Clik here to view.
Target: Apple Two-Factor Authentication
Two-factor authentication is essential to secure one’s access to online accounts. We studied multiple implementations of two-factor authentication including those offered by Apple, Google and...
View ArticleClik here to view.
Breaking Apple iCloud: Reset Password and Bypass Two-Factor Authentication
Who am I to tell you to use two-factor authentication on all accounts that support it? This recommendation coming from someone whose business is supplying law enforcement with tools helping them do...
View ArticleClik here to view.
iOS 11 Horror Story: the Rise and Fall of iOS Security
We loved what Apple used to do about security. During the past years, the company managed to build a complete, multi-layer system to secure its hardware and software ecosystem and protect its customers...
View ArticleClik here to view.
The Life and Death of iCloud Authentication Tokens: Historical Perspective
What are iCloud authentication tokens? How they are better than good old passwords? Do they ever expire and when? Where to get them? Is there anything else I should know about tokens? This publication...
View ArticleClik here to view.
What’s New in iOS 11 Security: the Quick Reference Guide
iOS 11 introduced multiple changes to its security model. Some of these changes are highly welcome, while we aren’t exactly fond of some others. In this quick reference guide, we tried to summarize...
View ArticleClik here to view.
You Lost Your Second Authentication Factor. Now What?
In Apple’s land, losing your Apple Account password is not a big deal. If you’d lost your password, there could be a number of options to reinstate access to your account. If your account is not using...
View ArticleClik here to view.
Four and a Half Apple Passwords
Passwords are probably the oldest authentication method. Despite their age, passwords remain the most popular authentication method in today’s digital age. Compared to other authentication mechanisms,...
View ArticleClik here to view.
Apple Two-Factor Authentication: SMS vs. Trusted Devices
Multi-factor authentication is the new reality. A password alone is no longer considered sufficient. Phishing attacks, frequent leaks of password databases and the ubiquitous issue of reusing passwords...
View ArticleClik here to view.
Downloading iOS 13 and iOS 14 iCloud Backups
The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by...
View ArticleClik here to view.
Protecting iMessage Communications
How secure are your chats in your favorite instant messenger? Can someone intercept and read your secret conversations, and can you do something about it? Apple users have access to the highly popular...
View ArticleClik here to view.
Cloud Forensics: the New Reality
The majority of mobile devices today are encrypted throughout, making extractions difficult or even impossible for major platforms. Traditional attack vectors are becoming a thing of the past with...
View ArticleClik here to view.
iCloud Extractions Without Passwords and Tokens: When a Trusted Device is Enough
A lot of folks (and even some law enforcement experts) are looking for a one-click solution for mobile extractions and data decryption. Unfortunately, in today’s day and age there are no ‘silver...
View ArticleClik here to view.
Using a Trusted Device for iCloud Authentication
To perform an iCloud extraction, a valid password is generally required, followed by solving the two-factor authentication challenge. If the user’s iPhone is everything that you have, the iCloud...
View Article
