Jump to content

ElcomSoft

From Wikipedia, the free encyclopedia
ElcomSoft Co.Ltd.
Company typePrivate
IndustrySoftware
GenrePassword Cracking, Operating System Audit
Founded1990
HeadquartersMoscow, Russia

ElcomSoft is a privately owned software company headquartered in Moscow, Russia. Since its establishment in 1990, the company has been working on computer security programs, with the main focus on password and system recovery software.

DMCA case

[edit]

On July 16, 2001, Dmitry Sklyarov, a Russian citizen employed by ElcomSoft who was at the time visiting the United States for DEF CON, was arrested and charged for violating the United States DMCA law by writing ElcomSoft's Advanced eBook Processor software. He was later released on bail and allowed to return to Russia, and the charges against him were dropped. The charges against ElcomSoft were not, and a court case ensued, attracting much public attention and protest. On December 17, 2002, ElcomSoft was found not guilty of all four charges under the DMCA.[1]

Thunder Tables

[edit]

Thunder Tables is the company's own technology developed to ensure guaranteed recovery of Microsoft Word and Microsoft Excel documents protected with 40-bit encryption. The technology first appeared in 2007 and employs the time–memory tradeoff method to build pre-computed hash tables, which open the corresponding files in a matter of seconds instead of days. These tables take around four gigabytes. So far, the technology is used in two password recovery programs: Advanced Office Password Breaker and Advanced PDF Password Recovery.[2]

Cracking Wi-Fi passwords with GPUs

[edit]

In 2009 ElcomSoft released a tool that takes WPA/WPA2 Hash Codes and uses brute-force methods to guess the password associated with a wireless network.[3]

The advantages of using such methods over the traditional ones, such as rainbow tables,[4] are numerous.[how?]

Vulnerability in Canon authentication software

[edit]

On November 30, 2010, Elcomsoft announced that the encryption system used by Canon cameras to ensure that pictures and Exif metadata have not been altered was flawed and cannot be fixed. On that same day, Dmitry Sklyarov gave a presentation at the Confidence 2.0 conference in Prague demonstrating the flaws.[5] Among others, he showed an image of an astronaut planting a flag of the Soviet Union on the moon; all the images pass Canon's authenticity verification.[6][7]

Nude celebrity photo leak

[edit]

In 2014 an attacker used the Elcomsoft Phone Password Breaker to determine celebrity Jennifer Lawrence's password and obtain nude photos.[8] Wired said about Apple's cloud services, "...cloud services might be about as secure as leaving your front door key under the mat."[9]

References

[edit]
  1. ^ Stephanie Ardito (November 2001). "The Case of Dmitry Sklyarov—This is the first criminal lawsuit under the Digital Millennium Copyright Act". Information Today. 18 (10). Retrieved March 18, 2021.
  2. ^ Yury Ushakov. "Password Recovery, License to crack" (PDF). International Council for Scientific and Technical Information (ICSTI). Retrieved March 17, 2021.
  3. ^ "HotHardware Forums".
  4. ^ "Archived copy". Archived from the original on 2012-03-26. Retrieved 2012-03-20.{{cite web}}: CS1 maint: archived copy as title (link)
  5. ^ "Dmitry Sklyarov". Archived from the original on 2018-10-25. Retrieved 2023-08-08.
  6. ^ Kirk, Jeremy (1 December 2010). "Analyst finds flaws in Canon image verification system". PC World from IDG. IDG Communications. Archived from the original on 27 September 2019. Retrieved 27 September 2019.
  7. ^ Doctorow, Cory (30 Nov 2010). "Dmitry Sklyarov and co. crack Canon's "image verification" anti-photoshopping tool". Boing Boing. Retrieved 27 September 2019.
  8. ^ Dylan Love (September 3, 2014). "The Nude Celebrity Photo Leak Was Made Possible By Law Enforcement Software That Anyone Can Get". International Business Times. IBT Media. Retrieved March 17, 2021.
  9. ^ Marcus Wohlsen (November 2, 2014). "The Celebrity Photo Hacks Couldn't Have Come at a Worse Time for Apple--The message to the world is that if it's that easy to hack Jennifer Lawrence's iCloud account, it's probably that easy to hack mine, too". Retrieved March 17, 2021.