Blackberry Password Keeper vs. 1Password: in a Crack or in Attack

Elcomsoft Phone Breaker (PresseBox) (Moscow, Russia, ) ElcomSoft Co. Ltd. updates Elcomsoft Phone Breaker, the company's mobile forensic tool for logical and over-the-air acquisition of mobile devices. Version 4.10 adds the ability to attack 1Password containers, and becomes an industry first tool to instantly unlock access to passwords stored in BlackBerry Password Keeper for BlackBerry 10. The ability to decrypt the content of these password manager applications enables forensic access to some of the most sensitive information.

In addition, the new release includes numerous performance optimizations to GPU acceleration with NVIDIA boards, and integrates the extraction of iCloud authentication tokens into the user interface (as opposed to resorting to previously available command-line tools).

"There are often encrypted containers within an encrypted backup", says Vladimir Katalov, ElcomSoft CEO. "We started targeting those containers, adding support for the two common password managers: BlackBerry Password Keeper and 1Password. We've discovered and implemented a method of unlocking the content of BlackBerry Password Keeper instantly, without performing lengthy attacks on the master password."

Instantly Breaking BlackBerry Password Keeper

With this release, ElcomSoft targets encrypted containers created by two popular password managers, BlackBerry Password Keeper for BlackBerry 10 and 1Password.

BlackBerry Password Keeper is a native BlackBerry application to keep all passwords, accounts and logins securely with the help of additional encryption. In the BlackBerry 10 ecosystem, BlackBerry Password Keeper serves as a single point of access for some of the user's most sensitive information. While previous versions of BlackBerry Password Keeper protected information with a user-determined master password that could be attacked with Elcomsoft Phone Breaker, recent versions of the app introduced a new venue for attack. The latest versions of BlackBerry Password Keeper now employ a secure escrow key to protect the password container - and Elcomsoft Phone Breaker becomes an industry first tool that can extract that key and use it to decrypt the protected container instantly and without lengthy attacks.

Elcomsoft Phone Breaker 4.10 can instantly obtain the escrow key and decrypt BlackBerry Password Keeper containers extracted from BlackBerry 10 backups without brute-forcing the master password. The ability to gain instant access to data stored BlackBerry Password Keeper enables experts to access sensitive and highly valuable information in no time. Passwords and other data stored in BlackBerry Password Keeper containers can be viewed in a way that is similar to Keychain Explorer.

Note that BlackBerry 10 backups themselves are also protected and must be decrypted with Elcomsoft Phone Breaker prior to targeting BlackBerry Password Keeper.

Decrypting 1Password Containers

1Password is a popular cross-platform service to keep and synchronize passwords to various accounts between multiple computers and mobile devices. Available for Mac OS X, Windows, Android and iOS, 1Password employs users' Dropbox or iCloud accounts to keep and sync passwords. In iOS, 1Password password databases are also backed up to offline (iTunes) or iCloud backups.

1Password containers are protected with a user-defined master password. Elcomsoft Phone Breaker can now attack master passwords protecting 1Password containers retrieved from Dropbox, iTunes or iCloud backups.

Integrated iCloud Token Extraction

The ability to download iOS cloud backups and access iCloud data without knowing the suspect's Apple ID and password has been extremely popular with forensic customers. Elcomsoft Phone Breaker can use iTunes-created binary authentication tokens for iCloud login, which allows bypassing two-factor authentication among other things. Extracting the tokens was possible via a set of command-line tools available in Elcomsoft Phone Breaker for both PC and Mac OS platforms.

The new build integrates the token extraction functionality straight into the user interface, making the process of finding, extracting and using tokens significantly faster and easier.

Accelerated Performance with NVIDIA Boards

In this release, Elcomsoft Phone Breaker reaches theoretical maximum performance in GPU-assisted password recovery with NVIDIA boards. Compared to previous versions, the performance grows some 15 to 50 per cent. This level of performance was reached with assistance of NVIDIA engineers.

About Elcomsoft Phone Breaker

Elcomsoft Phone Breaker (formerly Elcomsoft Phone Password Breaker) provides forensic access to encrypted information stored in popular Apple and BlackBerry devices, Apple iCloud/iCloud Drive and Windows Live! accounts. By recovering the original password protecting offline backups produced with compatible devices, the tool offers forensic specialists access to SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings stored in those backup files. The new iteration of the product can also retrieve information from online backups stored in Apple iCloud.

Pricing and Availability

Elcomsoft Phone Breaker is available immediately. Home, Professional and Forensic editions are available. iCloud recovery is only available in Professional and Forensic editions, while password-free iCloud access as well as the ability to download arbitrary information from iCloud and iCloud Drive are only available in the Forensic edition. Elcomsoft Phone Breaker Pro is available to North American customers for $199. The Forensic edition enabling over-the-air acquisition of iCloud data is available for $799. The Home edition is available for $79. Local pricing may vary.

Elcomsoft Phone Breaker supports Windows Vista, Windows 7, 8, 8.1, and Windows 10 as well as Windows 2003, 2008 and 2012 Server. Elcomsoft Phone Breaker operates without Apple iTunes or BlackBerry Link being installed.

Kontakt

ElcomSoft Co. Ltd.
Vřesovická 429/1
-15521 Praha
Olga Koksharova
Marketing
Marketing Direktor

Bilder

Social Media