[ZMc1834]

I didn't think this was possible or supposed to be possible, but ElcomSoft now allows you to recover the master password for Password Keeper and BB Wallet. Not for sure where to put this article, so if an mod wants to move it to a better location, please go ahead.

ElcomSoft Recovers Passwords to BlackBerry Password Keeper & BlackBerry Wallet

Press Releases
ElcomSoft Recovers Passwords to BlackBerry Password Keeper & BlackBerry Wallet

ElcomSoft Co. Ltd. updates Elcomsoft Phone Password Breaker with the ability to recover master passwords protecting passwords stored in BlackBerry Password Keeper, as well as financial information kept in BlackBerry Wallet. With these two new features, Elcomsoft Phone Password Breaker becomes the first commercially available product to offer access to passwords stored in BlackBerry Password Keeper and sensitive information stored in BlackBerry Wallet. Elcomsoft Phone Password Breaker offers forensic access to password-protected backups produced by Apple iPhone/iPad/iPod Touch devices and BlackBerry smartphones and tablets. By enabling forensic access to encrypted information stored in BlackBerry Password Keeper and Wallet apps, ElcomSoft helps investigators recover more valuable pieces of otherwise inaccessible information stored in RIM BlackBerry smartphones.

Moscow, Russia (PRWEB) August 30, 2011

ElcomSoft Co. Ltd. updates Elcomsoft Phone Password Breaker with the ability to recover master passwords protecting passwords stored in BlackBerry Password Keeper, as well as financial information kept in BlackBerry Wallet. With these two new features, Elcomsoft Phone Password Breaker becomes the first commercially available product to offer access to passwords stored in BlackBerry Password Keeper and sensitive information stored in BlackBerry Wallet.

Elcomsoft Phone Password Breaker offers forensic access to password-protected backups produced by Apple iPhone/iPad/iPod Touch devices and BlackBerry smartphones and tablets. By enabling forensic access to encrypted information stored in BlackBerry Password Keeper and Wallet apps, ElcomSoft helps investigators recover more valuable pieces of otherwise inaccessible information stored in RIM BlackBerry smartphones.

BlackBerry users have an option to securely store and quickly access all their passwords and their financial information such as credit card numbers, billing addresses, loyalty points numbers etc. This information is being held in BlackBerry Password Keeper and Wallet apps, and is securely protected additional master passwords. Password Keeper and Wallet use separate master passwords. In order to access information stored in these apps, BlackBerry users have to enter the correct master password first. After 10 unsuccessful attempts to guess the master password, all data stored in BlackBerry Password Keeper or Wallet can be permanently erased from the device if a corresponding setting is selected by the user (which is normally the case).

BlackBerry Password Keeper protects users' passwords with a single master password, offering its users the convenience of having to deal with only one password instead of keeping in mind login credentials to dozens of Web sites, applications and services. BlackBerry users are encouraged to use Password Keeper to generate extremely secure random passwords containing a fairly long sequence of letters, numbers and symbols. All users' passwords are stored securely encrypted, and can be only decrypted with a Password Keeper master password.

Information stored in Password Keeper gets into off-line backups when such backups are produced. However, even when the backup gets decrypted, the users' passwords remain securely protected with an extra password: the Password Keeper master password.

Elcomsoft Phone Password Breaker can now recover Password Keeper's master password, providing investigators full access to stored login credentials and passwords in plain-text.

Similar to Password Keeper, BlackBerry Wallet stores users' personal and financial information such as credit card information, billing and shipping addresses, loyalty rewards and membership card numbers. The tool is designed to speed up mobile checkout, significantly simplifying the online purchasing process by filling in the required fields automatically with stored information. Being such a convenience tool, BlackBerry Wallet is used by many BlackBerry customers.

Information stored in BlackBerry Wallet is also encrypted and securely protected with Wallet master password. This password should be, and usually is different from BlackBerry backup password, adding an extra layer of protection to highly sensitive information kept in the Wallet.

The latest edition of Elcomsoft Phone Password Breaker can recover Wallet's master password, providing investigators access to highly valuable information stored in the Wallet.

The recovery of BlackBerry Password Keeper and Wallet passwords is extremely fast. Elcomsoft Phone Password Breaker can try hundreds of thousands passwords per second, making dictionary and brute-force attacks feasible and the recovery time reasonable.

Knowing the original plain-text master password, investigators can use the original BlackBerry device to access user passwords and data stored in BlackBerry Password Keeper and Wallet apps. Elcomsoft Blackberry Backup Explorer can use a BlackBerry backup off-line to display passwords stored in BlackBerry Password Keeper; BlackBerry Wallet support will be added shortly. Elcomsoft Blackberry Backup Explorer is the first and, currently, the only product on the market that can access and display BlackBerry Password Keeper items in off-line, without requiring the use of a BlackBerry device.

About Elcomsoft Phone Password Breaker

Elcomsoft Phone Password Breaker provides forensic access to encrypted information stored in popular Apple and BlackBerry devices. By recovering the original password protecting offline backups produced with compatible devices, the tool offers forensic specialists access to SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings stored in those backup files.

Pricing and Availability

Elcomsoft Phone Password Breaker is available immediately. Home and Professional editions are available; licenses start from $79.

Elcomsoft Phone Password Breaker operates without Apple iTunes or BlackBerry Desktop Software being installed.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co. Ltd. develops state-of-the-art computer forensics tools, provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft and its officers are members of the Russian Cryptology Association. ElcomSoft is a Microsoft Gold Certified Partner and an Intel Software Partner.

Elcomsoft Phone Password Breaker supports Windows XP, Vista, and Windows 7, as well as Windows 2003 and 2008 Server. Elcomsoft Phone Password Breaker Pro is available to North American customers for $199. The Home edition is available for $79. Local pricing may vary. For more information visit blackberry.elcomsoft.com/

[Rootbrian]

It seems a bit hyped up to me. Maybe this is only available to police or those who really need to get into their device, if they forgot the password they set as their keystore.

I doubt it could unlock a password-protected blackberry. Only people that have done it, will do it.

I call a scam until somebody spends $79 and does it themselves.

Posted from my CrackBerry at wapforums.crackberry.com

[Rickroller]

It seems a bit hyped up to me. Maybe this is only available to police or those who really need to get into their device, if they forgot the password they set as their keystore.

I doubt it could unlock a password-protected blackberry. Only people that have done it, will do it.

I call a scam until somebody spends $79 and does it themselves.

Lol..that's exactly what it says it does. And no..it's available for everyone..

"Elcomsoft Phone Password Breaker Pro is available to North American customers for $199. The Home edition is available for $79"

[CrackedBarry]

It seems a bit hyped up to me. Maybe this is only available to police or those who really need to get into their device, if they forgot the password they set as their keystore.

I doubt it could unlock a password-protected blackberry. Only people that have done it, will do it.

I call a scam until somebody spends $79 and does it themselves.

Posted from my CrackBerry at wapforums.crackberry.com

Grasping at straws here, eh?

Sorry to say, but guess RIM has just lost a nice chunk of its claimed security advantage.

Its the real deal.. Elcomsoft is well known for their password-cracking software. And for not caring who the heck they sell to, as long as the card works.

Posted from my CrackBerry at wapforums.crackberry.com

[Rootbrian]

Lol..that's exactly what it says it does. And no..it's available for everyone..

"Elcomsoft Phone Password Breaker Pro is available to North American customers for $199. The Home edition is available for $79"

It might be used for evil purposes, such as enabling people to break into and access stolen devices. I don't like the sound of that at all.

Posted from my CrackBerry at wapforums.crackberry.com

[Accidental Post]

Bookmarked for all the folks that scream at me how secure BB's are......Eclomsoft folks aren't playing.......

[trsbbs]

A device of only as secure as one makes it, sets it up and how they use it.

I never use password keepers of any sort or an electronic wallet.

If it is there, someone will find a way to hack it.

Use your mind to keep passwords in.

Tim

[CrackedBarry]

It might be used for evil purposes, such as enabling people to break into and access stolen devices. I don't like the sound of that at all.

Posted from my CrackBerry wapforums.crackberry.com

They're based in Russia, heck the biggest part of their business is probably to sell to shady people with a wink a nod.

That's the thing with security. Once physical accesss is involved all the odds change. Esp. these days where a couple of 400$ graphic cards can build you a supercomputer.

Posted from my CrackBerry at wapforums.crackberry.com

[i7guy]

Bookmarked for all the folks that scream at me how secure BB's are......Eclomsoft folks aren't playing.......

What are you talking about, the device isn't being cracked the backups are. Use hidden volumes in trucrypt to protect the backups.

[Rickroller]

What are you talking about, the device isn't being cracked the backups are. Use hidden volumes in trucrypt to protect the backups.

Huh?

"Information stored in Password Keeper gets into off-line backups when such backups are produced. However, even when the backup gets decrypted, the users' passwords remain securely protected with an extra password: the Password Keeper master password." "Elcomsoft Phone Password Breaker can now recover Password Keeper's master password, providing investigators full access to stored login credentials and passwords in plain-text."

The backups are still protected by the MASTER PASSWORD. This software can recover the MASTER PASSWORD. If it can recover the master password..then the phone is essentially hacked. It can also recover forensic evidence as well..meaning past backups (from my understanding).

[i7guy]

Huh?

"Information stored in Password Keeper gets into off-line backups when such backups are produced. However, even when the backup gets decrypted, the users' passwords remain securely protected with an extra password: the Password Keeper master password." "Elcomsoft Phone Password Breaker can now recover Password Keeper's master password, providing investigators full access to stored login credentials and passwords in plain-text."

The backups are still protected by the MASTER PASSWORD. This software can recover the MASTER PASSWORD. If it can recover the master password..then the phone is essentially hacked. It can also recover forensic evidence as well..meaning past backups (from my understanding).

Huh?

Unless I missing the point, which is possible, you protect the backup end of story

Without a backup it is not possible to reverse decrypt the password. My important stuff, including my backups are further protected by a second level encryption on my computer and then uploaded to a safe spot in the interwebs.

[Rickroller]

Huh?

Unless I missing the point, which is possible, you protect the backup end of story

Without a backup it is not possible to reverse decrypt the password. My important stuff, including my backups are further protected by a second level encryption on my computer and then uploaded to a safe spot in the interwebs.

As I highlighted in bold..it said even when the backup get decrypted..there is a second measure of security: the master password. THIS is also able to be retrieved (ie hacked) using this software (allegedly anyways).

[syn-ack]

I think it reads that they can brute force crack the backup password and also brute force crack the Password Keeper's password as well as the wallet. (that is saved in the aformentioned backup)

This isnt a really big deal, unless your password is asdf... it does circumvent the "10 attempts" protection the BB device gives us.

just make sure your password is at least 8 Characters long, has upper and lower case and contains numbers.(make it complex) even at 1,000,000 passwords per second it'll take 7 years to crack.

[i7guy]

As I highlighted in bold..it said even when the backup get decrypted..there is a second measure of security: the master password. THIS is also able to be retrieved (ie hacked) using this software (allegedly anyways).

I don't know why this is so hard. If there is no backup there is no way to reverse decrypt anything. My backups are not stored on the file system native, but are encrypted again.

This is not a cell brite that plugs directly into the phone and can bypass the password authentication, except on blackberries. This is a software program that attempts to decrypt the backup files produced by desktop manager. If there are no back up files there is no reverse decrypting. If there is no reverse decrypting your information is safe.

[adrenaline_x]

Who uses backups?

Thats what BES is for

[i7guy]

^^^LOL. You may be right.

[papped]

So you are paying $200 for a simple brute forcer...

Just making sure I'm reading this stupid crap right.

[adrenaline_x]

You are.. It won't crack the device only your backup file..

[AlexXF]

Hm. Just imagine - you're forgot the pass to Keeper or Wallet. How to recover it?

3 simple steps - connect to pc, backup using DM, recovery master password using Elcomsoft Phone Password Breaker.

Worry about security? Set strong password for ALL device and setup auto lock. If you lost the phone - no one can make backup without your password. There is no way to get information from BlackBerry device that lock by password.

[i7guy]

Bookmarked for all the folks that scream at me how secure BB's are......Eclomsoft folks aren't playing.......

Hm. Just imagine - you're forgot the pass to Keeper or Wallet. How to recover it?

3 simple steps - connect to pc, backup using DM, recovery master password using Elcomsoft Phone Password Breaker.

Worry about security? Set strong password for ALL device and setup auto lock. If you lost the phone - no one can make backup without your password. There is no way to get information from BlackBerry device that lock by password.

Some people understand the real issue. This is akin to cracking the algorithm for blue ray discs.

Now come back when the device itself was hacked.

[buwee]

Huh?

"Information stored in Password Keeper gets into off-line backups when such backups are produced. However, even when the backup gets decrypted, the users' passwords remain securely protected with an extra password: the Password Keeper master password." "Elcomsoft Phone Password Breaker can now recover Password Keeper's master password, providing investigators full access to stored login credentials and passwords in plain-text."

The backups are still protected by the MASTER PASSWORD. This software can recover the MASTER PASSWORD. If it can recover the master password..then the phone is essentially hacked. It can also recover forensic evidence as well..meaning past backups (from my understanding).

I wouldn't be so over joyed over this because your phones has the worst security of any phones on the market LOL. I would not use an Android device ever again! Blackberries are still more secure than Androids since you don't even need any specialized software to crack Androids phones.

[Rickroller]

I wouldn't be so over joyed over this because your phones has the worst security of any phones on the market LOL. I would not use an Android device ever again! Blackberries are still more secure than Androids since you don't even need any specialized software to crack Androids phones.

Oh I see..so any Joe Blow could just take my phone and crack it. Gotcha. Does this include you? Thought not. I'm glad you like your BB's security. I'm sure you sleep good at night knowing your Aunt Flo's and cousin Jimmie's phone numbers are safe.

[buwee]

Oh I see..so any Joe Blow could just take my phone and crack it. Gotcha. Does this include you? Thought not. I'm glad you like your BB's security. I'm sure you sleep good at night knowing your Aunt Flo's and cousin Jimmie's phone numbers are safe.

As a matter a fact I can do it easily which is probably further than you can go with my BB. LOL

With the regular security breaches on Android crap I do sleep better knowing that my Aunt Flo & cousin Jimmie's info are safer on my phone than on your phone thank you very much

[qbnkelt]

It is ludicrous to compare Android and BB in terms of security. There are monthly news reports of security breaches in Android, which is the reason that they can't come near certification for government use. That says it all.
On the news of this software, did everyone miss the repeated use of the word "investigators" when describing users?
Go ahead and purchase this software as a regular joe blow and tell me about vulnerabilities in my device. Until then I will continue to feel very comfortable knowing that all my information, including my aunts' and cousins' information is safe. As well as all my transactions, my activities, my email, etc.
My laptop at home is secure, thank you.

[Rickroller]

As a matter a fact I can do it easily which is probably further than you can go with my BB. LOL

With the regular security breaches on Android crap I do sleep better knowing that my Aunt Flo & cousin Jimmie's info are safer on my phone than on your phone thank you very much

Orly? Well please do enlighten us all with your hacking prowess and detail for me your steps...

And lol @ "security breaches"..I never knew malware could be so dangerous !