice. Jeff Roberts has the story of (regular IP extremist) Louis Vuitton trying the same thing.

Basically, it lists out a bunch of websites that may or may not be involved in the sale of infringing works. Most, if not all of them, are foreign run. However, it is seeking a full injunction against those sites, not just to get them to stop selling any counterfeit goods, but to get the domains themselves turned off, and to block search engines from being able to find them:

Entry of an order requiring the Subject Domain Names, and any other domain names being used by Defendants to engage in the business of marketing, offering to sell and/or selling goods bearing counterfeits and infringements of the Louis Vuitton Marks to be disabled and/or immediately transferred by Defendants, their Registrars and/or the Registries to Louis Vuitton’s control so they may no longer be used for illegal purposes.

Entry of an Order that, upon Louis Vuitton’s request, the top level domain (TLD) Registries for the Subject Domain Names and their administrators place the Subject Domain Names on Registry Hold status, thus removing them from the TLD zone files maintained by the Registries which link the Subject Domain Names to the IP addresses where the associated websites are hosted.

Entry of an Order that, upon Louis Vuitton’s request, those in privity with Defendants and those with notice of the injunction, including any Internet search engines, Web hosts, domain-name registrars and domain-name registries or their administrators that are provided with notice of the injunction, cease facilitating access to any or all domain names and websites through which Defendants engage in the sale of counterfeit and infringing goods using the Louis Vuitton Marks.

Entry of an order that, upon Louis Vuitton’s request, the Internet Corporation for Assigned Names and Numbers (“ICANN”) shall take all actions necessary to ensure that the Registrars and the top level domain Registries or their administrators responsible for the Subject Domain Names transfer, change the Registrar of Record, and/or disable the Subject Domain Names as directed by the Court.

As we noted back in the fall, there are all sorts of problems with these kinds of rulings (assuming that the South Florida court in this case follows the lead of previous courts). First of all, it’s not clear under what authority the courts can issue such broad injunctions. Second, there are serious jurisdictional questions. But the biggest issue of all is that the court seems to be requiring non-parties to the litigation to take pretty drastic action: requiring search engines and domain registrars to effectively kill sites with little in the way of review or recourse. Now, it’s likely that most — or perhaps all — of the sites in question are selling counterfeit goods. But how long do you think it will be until others use these cases as precedent for taking down all sorts of sites — even those that are perfectly legitimate?

ACTA Officially Headed to the European Court of Justice

May 16, 2012 DAILY RATBREAD, NEWS, TECHNOLOGY, YOUR INTERNET No comments

Is ACTA a violation of European human rights? That’s what the European Commission hopes to find out. The controversial agreement has been referred to the European Court of Justice.

Negotiated behind closed doors. Very few stakeholders involved or even allowed to hear the negotiations. Considered to be one of the greatest threats to the Internet today. ACTA has been one of the most controversial agreements around. The only reason we’ve even heard about it in the first place was because the text of the draft document was leaked by Wikileaks.

While the original drafts contained a global three strikes provision, one of the more recent versions has had that removed. Still, it is a major threat to innovation and Internet because of it exporting the more controversial provisions of the DMCA to the rest of the world and even goes beyond US case law.

Serious questions are being raised like whether or not this agreement, if implemented, is violation of human rights and, as is the case here, could ever be properly implemented in European law. ZDNet is reporting that these matters will now be looked at in court:

The Commission said in February that it intended to make the referral, to see whether ACTA was in line with fundamental rights. However, the European Parliament, which is set to vote on ACTA’s ratification in June, has refused to delay that vote to wait for the ECJ’s opinion.

There is a great amount of hostility towards ACTA within the Parliament, and digital agenda commissioner Neelie Kroes has already admitted that ratification is likely to be rejected. If that happens, the copyright enforcement treaty cannot come into force anywhere in the EU.

Kroes, however, is not the commissioner in charge of handling what is nominally a trade agreement.

In a statement on Friday, the spokesman of trade commissioner Karel De Gucht said the referral had gone ahead, asking the ECJ: “Is the envisaged Anti-Counterfeiting Trade Agreement (ACTA) compatible with the treaties and in particular with the Charter of Fundamental Rights of the European Union?”

“The Court’s opinion is vital to respond to the wide-ranging concerns voiced by people across Europe on whether ACTA harms our fundamental rights in any way,” John Clancy said. “The European Commission has a responsibility to provide members of the European Parliament and the public at large with the most detailed and accurate information available.”

The decision to implement ACTA ultimately rests on the European Parliament. The question is, would it ever be ratified? The speculation is that it won’t. From The Guardian last week:

Speaking on Friday, Kroes said that “we are now likely to be in a world without Sopa” – the US’s proposed Stop Online Piracy Act – “and Acta.”

[...]

Ryan Heath, a spokesman for Kroes’s office, said the European commission has not changed its position on the usefulness of Acta, and was continuing to work toward its ultimate ratification, but added that Kroes was “observing political reality”.

Kroes’s comments come weeks before the commission, the EU executive, is due to make public new rules to ensure that musicians and film-makers get paid, and while it is trying to overhaul the bloc’s copyright regime to cater for the internet era.

Critics say the commission is holding back planned reviews of the EU’s own rules because officials are worried it will come up against the same kind of resistance as Sopa and Acta.

“After the tremendous mobilisation of citizens around the world against Sopa and Acta, it would be extremely dangerous politically for the commission to propose a new repressive scheme,” said Jeremie Zimmermann, from internet advocacy group La Quadrature du Net.

According to La Quadrature du Net, there has already been a draft report saying that ACTA is contrary to basic democratic rights:

Today, on May 8th, the rapporteur Dimitrios Droutsas presented his draft report to the LIBE committtee, highlihtening that ACTA was a threat to fundamental freedom and would freeze any attempt to democratically debate copyright policy in the EU. As many LIBE members underlined the lack of a clear call for rejection of ACTA, he agreed to add to his report language stressing that ACTA is not compatible with the Charter of Fundamental Rights of the European Union, thus clarifying his position.

“Mr. Droutsas’ draft report is a very important acknowledgement that the EU has a role to play to protect and promote human rights internally and on the international stage, and that ACTA runs counter to this duty. The document also rightly underlines the need to open a broad debat on the future of copyright and overcome the dangerous antagonism between today’s current regime and the new social practices that are flourishing online, such as culture sharing.” said Philippe Aigrain, co-founder of the citizen advocacy group La Quadrature du Net.

“After the EU privacy watchdog’s opinion slamming ACTA, this draft report is yet another blow to the EU Commission and other copyright extremists within the Parliament, who have been relentlessly pushing for ACTA. The committee on civil liberties must approve Mr. Droutsas’ report, recommending the Parliament to reject ACTA and making clear that a broad and open-ended debate on the future of copyright is needed.” said Jérémie Zimmermann, spokesperson of La Quadrature du Net.

With all indications saying, basically, that ACTA is dead in the European Union, it will be interesting to see if this is re-confirmed by the European Court of Justice.

I think that if the court rejects this and the European Union refuses to ratify it, this could also jeopardize the chances of countries passing other, more draconian copyright agreements such as the Trans-Pacific Partnership (TPP), which we’ve discussed recently, because an international standard has been set saying that these agreements are a contradiction to the basic principles of democracy. After all, I never understood how criminal laws could be discussed and negotiated in secret between a small one-sided set of stakeholders, brought to various countries and expect the countries to just rubber stamp those laws.

« Older Entries