Russian password cracking software vendor ElcomSoft has recently released a tool which purportedly recovers the passwords stored on the latest iPhone’s without having to modify any data on the phone at all. The “iPhone Password Breaker” software works by recovering the password used to encrypt the keychain which the device uses to store the passwords for email accounts, websites, and software on the phone.

The software, which is aimed at Forensic Investigators, extracts the password from the keychain once it has been backed up to a computer. ElcomSoft has a variety of similar software that works with other file formats and platforms, such as ZIP and RAR file password crackers, Excel and Word, and a number of others. In the words of ElcomSoft:

ElcomSoft is world’s first to  unlock access to iPhone keychains. Prior to the release of the updated iPhone Password Breaker, the keychains were considered impossible to obtain. The ability to recover stored passwords without altering the phone’s content offers valuable court evidence to investigators and forensic authorities.

On previous versions of the iPhones, the keychains remained encrypted with a hardware-specific device key which was unique to each iPhone, even when exported to an external backup, however, since the release of iOS 4, this is no longer necessarily the case, as they can now be stored in backups that are encrypted only with the backup’s master password. If this password is known, it is possible to gain access to these encrypted keychains. If an unencrypted backup is made, though, the keychains are still protected with the phones hardware key, and therefore, to gain access to the keychains, a password-protected backup must first be made (seems counter-intuitive doesn’t it?).

The ElcomSoft iPhone Password Breaker also employs GPU Password Cracking technology to significantly increase the speed of recovery. A trial can be obtained at http://iphone.elcomsoft.com

If you’re one of the many who are jailbreaking your iPhone to get options such as tethering, make sure you change the root access password once you do.
In addition to your possibly getting Rick-Rolled

Your jailbroken phone could possibly be held for ransom

If you’ve never changed the default device password, now’s the time. Here’s how:

The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

iPhoneName: ~ Mobile$

• At that prompt, type: passwd
• You’ll be prompted for the ‘old’ (current) password for the mobile user.  Enter this as the old password: alpine
• You’ll then be prompted to enter the new password – so just type in your desired new password.  Use good password principles if possible (long and stong).  You will not see characters appearing on the screen as you type – that’s normal, not a concern.
• You’ll then be prompted to re-enter the new password.  Do that.
• You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app.  There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful.  And you’re done with change for the mobile account.
• The second primary admin account for the iPhone is called root – so now you need to change that as well.
• Type this to switch to the root user: login root
• You’ll be prompted for the root user’s current password.  Enter this: alpine
• Type this to start the password change routine again: passwd
• Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account

Normally if a message is received during the passcode entry or while the screen is locked, a generic message of “New Text Message” appears, to prevent viewing of messages without unlocking the phone. However, if you place the IPhone into emergency call mode, any incoming SMS messages are previewed instead of presented as the generic messages.

Need to secure your usb drive? Click Here!

As you know AT&T is the only carrier for IPhones (unless its jailbroken). For many people jumping on the IPhone craze do not know that the convenience of listening to your voicemail from your Iphone (or any AT&T phone for that matter) is a huge hole. The AT&T voicemail system is configured by default not to ask for a password when you check your voicemail from the handset (it asks for your voicemail password if you call your number from another phone and press * when your voicemail answers). (more…)

Apply a lock to your iPhone, and it’ll ask you for a four-digit passcode. However, it’ll also let you make an emergency call. Go into the menu to dial the emergency number, perform a quick double-click on the ‘home’ button, and your phone’s favorites menu will appear.

Not only that, if you’ve changed the settings then whatever you’ve applied to the double tap action will pop open.
(more…)